From 1279237fdf5af9d65499785951d283f5fdba01d4 Mon Sep 17 00:00:00 2001 From: Saba Touheed Mujawar Date: Wed, 8 Mar 2023 06:22:51 -0500 Subject: [PATCH] Change file permissions in k8s 1.24.4 and k8s 1.25.3 Currently the permissions of binary files owned by root is 754(rwxr-xr--) . The "sysadmin" user is a member of the "root" group, and has permission to run kubectl. Change permissions to below : kubectl - 755 kubelet - 750 kube-apiserver - 750 kube-controller-manager - 750 kube-scheduler - 750 kube-proxy - 750 Test Plan: PASS: Install iso on AIO-SX, run kubectl commands as root, sysadmin and as another user Closes-Bug: 2009159 Signed-off-by: Saba Touheed Mujawar Change-Id: Id62c85d772d14f4dbc4b1c9339365936e19c3bd7 --- kubernetes/kubernetes-1.24.4/debian/deb_folder/rules | 12 ++++++------ kubernetes/kubernetes-1.25.3/debian/deb_folder/rules | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/kubernetes/kubernetes-1.24.4/debian/deb_folder/rules b/kubernetes/kubernetes-1.24.4/debian/deb_folder/rules index 6711e348b..e4370f50d 100755 --- a/kubernetes/kubernetes-1.24.4/debian/deb_folder/rules +++ b/kubernetes/kubernetes-1.24.4/debian/deb_folder/rules @@ -67,18 +67,18 @@ override_dh_install: install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh - install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet - install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl + install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet + install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl # bash completions install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy # specific cluster addons for optional use install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons diff --git a/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules b/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules index 76bbebf05..fff77fc32 100755 --- a/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules +++ b/kubernetes/kubernetes-1.25.3/debian/deb_folder/rules @@ -67,18 +67,18 @@ override_dh_install: install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh - install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet - install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl + install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet + install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl # bash completions install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler - install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler + install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy # specific cluster addons for optional use install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons