If you want to increase(or decrease) security by altering the permissions on a directory, you can do it, but as soon as the package that own that directory updates, it resets the permissions.
Is there a way to stop that from happening? Alternatively, other than creating a job that polls the permissions of that directory periodically, is there a way to put something in place that is run after a specific package updates to allow resetting the permissions to be automated?
Don’t know about stopping if from happening, but you could set up a systemd .path unit that monitors the files/dirs that would be changed by the update, and use that to fire off a script that resets the permissions, I guess.
Yes, I guess that would be a good fallback option if there is no package management way to solve the problem. I wonder what triggers the PathChanged event for a directory. It may be triggered whenever a file in the directory is created/deleted. I will have to test that.
Alternatively, you could set up a path unit that monitors changes to dnf.log (or maybe better dnf.rpm.log) and fires off a script that checks & if necessary fixes the permissions of everything you want fixed. Would be fairly simple to read a list of paths to fix from a config file, even.