AniNIX/Aether
AniNIX/Aether
3
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Hardening permissions and adding existential check for aether user

Browse Source
This commit is contained in:
DarkFeather 2023-10-10 13:04:45 -05:00
parent 543e698db8
commit cf5cdb8f4f
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@ -7,16 +7,16 @@ compile:
install: compile install: compile
mkdir -p ${pkgdir}/usr/local/sbin mkdir -p ${pkgdir}/usr/local/sbin
mkdir -p ${pkgdir}/usr/local/etc mkdir -p ${pkgdir}/usr/local/etc
install -m 0750 -o aether aether.bash ${pkgdir}/usr/local/sbin install -m 0700 -o aether aether.bash ${pkgdir}/usr/local/sbin
install -m 0750 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin install -m 0700 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin
install -m 0750 -o root -g root remote-backup ${pkgdir}/usr/local/sbin install -m 0700 -o root -g root remote-backup ${pkgdir}/usr/local/sbin
install -m 0750 -o aether -d ${pkgdir}/usr/local/etc/Aether install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether
install -m 0750 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries
mkdir -p ${pkgdir}/usr/lib/systemd/system mkdir -p ${pkgdir}/usr/lib/systemd/system
for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done
checkperm: checkperm:
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0750 "$$i"; done for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done
for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done
chown aether: ${pkgdir}/usr/local/sbin/aether.bash chown aether: ${pkgdir}/usr/local/sbin/aether.bash
for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done

8
installscript
View File

@ -1,7 +1,9 @@
pre_install() { pre_install() {
groupadd aether &>/dev/null if ! id aether &>/dev/null; then
useradd -g aether -d /srv/aether -s /bin/false aether &> /dev/null groupadd aether &>/dev/null
chown -R aether:aether /srv/aether &> /dev/null useradd -g aether -d /srv/aether -s /bin/false aether &> /dev/null
chown -R aether:aether /srv/aether &> /dev/null
fi
} }
pre_remove() { pre_remove() {