Since these files are static, there is no legitimate reason why they should be owned (hence writable) by "nobody". Also, according to configroot's LFS file, this is the intended behaviour for the *.user files, which is then overwritten by the backup LFS file. Therefore, set the file mode of these statically - configroot does not feature other files in /var/ipfire/backup/ anyway.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- lfs/backup | 6 +++--- lfs/configroot | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/backup b/lfs/backup index 6f686bf22..cf1e58c7e 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -61,10 +61,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin - install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ - install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ chown root:root -R /var/ipfire/backup/bin/ + install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/ + install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup diff --git a/lfs/configroot b/lfs/configroot index 31b9a9463..f09307274 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -169,7 +169,7 @@ $(TARGET) : # Configroot permissions chown -R nobody:nobody $(CONFIG_ROOT) chown root:root $(CONFIG_ROOT) - for i in backup/ *.pl addon-lang/ langs/ ; do \ + for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \ chown -R root:root $(CONFIG_ROOT)/$$i; \ done chown -Rv root:root $(CONFIG_ROOT)/*/bin
I am sure you tested this and it works :)
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 26 Sep 2022, at 19:50, Peter Müller peter.mueller@ipfire.org wrote:
Since these files are static, there is no legitimate reason why they should be owned (hence writable) by "nobody". Also, according to configroot's LFS file, this is the intended behaviour for the *.user files, which is then overwritten by the backup LFS file. Therefore, set the file mode of these statically - configroot does not feature other files in /var/ipfire/backup/ anyway.
Signed-off-by: Peter Müller peter.mueller@ipfire.org
lfs/backup | 6 +++--- lfs/configroot | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lfs/backup b/lfs/backup index 6f686bf22..cf1e58c7e 100644 --- a/lfs/backup +++ b/lfs/backup @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -61,10 +61,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) -mkdir -p /var/ipfire/backup/bin install -v -m 755 -o root $(DIR_SRC)/config/backup/backup.pl /var/ipfire/backup/bin
- install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
- install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ chown nobody:nobody -R /var/ipfire/backup/ chown root:root -R /var/ipfire/backup/bin/
- install -v -m 644 $(DIR_SRC)/config/backup/include /var/ipfire/backup/
- install -v -m 644 $(DIR_SRC)/config/backup/exclude /var/ipfire/backup/ -mkdir -p /var/ipfire/backup/addons -mkdir -p /var/ipfire/backup/addons/includes -mkdir -p /var/ipfire/backup/addons/backup
diff --git a/lfs/configroot b/lfs/configroot index 31b9a9463..f09307274 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -169,7 +169,7 @@ $(TARGET) : # Configroot permissions chown -R nobody:nobody $(CONFIG_ROOT) chown root:root $(CONFIG_ROOT)
- for i in backup/ *.pl addon-lang/ langs/ ; do \
- for i in backup/exclude.user backup/include.user *.pl addon-lang/ langs/ ; do \ chown -R root:root $(CONFIG_ROOT)/$$i; \ done chown -Rv root:root $(CONFIG_ROOT)/*/bin
-- 2.35.3