backup: Set owner of {ex,in}clude{,.user} files to "root"

Message ID b1ba905d-db6b-3bce-08b1-0d4763bb1576@ipfire.org
State Accepted
Commit bd053b99b3feb2e7036822dbbac24b5ce80ce2df
Headers
Series backup: Set owner of {ex,in}clude{,.user} files to "root" |

Commit Message

Peter Müller Sept. 26, 2022, 6:50 p.m. UTC
  Since these files are static, there is no legitimate reason why they
should be owned (hence writable) by "nobody". Also, according to
configroot's LFS file, this is the intended behaviour for the *.user
files, which is then overwritten by the backup LFS file. Therefore, set
the file mode of these statically - configroot does not feature other
files in /var/ipfire/backup/ anyway.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/backup     | 6 +++---
 lfs/configroot | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
  

Comments

Michael Tremer Sept. 27, 2022, 10:03 a.m. UTC | #1
I am sure you tested this and it works :)

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 26 Sep 2022, at 19:50, Peter Müller <peter.mueller@ipfire.org> wrote:
> 
> Since these files are static, there is no legitimate reason why they
> should be owned (hence writable) by "nobody". Also, according to
> configroot's LFS file, this is the intended behaviour for the *.user
> files, which is then overwritten by the backup LFS file. Therefore, set
> the file mode of these statically - configroot does not feature other
> files in /var/ipfire/backup/ anyway.
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> lfs/backup     | 6 +++---
> lfs/configroot | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/lfs/backup b/lfs/backup
> index 6f686bf22..cf1e58c7e 100644
> --- a/lfs/backup
> +++ b/lfs/backup
> @@ -1,7 +1,7 @@
> ###############################################################################
> #                                                                             #
> # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
> +# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -61,10 +61,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> 	@$(PREBUILD)
> 	-mkdir -p /var/ipfire/backup/bin
> 	install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
> -	install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
> -	install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
> 	chown nobody:nobody -R /var/ipfire/backup/
> 	chown root:root -R /var/ipfire/backup/bin/
> +	install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
> +	install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
> 	-mkdir -p /var/ipfire/backup/addons
> 	-mkdir -p /var/ipfire/backup/addons/includes
> 	-mkdir -p /var/ipfire/backup/addons/backup
> diff --git a/lfs/configroot b/lfs/configroot
> index 31b9a9463..f09307274 100644
> --- a/lfs/configroot
> +++ b/lfs/configroot
> @@ -169,7 +169,7 @@ $(TARGET) :
> 	# Configroot permissions
> 	chown -R nobody:nobody $(CONFIG_ROOT)
> 	chown      root:root   $(CONFIG_ROOT)
> -	for i in backup/ *.pl addon-lang/ langs/ ; do \
> +	for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \
>             chown -R root:root $(CONFIG_ROOT)/$$i; \
> 	done
> 	chown -Rv root:root $(CONFIG_ROOT)/*/bin
> -- 
> 2.35.3
  

Patch

diff --git a/lfs/backup b/lfs/backup
index 6f686bf22..cf1e58c7e 100644
--- a/lfs/backup
+++ b/lfs/backup
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -61,10 +61,10 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	-mkdir -p /var/ipfire/backup/bin
 	install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
-	install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
-	install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
 	chown nobody:nobody -R /var/ipfire/backup/
 	chown root:root -R /var/ipfire/backup/bin/
+	install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
+	install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
 	-mkdir -p /var/ipfire/backup/addons
 	-mkdir -p /var/ipfire/backup/addons/includes
 	-mkdir -p /var/ipfire/backup/addons/backup
diff --git a/lfs/configroot b/lfs/configroot
index 31b9a9463..f09307274 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -169,7 +169,7 @@  $(TARGET) :
 	# Configroot permissions
 	chown -R nobody:nobody $(CONFIG_ROOT)
 	chown      root:root   $(CONFIG_ROOT)
-	for i in backup/ *.pl addon-lang/ langs/ ; do \
+	for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \
             chown -R root:root $(CONFIG_ROOT)/$$i; \
 	done
 	chown -Rv root:root $(CONFIG_ROOT)/*/bin