From 9ba79fb0cd16df067b2f1a9c4ccbe34670cd3795 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Sat, 9 Jun 2018 10:05:44 +0200
Subject: [PATCH] make sure /var/lib/egroupware is only accessible by webserver

---
 doc/rpm-build/debian.postinst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/rpm-build/debian.postinst b/doc/rpm-build/debian.postinst
index 228c4af2d3..d3777f4833 100644
--- a/doc/rpm-build/debian.postinst
+++ b/doc/rpm-build/debian.postinst
@@ -33,6 +33,7 @@ then
 		/usr/share/egroupware/doc/rpm-build/post_install.php 2>&1 | /usr/bin/tee -a $install_log
         # fix ownership of files created during update
         chown -R www-data /var/lib/egroupware
+		chmod 700 /var/lib/egroupware/
 	else
 		apache_conf=apache.conf
 		# Debian 9 has no more /etc/lsb-release and gives an error
@@ -96,6 +97,7 @@ then
 	# someone wants a different setup.
 	if [ -z "$2" ]; then
 		chown -R www-data:www-data /var/lib/egroupware/
+		chmod 700 /var/lib/egroupware/
 		chmod 600 $config
 	fi