Change file permissions in k8s 1.24.4 and k8s 1.25.3

Currently the permissions of binary files owned by root is
754(rwxr-xr--) . The "sysadmin" user is a member of the "root"
group, and has permission to run kubectl.

Change permissions to below :
kubectl                  - 755
kubelet                  - 750
kube-apiserver           - 750
kube-controller-manager  - 750
kube-scheduler           - 750
kube-proxy               - 750

Test Plan:
PASS: Install iso on AIO-SX, run kubectl commands as root,
      sysadmin and as another user

Closes-Bug: 2009159

Signed-off-by: Saba Touheed Mujawar <sabatouheed.mujawar@windriver.com>
Change-Id: Id62c85d772d14f4dbc4b1c9339365936e19c3bd7
This commit is contained in:
Saba Touheed Mujawar 2023-03-08 06:22:51 -05:00
parent 6c07e99fdc
commit 1279237fdf
2 changed files with 12 additions and 12 deletions

View File

@ -67,18 +67,18 @@ override_dh_install:
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
# bash completions # bash completions
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
# specific cluster addons for optional use # specific cluster addons for optional use
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons

View File

@ -67,18 +67,18 @@ override_dh_install:
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d
install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf install -p -m 0644 -t ${DEBIAN_DESTDIR}${_stage2}/etc/systemd/system/kubelet.service.d debian/kubeadm.conf
install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh install -p -m 0700 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} debian/kubelet-cgroup-setup.sh
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet install -p -m 750 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubelet
install -p -m 754 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl install -p -m 755 -t ${DEBIAN_DESTDIR}${_stage2}${_bindir} ${output_bindir}/kubectl
# bash completions # bash completions
install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/ install -d -m 0755 ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/
${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl ${DEBIAN_DESTDIR}${_stage2}${_bindir}/kubectl completion bash > ${DEBIAN_DESTDIR}${_stage2}/usr/share/bash-completion/completions/kubectl
# remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc # remaining are not kube_version staged, i.e., kubernetes-master, kubernetes-misc
install -m 755 -d ${DEBIAN_DESTDIR}${_bindir} install -m 755 -d ${DEBIAN_DESTDIR}${_bindir}
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-apiserver
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-controller-manager
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-scheduler
install -p -m 754 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy install -p -m 750 -t ${DEBIAN_DESTDIR}${_bindir} ${output_bindir}/kube-proxy
# specific cluster addons for optional use # specific cluster addons for optional use
install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons install -d -m 0755 ${DEBIAN_DESTDIR}/etc/${name}/addons