mirror of https://github.com/sipwise/ngcpcfg.git
Permissions should be set based on the "base file", since derived files .customtt.tt2 or .customtt.tt2.web01a often have been created or copied without the right permissions, whereas the base file usually has the right permissions (at least if unmodified since shipped from the .deb file, which if it happens it's usually a mistake). This has been detected as an actual problem in several customers upgrades when generating files like 'monitrc' with the wrong permissions, and then 'monit' refusing to start, causing significant headaches and waste of time. Even if this is not always the cause, the problem comes often from having .customtt files with different permissions (created new or copied from other hosts or personal laptops from Ops/Support). In the past there were .postbuild files to control the final ownership and/or permissions of the file generated, so this problem was avoided, but at some point most of them were deleted in commit f65ae16579a62768dde0936d61e38af50550de6f (the solution favoured was to control this at the repo/.deb and file level). The corner cases will be dealt with with other extra measures, like re-establishing those .postbuild files for the known and more dangerous cases. But as a starting point, the permissions to be used for the final file should be based on those of the "base file", and not these .customtt files, for the reasons mentioned above. Change-Id: I793cc68e8b962371c7b1d5192564da4b4d45bb8cmr9.4
Manuel Montecelo
5 years ago
parent
fbbe998e98
commit
02673fd15a
Loading…
Reference in new issue