Skip to content

Commit

Permalink
Merge pull request #828 from rstudio/sec-1144-incorrect-home-permissions
Browse files Browse the repository at this point in the history
Change Workbench home umask permissions from 0022 to 0027
  • Loading branch information
kfeinauer authored Aug 29, 2024
2 parents bc1a7d3 + 460d015 commit 67488fa
Show file tree
Hide file tree
Showing 6 changed files with 6 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ ADD --chmod=755 https://raw.githubusercontent.com/rstudio/wait-for-it/master/wai
RUN mkdir -p /var/lib/rstudio-server/monitor/log \
&& chown -R rstudio-server:rstudio-server /var/lib/rstudio-server/monitor \
&& mkdir -p /startup/custom/ \
&& printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0022' >> /etc/pam.d/common-session
&& printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0027' >> /etc/pam.d/common-session

COPY --chmod=755 TurboActivate.dat /opt/rstudio-license/license-manager.conf
COPY --chmod=755 license-manager-shim /opt/rstudio-license/license-manager
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ password sufficient pam_sss.so use_authtok
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so

session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_mkhomedir.so skel=/etc/skel umask=0027
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
session required pam_limits.so
Expand Down
2 changes: 1 addition & 1 deletion workbench-for-google-cloud-workstations/test/goss.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ file:
/etc/pam.d/common-session:
exists: true
contents:
- "/^session required pam_mkhomedir.so skel=/etc/skel umask=0022$/"
- "/^session required pam_mkhomedir.so skel=/etc/skel umask=0027$/"
/etc/sssd/sssd.conf:
exists: true
owner: root
Expand Down
2 changes: 1 addition & 1 deletion workbench/Dockerfile.ubuntu2204
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ COPY conf/* /etc/rstudio/
RUN mkdir -p /var/lib/rstudio-server/monitor/log && \
chown -R rstudio-server:rstudio-server /var/lib/rstudio-server/monitor && \
mkdir -p /startup/custom/ && \
printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0022' >> /etc/pam.d/common-session
printf '\n# allow home directory creation\nsession required pam_mkhomedir.so skel=/etc/skel umask=0027' >> /etc/pam.d/common-session

EXPOSE 8787/tcp
EXPOSE 5559/tcp
Expand Down
2 changes: 1 addition & 1 deletion workbench/pam/rstudio-session
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ password sufficient pam_sss.so use_authtok
password required pam_unix.so try_first_pass nullok sha512 shadow
password optional pam_permit.so

session required pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_mkhomedir.so skel=/etc/skel umask=0027
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
session required pam_limits.so
Expand Down
2 changes: 1 addition & 1 deletion workbench/test/goss.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ file:
/etc/pam.d/common-session:
exists: true
contains:
- "/^session required pam_mkhomedir.so skel=/etc/skel umask=0022$/"
- "/^session required pam_mkhomedir.so skel=/etc/skel umask=0027$/"
/etc/sssd/sssd.conf:
exists: true
owner: root
Expand Down

0 comments on commit 67488fa

Please sign in to comment.