From 05c700d38b6c8a9a2e2aa332eb63bfeddf32e143 Mon Sep 17 00:00:00 2001
From: Matthew Wall <matthewwall@users.noreply.github.com>
Date: Sun, 3 Dec 2023 16:35:56 -0500
Subject: [PATCH] adjust permissions on weewx-owned directories

---
 pkg/debian/postinst       |  2 +-
 pkg/debian/rules          |  5 +++--
 pkg/etc/logrotate.d/weewx |  1 +
 pkg/rpmlint.el            |  3 +++
 pkg/weewx.spec.in         | 19 ++++++++++++-------
 5 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/pkg/debian/postinst b/pkg/debian/postinst
index 3bcf4dc3..d8966515 100755
--- a/pkg/debian/postinst
+++ b/pkg/debian/postinst
@@ -251,7 +251,7 @@ set_permissions() {
     if getent passwd | grep -q "^$WEEWX_USER:"; then
         chmod 2775 /etc/weewx
         chmod 2775 /var/lib/weewx
-        chmod 2755 /var/log/weewx
+        chmod 0755 /var/log/weewx
         chmod 2775 /var/www/html/weewx
         chown -R $WEEWX_USER:$WEEWX_GROUP /etc/weewx
         chown -R $WEEWX_USER:$WEEWX_GROUP /var/lib/weewx
diff --git a/pkg/debian/rules b/pkg/debian/rules
index 74cb9cd3..c3a60ddf 100755
--- a/pkg/debian/rules
+++ b/pkg/debian/rules
@@ -41,6 +41,7 @@ install:
 	mkdir -p $(DST)/usr/bin
 	mkdir -p $(DST)/etc/default
 	mkdir -p $(DST)/etc/logrotate.d
+	mkdir -p $(DST)/etc/rsyslog.d
 	mkdir -p $(DST)/lib/systemd/system
 	mkdir -p $(DST)/lib/udev/rules.d
 	mkdir -p $(DST)/var/lib/weewx
@@ -64,7 +65,6 @@ install:
 	cp -r $(SRC)/src/weewx_data/skins $(DST_CFGDIR)
 	cp -r $(SRC)/src/weewx_data/util/import $(DST_CFGDIR)
 	cp -r $(SRC)/src/weewx_data/util/logwatch $(DST_CFGDIR)
-	cp -r $(SRC)/pkg/etc/rsyslog.d $(DST_CFGDIR)
 
 # create the default configuration
 	cat $(SRC)/src/weewx_data/weewx.conf | sed \
@@ -92,8 +92,9 @@ done
  -e 's%WEEWX_PYTHON=.*%WEEWX_PYTHON=$(PYTHON)%' \
  > $(DST)/etc/default/weewx
 
-# install logrotate configuration
+# log handling
 	cp $(SRC)/pkg/etc/logrotate.d/weewx $(DST)/etc/logrotate.d
+	cp $(SRC)/pkg/etc/rsyslog.d/weewx.conf $(DST)/etc/rsyslog.d
 
