From c09e599d52404e6ff58b15f2c6b4b0cb4ac65486 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 13 Feb 2017 18:38:12 +0100
Subject: scripts: make the .restored file readable by group adm

This is important so that the admin user can accurately run "config changes".
The change only affects restore-etc and save-etc. The numeric uid/gid are
used so that we don't depend on /etc at this sensitive moment.
---
 scripts/restore-etc | 2 +-
 scripts/save-etc    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/restore-etc b/scripts/restore-etc
index a1c273a..f6db32f 100755
--- a/scripts/restore-etc
+++ b/scripts/restore-etc
@@ -153,7 +153,7 @@ reinstall_factory_etc() {
 # rebuild the signature file after /etc has been restored
 update_signature_file() {
   ( rm -f "$ROOTDIR"/etc/blkid.tab{,.old}; \
-    rm -f "$ROOTDIR$FILE" ; touch "$ROOTDIR$FILE" ; chmod 600 "$ROOTDIR$FILE"; \
+    rm -f "$ROOTDIR$FILE" ; touch "$ROOTDIR$FILE" ; chown 0:4 "$ROOTDIR$FILE" ; chmod 640 "$ROOTDIR$FILE"; \
     flx sign --ignore-dot "$ROOTDIR/etc"=etc | grep -vwF "${FILE#/}" >"$ROOTDIR$FILE" ) >/dev/null 2>&1
 }
 
diff --git a/scripts/save-etc b/scripts/save-etc
index 7b6600a..ff445f2 100755
--- a/scripts/save-etc
+++ b/scripts/save-etc
@@ -339,6 +339,6 @@ fi
 umount_flash
 sync
 
-( rm -f $FILE ; touch $FILE ; chmod 600 $FILE ) >/dev/null 2>&1
+( rm -f $FILE ; touch $FILE ; chown 0:4 $FILE; chmod 640 $FILE ) >/dev/null 2>&1
 ( flx sign --ignore-dot /etc | grep -vwF "${FILE#/}" >$FILE ) 2>/dev/null
 exit 0
-- 
1.7.12.1