[lmi-commits] [lmi] master 215347b 1/3: Set chroot's set-group-id bit

[Greg Chicares]

branch: master
commit 215347b3b31bd4dc70be310e232e440c56d92b29
Author: Gregory W. Chicares <address@hidden>
Commit: Gregory W. Chicares <address@hidden>

    Set chroot's set-group-id bit
---
 install_redhat.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/install_redhat.sh b/install_redhat.sh
index 9e1b898..4eaeb62 100755
--- a/install_redhat.sh
+++ b/install_redhat.sh
@@ -76,19 +76,23 @@ yum --assumeyes install ca-certificates curl nss-pem
 #yum --assumeyes install 
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
 yum --assumeyes install epel-release
 
+# Make the about-to-be-created chroot's root directory, and files and
+# directories created under it, accessible to the "lmi" group--see:
+#   https://lists.nongnu.org/archive/html/lmi/2020-02/msg00007.html
+# et seqq.
+mkdir -p   /srv/chroot/"${CHRTNAME}"
+chgrp lmi  /srv/chroot/"${CHRTNAME}"
+chmod 2770 /srv/chroot/"${CHRTNAME}"
+umask 0007
+
 yum --assumeyes install schroot
 # To show available debootstrap scripts:
 #   ls /usr/share/debootstrap/scripts
 
 # Install a debian chroot inside this centos chroot.
 yum --assumeyes install debootstrap
-mkdir -p /srv/chroot/"${CHRTNAME}"
 debootstrap "${CODENAME}" /srv/chroot/"${CHRTNAME}" 
http://deb.debian.org/debian/
 
-# Make sure chroot's root directory is world-readable--see:
-#   https://lists.nongnu.org/archive/html/lmi/2020-02/msg00007.html
-chmod 0755 /srv/chroot/"${CHRTNAME}"
-
 echo Installed debian "${CODENAME}".
 
 cat >/etc/schroot/chroot.d/"${CHRTNAME}".conf <<EOF