security/trousers: Fix tcsd.conf permissions

It turns out that tcsd requires the ownership of tcsd.conf file to be
set to root:_tss.  See trousers-0.3.14_3/src/tcsd/tcsd_conf.c for
details. Otherwise, tcsd fails:

    # service tcsd start
    Starting tcsd.
    /usr/local/etc/rc.d/tcsd: WARNING: failed to start tcsd
    # tail /var/log/messages
    Nov  4 11:24:43 x TCSD[1298]: TrouSerS ERROR: TCSD config file (/usr/local/etc/tcsd.conf) must be user/group root/_tss
    Nov  4 11:24:43 x 0mp[2372]: /usr/local/etc/rc.d/tcsd: WARNING: failed to start tcsd

Also, the mode of the configuration file has to be 640.

PR:		253858
Reported by:	unitrunker <unitrunker@gmail.com>
Approved by:	maintainer timeout, portmgr blanket (runtime error)
Sponsored by:	Klara, Inc.

2 files changed, 6 insertions, 3 deletions

diff --git a/security/trousers/Makefile b/security/trousers/Makefile
index 6c2cb841de65..ef15376beb24 100644
--- a/security/trousers/Makefile
+++ b/security/trousers/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	trousers
 PORTVERSION=	0.3.14
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	security
 MASTER_SITES=	SF
 
diff --git a/security/trousers/files/tcsd.in b/security/trousers/files/tcsd.in
index eb36dfcbcd83..78b01750b5f3 100644
--- a/security/trousers/files/tcsd.in
+++ b/security/trousers/files/tcsd.in
@@ -26,9 +26,12 @@ tcsd_precmd()
 {
 	/usr/bin/install -d -m 0700 -o %%USERS%% -g %%GROUPS%% \
 	    /var/run/tpm /var/run/ima %%PREFIX%%/var/lib/tpm
-	/usr/sbin/chown %%USERS%%:%%GROUPS%% \
+	# The configuration files must be owned by root so
+	# that the %%USERS%% user can only read (but not manipulate)
+	# the configuration file.
+	/usr/sbin/chown root:%%GROUPS%% \
 	    %%PREFIX%%/etc/tcsd.conf
-	/bin/chmod 0600 \
+	/bin/chmod 0640 \
 	    %%PREFIX%%/etc/tcsd.conf
 }