 # put the udev rules in place
 	cp $(SRC)/pkg/etc/udev/rules.d/weewx.rules $(DST)/lib/udev/rules.d
diff --git a/pkg/etc/logrotate.d/weewx b/pkg/etc/logrotate.d/weewx
index c4393a7b..8fac2ba3 100644
--- a/pkg/etc/logrotate.d/weewx
+++ b/pkg/etc/logrotate.d/weewx
@@ -6,4 +6,5 @@
   delaycompress
   copytruncate
   notifempty
+  create 644 root weewx
 }
diff --git a/pkg/rpmlint.el b/pkg/rpmlint.el
index dcc81ee0..f8258d5b 100644
--- a/pkg/rpmlint.el
+++ b/pkg/rpmlint.el
@@ -3,6 +3,9 @@ addFilter("no-manual-page-for-binary weectl")
 addFilter("no-manual-page-for-binary weewxd")
 addFilter("non-standard-gid")
 addFilter("non-standard-uid")
+addFilter("non-standard-dir-perm /etc/weewx.* 2775")
+addFilter("non-standard-dir-perm /var/lib/weewx 2775")
+addFilter("non-standard-dir-perm /var/www/html/weewx 2775")
 addFilter("dangerous-command-in-%pre cp")
 addFilter("dangerous-command-in-%post mv")
 addFilter("percent-in-%post")
diff --git a/pkg/weewx.spec.in b/pkg/weewx.spec.in
index a34e8311..64f73ba6 100644
--- a/pkg/weewx.spec.in
+++ b/pkg/weewx.spec.in
@@ -104,6 +104,7 @@ mkdir -p %{buildroot}%{dst_user_dir}
 mkdir -p %{buildroot}%{dst_doc_dir}
 mkdir -p %{buildroot}/etc/default
 mkdir -p %{buildroot}/etc/logrotate.d
+mkdir -p %{buildroot}/etc/rsyslog.d
 mkdir -p %{buildroot}/lib/systemd/system
 mkdir -p %{buildroot}/lib/udev/rules.d
 mkdir -p %{buildroot}/var/lib/weewx
@@ -126,7 +127,6 @@ cp -r src/weewx_data/examples %{buildroot}%{dst_cfg_dir}
 cp -r src/weewx_data/skins %{buildroot}%{dst_cfg_dir}
 cp -r src/weewx_data/util/import %{buildroot}%{dst_cfg_dir}
 cp -r src/weewx_data/util/logwatch %{buildroot}%{dst_cfg_dir}
-cp -r pkg/etc/rsyslog.d %{buildroot}%{dst_cfg_dir}
 
 # create the weewx configuration
 cat src/weewx_data/weewx.conf | sed \
@@ -153,8 +153,9 @@ cat pkg/etc/default/weewx | sed \
  -e 's%WEEWX_PYTHON=.*%WEEWX_PYTHON=%{python}%' \
  > %{buildroot}/etc/default/weewx
 
-# logrotate script
+# log handling
 cp pkg/etc/logrotate.d/weewx %{buildroot}/etc/logrotate.d
+cp pkg/etc/rsyslog.d/weewx.conf %{buildroot}/etc/rsyslog.d
 
 # udev rules for known devices
 cp pkg/etc/udev/rules.d/weewx.rules %{buildroot}/lib/udev/rules.d
@@ -173,6 +174,9 @@ fi
 /usr/bin/getent passwd %{weewx_user} || /usr/sbin/useradd -r -g %{weewx_group} -M -s /sbin/nologin %{weewx_user}
 
 %post
+# restart syslog so that it picks up the weewx logging directives
+# FIXME: what if rsyslog not installed?
+systemctl restart rsyslog
 # pre-compile the python code
 echo Precompile using %{python} in %{dst_code_dir}
 %{python} -m compileall %{dst_code_dir} > /dev/null
@@ -233,12 +237,13 @@ rm -rf %{buildroot}
 /lib/systemd/system/weewx@.service
 /lib/udev/rules.d/weewx.rules
 %{dst_code_dir}/
-%license %{dst_doc_dir}/license
 %doc %{dst_doc_dir}/
 %config(noreplace) %{_sysconfdir}/default/weewx
 %config(noreplace) %{_sysconfdir}/logrotate.d/weewx
-%config(noreplace) %attr(-,%{weewx_user},%{weewx_group}) %{dst_cfg_dir}/
-%ghost %attr(-,%{weewx_user},%{weewx_group}) /var/log/weewx
-%ghost %attr(-,%{weewx_user},%{weewx_group}) /var/lib/weewx
-%ghost %attr(-,%{weewx_user},%{weewx_group}) /var/www/html/weewx
+%config(noreplace) %{_sysconfdir}/rsyslog.d/weewx.conf
+%defattr(664,%{weewx_user},%{weewx_group},2775)
+%config(noreplace) %{dst_cfg_dir}/
+%dir %attr(0755,%{weewx_user},%{weewx_group}) /var/log/weewx
+%dir %attr(2775,%{weewx_user},%{weewx_group}) /var/lib/weewx
+%dir %attr(2775,%{weewx_user},%{weewx_group}) /var/www/html/weewx
 %changelog