RPM/Deb: Restrict Mnesia directory permissions to owner and group

Non group members are not allowed to access Mnesia & msg_store data.
author: Jean-Sebastien Pedron <jean-sebastien@rabbitmq.com> 2015-02-03 15:14:33 +0100
committer: Jean-Sebastien Pedron <jean-sebastien@rabbitmq.com> 2015-02-03 15:14:33 +0100
commit: ad004f9bb669ce139bb435b09b3c4ec87d8fbaf1 (patch)
tree: de8d835ae24dbc1534b067f9b90e86588e70555e
parent: 7f0d01b10903697fbdf9a193105c39f5df88ee8d (diff)
download: rabbitmq-server-git-ad004f9bb669ce139bb435b09b3c4ec87d8fbaf1.tar.gz
2 files changed, 2 insertions, 0 deletions
diff --git a/packaging/RPMS/Fedora/rabbitmq-server.spec b/packaging/RPMS/Fedora/rabbitmq-server.spec
index 60a8191443..bddd8feadc 100644
--- a/packaging/RPMS/Fedora/rabbitmq-server.spec
+++ b/packaging/RPMS/Fedora/rabbitmq-server.spec
@@ -118,6 +118,7 @@ done
 %files -f ../%{name}.files
 %defattr(-,root,root,-)
 %attr(0755, rabbitmq, rabbitmq) %dir %{_localstatedir}/lib/rabbitmq
+%attr(0750, rabbitmq, rabbitmq) %dir %{_localstatedir}/lib/rabbitmq/mnesia
 %attr(0755, rabbitmq, rabbitmq) %dir %{_localstatedir}/log/rabbitmq
 %dir %{_sysconfdir}/rabbitmq
 %{_initrddir}/rabbitmq-server
diff --git a/packaging/debs/Debian/debian/postinst b/packaging/debs/Debian/debian/postinst
index b11340ef8a..7238ba471f 100644
--- a/packaging/debs/Debian/debian/postinst
+++ b/packaging/debs/Debian/debian/postinst
@@ -32,6 +32,7 @@ fi
 
 chown -R rabbitmq:rabbitmq /var/lib/rabbitmq
 chown -R rabbitmq:rabbitmq /var/log/rabbitmq
+chmod 750 /var/lib/rabbitmq/mnesia
 
 case "$1" in
     configure)
author	Jean-Sebastien Pedron <jean-sebastien@rabbitmq.com>	2015-02-03 15:14:33 +0100
committer	Jean-Sebastien Pedron <jean-sebastien@rabbitmq.com>	2015-02-03 15:14:33 +0100
commit	ad004f9bb669ce139bb435b09b3c4ec87d8fbaf1 (patch)
tree	de8d835ae24dbc1534b067f9b90e86588e70555e
parent	7f0d01b10903697fbdf9a193105c39f5df88ee8d (diff)
download	rabbitmq-server-git-ad004f9bb669ce139bb435b09b3c4ec87d8fbaf1.tar.gz