From a958965e642a56ad278baf1f5c4270944f2201eb Mon Sep 17 00:00:00 2001
From: David Gillies <david.gillies@bigcommerce.com>
Date: Wed, 8 Jul 2015 22:13:38 +1000
Subject: [PATCH] set mode 0640 and group grafana on /etc/grafana/grafana.ini

---
 packaging/deb/control/postinst | 4 ++--
 packaging/rpm/control/postinst | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/packaging/deb/control/postinst b/packaging/deb/control/postinst
index edb163ba7fb..7585d3f879d 100755
--- a/packaging/deb/control/postinst
+++ b/packaging/deb/control/postinst
@@ -43,9 +43,9 @@ case "$1" in
 	chmod 755 /var/log/grafana /var/lib/grafana
 
 	# configuration files should not be modifiable by grafana user, as this can be a security issue
-	chown -Rh root:root /etc/grafana/*
+	chown -Rh root:$GRAFANA_GROUP /etc/grafana/*
 	chmod 755 /etc/grafana
-	find /etc/grafana -type f -exec chmod 644 {} ';'
+	find /etc/grafana -type f -exec chmod 640 {} ';'
 	find /etc/grafana -type d -exec chmod 755 {} ';'
 
 	# if $2 is set, this is an upgrade
diff --git a/packaging/rpm/control/postinst b/packaging/rpm/control/postinst
index 9e5e9accf79..fce80719115 100644
--- a/packaging/rpm/control/postinst
+++ b/packaging/rpm/control/postinst
@@ -43,9 +43,9 @@ if [ $1 -eq 1 ] ; then
 	chmod 755 /var/log/grafana /var/lib/grafana
 
 	# configuration files should not be modifiable by grafana user, as this can be a security issue
-	chown -Rh root:root /etc/grafana/*
+	chown -Rh root:$GRAFANA_GROUP /etc/grafana/*
 	chmod 755 /etc/grafana
-	find /etc/grafana -type f -exec chmod 644 {} ';'
+	find /etc/grafana -type f -exec chmod 640 {} ';'
 	find /etc/grafana -type d -exec chmod 755 {} ';'
 
   if [ -x /bin/systemctl ] ; then