Since these files are static, there is no legitimate reason why they should be owned (hence writable) by "nobody". Also, according to configroot's LFS file, this is the intended behaviour for the *.user files, which is then overwritten by the backup LFS file. Therefore, set the file mode of these statically - configroot does not feature other files in /var/ipfire/backup/ anyway.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- lfs/backup | 6 +++--- lfs/configroot | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/backup b/lfs/backup index 6f686bf22..cf1e58c7e 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -61,10 +61,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin - install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ - install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ chown root:root -R /var/ipfire/backup/bin/ + install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ + install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup diff --git a/lfs/configroot b/lfs/configroot index 31b9a9463..f09307274 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -169,7 +169,7 @@ $(TARGET) : # Configroot permissions chown -R nobody:nobody $(CONFIG_ROOT) chown root:root $(CONFIG_ROOT) - for i in backup/ *.pl addon-lang/ langs/ ; do \ + for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \ chown -R root:root $(CONFIG_ROOT)/$$i; \ done chown -Rv root:root $(CONFIG_ROOT)/*/bin