Hello Michael,
thanks for your reply. Indeed, glad you caught that.
Before I submit a second version: Shouldn't the {in,ex}clude.user files also be owned by root? I was unable to find any instance in the source code where these are modified by an unprivileged user.
On that note, is it intended/desired that many subfolders of /var/ipfire/ are owned by "nobody"? While I of course see the need for "nobody" to write _files_, do not quite get why the parent folders (such as /var/ipfire/auth/, /var/ipfire/ca/, etc. pp.) have to be owned by that user as well.
Thanks, and best regards, Peter Müller
Hello Peter,
I agree that the files should be owned by root. However, your patch doesn’t fix that.
On 15 Sep 2022, at 21:15, Peter Müller peter.mueller@ipfire.org wrote:
Since these files are static, there is no legitimate reason why they should be owned (hence writable) by "nobody".
Signed-off-by: Peter Müller peter.mueller@ipfire.org
lfs/backup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/backup b/lfs/backup index 6f686bf22..adbf16e65 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -61,8 +61,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
- install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
- install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
- install -v -m 644 -o root $(DIR_SRC)/config/backup/include /var/ipfire/backup/
- install -v -m 644 -o root $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/
They have been created as root before. That is the default.
chown nobody:nobody -R /var/ipfire/backup/
And here is where they will be changed. Still.
chown root:root -R /var/ipfire/backup/bin/
-mkdir -p /var/ipfire/backup/addons
2.35.3
-Michael