Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[FIXED JENKINS-4047] don't mess with file permissions
ahochsteger asks 'why do we mess with file permissions anyway?' and he's
right! I digged the history but couldn't find why we do it.

I think we should just set the permissions of the top-level directories,
but leave the other file permissions as-is.

In addition,

- I see no point in touching usr/bin usr/sbin.
  perhaps C&P mistake from some samples?

- Don't touch /var/lib/hudson if .for-jenkins is present,
  so that people using the hudson user can keep upgrading new
  versions of jenkins and run it as hudson

- /var/run/hudson contains no important information,
  so no need to bring it over to /var/run/jenkins

Originally-From: jenkins-ci.org/commit/core/22187541978e62e16140cf26f3bfc400941cbee1
  • Loading branch information
kohsuke committed Feb 4, 2011
1 parent ba9ed63 commit 214311c
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 20 deletions.
3 changes: 0 additions & 3 deletions debian/dirs
@@ -1,6 +1,3 @@
usr/bin
usr/sbin

# moved from rules install
usr/share/jenkins

Expand Down
25 changes: 8 additions & 17 deletions debian/jenkins.postinst
Expand Up @@ -31,7 +31,7 @@ case "$1" in
fi

# If we have an old hudson install, rename it to jenkins
if test -d /var/lib/hudson; then
if test -d /var/lib/hudson -a \! \( -e /var/lib/hudson/.for-jenkins \) ; then
# leave a marker to indicate this came from Hudson.
# could be useful down the road
# This also ensures that the .??* wildcard matches something
Expand All @@ -40,23 +40,14 @@ case "$1" in
rmdir /var/lib/hudson
find /var/lib/jenkins -user hudson -exec chown jenkins {} + || true
fi
if test -d /var/run/hudson; then
mv -f /var/run/hudson/* /var/run/jenkins
rmdir /var/run/hudson
fi

# Fix permissions on runtime directories/files.
# change group/owner to jenkins:adm - exclude jobs directory. See HUDSON-4047
# even if it fails on some files, don't let that interfere with the upgrade process
# (that can happen on dangling symlinks, for example.)
find /var/lib/jenkins -path "*jobs" -prune -o -type l -prune -o -exec chown jenkins:adm {} + || true
chown -R jenkins:adm /var/run/jenkins /var/log/jenkins
# change mode to 750 - exclude jobs and .ssh directories. See HUDSON-4047
# we prune symlinks instead of -P to avoid chmod/chown getting symlinks as arguments
# (which ends up changing the target of the symlink, even though it's not recursive)
find /var/lib/jenkins -path "*jobs" -prune -o -path "*.ssh" -prune -o -type l -prune -o -exec chmod 750 {} + || true
chmod -R 750 /var/run/jenkins
chmod 750 /var/log/jenkins
# directories needed for jenkins
chown jenkins:admin /var/lib/jenkins /var/log/jenkins
chmod 750 /var/lib/jenkins /var/log/jenkins

# make sure jenkins can delete everything in /var/run/jenkins to re-explode war
chown -R jenkins:admin /var/run/jenkins
chmod -R 750 /var/run/jenkins
;;

abort-upgrade|abort-remove|abort-deconfigure)
Expand Down

0 comments on commit 214311c

Please sign in to comment.