From patchwork Mon Sep 26 18:50:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 6014 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4MbsJb0wY8z3wc2 for ; Mon, 26 Sep 2022 18:50:23 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4MbsJY4ZkXzyD; Mon, 26 Sep 2022 18:50:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4MbsJY3khMz2yZb; Mon, 26 Sep 2022 18:50:21 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4MbsJX5R5Fz2xGV for ; Mon, 26 Sep 2022 18:50:20 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4MbsJV0kN4zyD for ; Mon, 26 Sep 2022 18:50:16 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1664218220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jMUJEwPJyltTm63JsgTO0P5R+DF0/TnFGqBbVjD2lH4=; b=rFQGjXfeNAqK1I8qGLZwJ7I/B3D2K3zzhhANIomD+3V20jSnCAGAqlK6VcfINs8h3HFaE0 2qu9WSMWn0aK1HCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1664218220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jMUJEwPJyltTm63JsgTO0P5R+DF0/TnFGqBbVjD2lH4=; b=Y8YWt2hCuzMd+P+YSj7LOu9+NOLCpRnBs0omzF6Xba1RcFTEg1GNbFDdl5/tNoOltsxSlS BZRqFH58ZPyAhEkH+QLH5q3ozv7XHQFQOxkp7dMwTs/UVJ9Tq3Y0JQ1Ad4vPkCd72gs/My aGtrw+99gBVgGfS+56kaBeOJFxiq/LhHNCqC+XufbN3RjU3cjIzmjaugPYbJ0bAXedEu8O GgHeCaNKv8q9z4UQ4Ex5frxvutYrNXOtA0I2CyuoPp5lzZ8nBgjlywMnN7YoAIUuO069kf Bf3c/vQex7pGQmmAK+K3zCzphBTLcXTUVoiJQ7H0R1l6hLhjEeN3XHgGfM3piQ== Message-ID: Date: Mon, 26 Sep 2022 18:50:08 +0000 MIME-Version: 1.0 Content-Language: en-US To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] backup: Set owner of {ex,in}clude{,.user} files to "root" X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Since these files are static, there is no legitimate reason why they should be owned (hence writable) by "nobody". Also, according to configroot's LFS file, this is the intended behaviour for the *.user files, which is then overwritten by the backup LFS file. Therefore, set the file mode of these statically - configroot does not feature other files in /var/ipfire/backup/ anyway. Signed-off-by: Peter Müller Reviewed-by: Michael Tremer --- lfs/backup | 6 +++--- lfs/configroot | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/backup b/lfs/backup index 6f686bf22..cf1e58c7e 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team # +# Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -61,10 +61,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin - install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ - install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ chown root:root -R /var/ipfire/backup/bin/ + install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ + install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup diff --git a/lfs/configroot b/lfs/configroot index 31b9a9463..f09307274 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -169,7 +169,7 @@ $(TARGET) : # Configroot permissions chown -R nobody:nobody $(CONFIG_ROOT) chown root:root $(CONFIG_ROOT) - for i in backup/ *.pl addon-lang/ langs/ ; do \ + for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \ chown -R root:root $(CONFIG_ROOT)/$$i; \ done chown -Rv root:root $(CONFIG_ROOT)/*/bin