Skip to content
Snippets Groups Projects
Commit 5eef842c authored by intrigeri's avatar intrigeri
Browse files

fixed configuration files permission check

parent 2276e5df
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
ChangeLog
+ 4
0
View file @ 5eef842c
version 0.9.5 -- unreleased version 0.9.5 -- unreleased
backupninja changes
. Fixed checks on configuration files permissions, since the patch
applied to fix #370396 broke this, especially for configuration files
created with permissions 000 by an older ninjahelper version.
handler changes handler changes
sys: sys:
. Fixed typo breaking things for VServers. . Fixed typo breaking things for VServers.
......
src/backupninja.in
+ 18
10
View file @ 5eef842c
...@@ -131,32 +131,40 @@ function msg { ...@@ -131,32 +131,40 @@ function msg {
function check_perms() { function check_perms() {
local file=$1 local file=$1
debug "check_perms $file"
local perms local perms
perms=($(stat -L --format='%a %g %G %u %U' $file)) local owners
local gperm=${perms[0]:1:1}
local wperm=${perms[0]:2:1} perms=($(stat -L --format='%A' $file))
local gid=${perms[1]} debug "perms: $perms"
local group=${perms[2]} local gperm=${perms:4:3}
local owner=${perms[3]} debug "gperm: $gperm"
local wperm=${perms:7:3}
debug "wperm: $wperm"
owners=($(stat -L --format='%g %G %u %U' $file))
local gid=${owners[0]}
local group=${owners[1]}
local owner=${owners[2]}
if [ "$owner" != 0 ]; then if [ "$owner" != 0 ]; then
echo "Configuration files must be owned by root! Dying on file $file" echo "Configuration files must be owned by root! Dying on file $file"
fatal "Configuration files must be owned by root! Dying on file $file" fatal "Configuration files must be owned by root! Dying on file $file"
fi fi
if [ $wperm -gt 0 ]; then if [ "$wperm" != '---' ]; then
echo "Configuration files must not be world writable/readable! Dying on file $file" echo "Configuration files must not be world writable/readable! Dying on file $file"
fatal "Configuration files must not be world writable/readable! Dying on file $file" fatal "Configuration files must not be world writable/readable! Dying on file $file"
fi fi
if [ $gperm -gt 0 ]; then if [ "$gperm" != '---' ]; then
case "$admingroup" in case "$admingroup" in
$gid|$group) :;; $gid|$group) :;;
*) *)
if [ "$gid" != 0 ]; then if [ "$gid" != 0 ]; then
echo "Configuration files must not be writable/readable by group ${perms[2]}! Dying on file $file" echo "Configuration files must not be writable/readable by group $group! Use the admingroup option in backupninja.conf. Dying on file $file"
fatal "Configuration files must not be writable/readable by group ${perms[2]}! Dying on file $file" fatal "Configuration files must not be writable/readable by group $group! Use the admingroup option in backupninja.conf. Dying on file $file"
fi fi
;; ;;
esac esac
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment