Change file permissions in k8s 1.24.4 and k8s 1.25.3
Currently the permissions of binary files owned by root is 754(rwxr-xr--) . The "sysadmin" user is a member of the "root" group, and has permission to run kubectl. Change permissions to below : kubectl - 755 kubelet - 750 kube-apiserver - 750 kube-controller-manager - 750 kube-scheduler - 750 kube-proxy - 750 Test Plan: PASS: Install iso on AIO-SX, run kubectl commands as root, sysadmin and as another user Closes-Bug: 2009159 Signed-off-by: Saba Touheed Mujawar <sabatouheed.mujawar@windriver.com> Change-Id: Id62c85d772d14f4dbc4b1c9339365936e19c3bd7
This commit is contained in:
parent
6c07e99fdc
commit
1279237fdf
@ -67,18 +67,18 @@ override_dh_install:
|
|||||||
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
|
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
|
||||||
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
|
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
|
||||||
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
|
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
|
install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
|
||||||
# bash completions
|
# bash completions
|
||||||
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
|
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
|
||||||
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
|
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
|
||||||
|
|
||||||
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
|
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
|
||||||
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
|
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
|
||||||
|
|
||||||
# specific cluster addons for optional use
|
# specific cluster addons for optional use
|
||||||
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons
|
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons
|
||||||
|
@ -67,18 +67,18 @@ override_dh_install:
|
|||||||
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
|
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
|
||||||
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
|
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
|
||||||
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
|
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
|
install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
|
||||||
# bash completions
|
# bash completions
|
||||||
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
|
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
|
||||||
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
|
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
|
||||||
|
|
||||||
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
|
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
|
||||||
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
|
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
|
||||||
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
|
install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
|
||||||
|
|
||||||
# specific cluster addons for optional use
|
# specific cluster addons for optional use
|
||||||
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons
|
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons
|
||||||
|
Loading…
Reference in New Issue
Block a user