improvement/#18458/Fix executable permission on multiple cookbook #23
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rgomezborder
deleted the
improvement/18458_Remove_x_permissions_on_cookbook_templates
branch
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issue in RedMine
Fix incorrect file permissions in packaged cookbook
[https://redmine.redborder.lan/issues/18458]
Description / Motivation
The cookbook RPM installs with incorrect file permissions: all files inside /var/chef/cookbooks/druid are marked as executable (0755), including .rb, .erb and other files that do not require execution permissions.
This PR fixes the packaging spec to prevent unnecessary +x on non-executable files.
Detail
The issue stems from the use of %defattr(0755,root,root) under the %files section in the RPM spec file. This directive recursively applies 0755 permissions to all files listed, causing .rb, .erb, and other files to be installed with executable permission.
To fix this,
%defattr(0755,root,root) /var/chef/cookbooks/"name"has been changed to:
%defattr(0644,root,root) %attr(0755,root,root) /var/chef/cookbooks/"name"This ensures that:
All files receive default 0644 permissions (readable, writable by root, not executable).
The cookbook directory /var/chef/cookbooks/"name" is still executable so Chef can access its contents properly.
This avoids granting execution rights to source files unnecessarily.
Additional information
This issue does not affect Chef’s ability to run recipes, since execution of the files is handled by the Chef interpreter, not directly by the shell.