Hide Forgot
This bug has been copied from bug #669963 and has been proposed to be backported to 5.6 z-stream (EUS).
Backported fix to handle upgrades.
Verified successfully. Env: RHEL 5.6 - x86_64 mod_nss-1.0.8-4.el5 (picked the build from -brew-) Verification procedure (as noted by Rob in Errata) 1/ Install mod_nss 1.0.3 2/ Confirm that only root can read /etc/httpd/alias/*.db 3/ Upgrade mod_nss 4/ Confirm that the db files in /etc/httpd/alias/*.db are mode 0640 Result: Database file in /etc/httpd/alias/ are mode 0640 ============================================================================== [root@tornado mod-nss-test-mar152011]# ls mod_nss-1.0.3-8.el5.x86_64.rpm mod_nss-1.0.8-4.el5.x86_64.rpm ============================================================================== [root@tornado mod-nss-test-mar152011]# rpm -ivh mod_nss-1.0.3-8.el5.x86_64.rpm Preparing... ########################################### [100%] 1:mod_nss ########################################### [100%] mod_nss certificate database generated. ============================================================================== [root@tornado mod-nss-test-mar152011]# ll /etc/httpd/alias/ total 128 -rw------- 1 root root 65536 Mar 15 19:18 cert8.db -rw------- 1 root root 4395 Mar 15 19:18 install.log -rw------- 1 root root 16384 Mar 15 19:18 key3.db lrwxrwxrwx 1 root root 32 Mar 15 19:18 libnssckbi.so -> ../../../usr/lib64/libnssckbi.so -rw------- 1 root root 16384 Mar 15 19:18 secmod.db ============================================================================== [root@tornado mod-nss-test-mar152011]# ls mod_nss-1.0.3-8.el5.x86_64.rpm mod_nss-1.0.8-4.el5.x86_64.rpm ============================================================================== [root@tornado mod-nss-test-mar152011]# rpm -Uvh mod_nss-1.0.8-4.el5.x86_64.rpm Preparing... ########################################### [100%] 1:mod_nss ########################################### [100%] ============================================================================== [root@tornado mod-nss-test-mar152011]# ll /etc/httpd/alias/ total 128 -rw-r----- 1 root apache 65536 Mar 15 19:18 cert8.db -rw------- 1 root root 4395 Mar 15 19:18 install.log -rw-r----- 1 root apache 16384 Mar 15 19:18 key3.db lrwxrwxrwx 1 root root 33 Mar 15 19:19 libnssckbi.so -> ../../..//usr/lib64/libnssckbi.so -rw-r----- 1 root apache 16384 Mar 15 19:18 secmod.db ============================================================================== [root@tornado mod-nss-test-mar152011]# ==============================================================================
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0411.html