Commit 6ca9edbb authored by Paul Cammish's avatar Paul Cammish

Merge branch 'buster-testing' into 'buster'

buster-testing -> buster

See merge request !195
parents a1558f0f ffb45bcd
Pipeline #894 passed with stages
in 25 minutes and 16 seconds
CHANGELOG
---------
2020-04-27
sympl-core
* Further fixes to prevent sympl-filesystem-security from changing permissions where it shouldn't. (#280)
2020-04-22
sympl-web
* Switch to individual packages for sympl-web (#292)
......
sympl-core (10.0.200427.0) stable; urgency=medium
* Further fixes to prevent sympl-filesystem-security from changing permissions where it shouldn't. (#290)
-- Paul Cammish <sympl@kelduum.net> Mon, 27 Apr 2020 13:47:07 +0100
sympl-core (10.0.200420.0) stable; urgency=medium
* Prevent sympl-filesystem-security from changing permissions of /etc/firewall/local.d/ contents.
......
......@@ -140,9 +140,29 @@ fi
if [ -d /etc/sympl ]; then
find "/etc/sympl" ! -type l ! -path '*/test.d/*' ! -path '*/firewall/local.d/*' \( ! -user sympl -o ! -group sympl \) $VERBOSE -exec echo chown sympl:sympl {} \;
find "/etc/sympl" ! -type l ! -path '*/test.d/*' ! -path '*/firewall/local.d/*' \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 775 $VERBOSE -exec chmod 775 {} \; \)
# Make (almost) everything owned by sympl:sympl
find "/etc/sympl" ! -type l \
! -path '*/test.d/*' \
! -path '*/firewall/local.d/*' \
\( ! -user sympl -o ! -group sympl \) \
$VERBOSE -exec echo chown sympl:sympl {} \;
# Make (almost) everything read-only for others
find "/etc/sympl" ! -type l \
! -path '*/test.d/*' \
! -path '*/firewall/local.d/*' \
! -path '*/backup.d/post-backup.d/*' \
! -path '*/backup.d/pre-backup.d/*' \
\( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; \
-o -type d ! -perm 775 $VERBOSE -exec chmod 775 {} \; \)
if [ -d /etc/sympl/backup.d/post-backup.d ] || [ -d /etc/sympl/backup.d/pre-backup.d ]; then
# Make sure theres at least something executable in the backup pre/post scripts
if [ $(find "/etc/sympl/backup.d/" -type f \( -path '*/backup.d/post-backup.d/*' -o -path '*/backup.d/pre-backup.d/*' \) -name '*-*' -executable | wc -l) == 0 ]; then
chmod +x /etc/sympl/backup.d/post-backup.d/* 2&> /dev/null || true
chmod +x /etc/sympl/backup.d/pre-backup.d/* 2&> /dev/null || true
fi
fi
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment