From d03328f5a691130af6d00a90401854ec1dbca134 Mon Sep 17 00:00:00 2001
From: Dragan Dosen <bane@nekkar.carnet.hr>
Date: Thu, 3 Apr 2008 22:58:53 +0200
Subject: [PATCH] File access permissions for Apache2 configuration files
 (chmod 644).

---
 debian/config   |   11 ++++++++---
 debian/postinst |   17 +++++++++++++----
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/debian/config b/debian/config
index 24d86fc..e8c2d71 100755
--- a/debian/config
+++ b/debian/config
@@ -5,13 +5,14 @@ set -e
 # Load debconf
 . /usr/share/debconf/confmodule
 
-CONFOLD="/etc/apache/httpd.conf"
 CONFDIR="/etc/apache2"
 CONF="$CONFDIR/apache2.conf"
 HOST=$(hostname)
 DOMAIN=$(hostname -d)
 
+
 # Check for existing SSL VirtualHosts.
+#
 has_listen_ssl=0
 
 if [ -d "$CONFDIR/conf.d" ] && [ -n "$(ls $CONFDIR/conf.d)" ]; then
@@ -30,6 +31,9 @@ for file in $CONF $listen_ssl_mask; do
     fi
 done
 
+
+# SSL certificates.
+#
 if [ $has_listen_ssl -eq 1 ]; then
 
 	# SSL configuration already exists - no need for SSL certificates.    
@@ -39,8 +43,7 @@ if [ $has_listen_ssl -eq 1 ]; then
 
 else
     
-	# SSL certificates?
-	#
+	# SSL certificates information..
 	SSLCF=1
 	while [ $SSLCF -eq 1 ]; do
 
@@ -109,7 +112,9 @@ else
 	done
 fi
 
+
 # Use WWW VirtualHost?
+#
 db_subst apache2-cn/wwwhost stroj_domena "${HOST}.${DOMAIN}"
 db_subst apache2-cn/wwwhost www_domena "www.${DOMAIN}"
 db_input critical apache2-cn/wwwhost || true
diff --git a/debian/postinst b/debian/postinst
index e9923d7..086cc75 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -137,6 +137,9 @@ conf_log_fix () {
 		    $conf_file > $out
 		mv $out $conf_file
 	    fi
+	    
+	    # Be sure..
+	    chmod 644 $conf_file
 	fi
 }
 
@@ -156,15 +159,20 @@ generate_ssl () {
 #   Check if port 443 is configured in ports.conf file.
 #
 listen_ssl() {
-	
-	if ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
+
+	if [ ! -f "$PORTCONF" ] || ! egrep -iq "^[[:space:]]*Listen[[:space:]]*.*443$" "$PORTCONF"; then
 	
 		cp_echo "CN: Enabling SSL port (443) for Apache2 web server."
 
 		out=$(mktemp ${PORTCONF}.XXXXXX)
-		cp $PORTCONF $out
+		
+		if [ -f "$PORTCONF" ]; then
+			cp $PORTCONF $out
+		fi
+		
 		echo "Listen 443" >> $out
 		cp_mv $out $PORTCONF
+		chmod 644 $PORTCONF
 		
 		need_restart=1
 		temp_files="${temp_files} ${out}"
@@ -311,13 +319,14 @@ trap cleanup 0 1 2 15
 
 
 # Make sure that monit conf for Apache is disabled.
+#
 if [ -f "/etc/monit.d/apache1.conf" ]; then
 	mv /etc/monit.d/apache1.conf /etc/monit.d/apache1.conf.disabled
 	pkill -9 -f /usr/sbin/monit || true
 fi
 
 
-# First of all - stop Apache web server, make sure Apache is NOT running.
+# Make sure Apache is NOT running.
 #
 if [ -x /usr/sbin/invoke-rc.d ]; then
 	[ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
-- 
1.7.10.4