Commit 8ba5f73e authored by Paul Cammish's avatar Paul Cammish

Merge branch 'buster-testing' into 'sympl-cli-ftp'

# Conflicts:
#   CHANGELOG
#   core/debian/changelog
parents 885bc128 ffb45bcd
Pipeline #900 passed with stages
in 27 minutes and 20 seconds
......@@ -5,6 +5,10 @@ CHANGELOG
sympl-core
* Added functionality to the sympl cli for managing FTP users
2020-04-27
sympl-core
* Further fixes to prevent sympl-filesystem-security from changing permissions where it shouldn't. (#280)
2020-04-22
sympl-web
* Switch to individual packages for sympl-web (#292)
......
......@@ -4,6 +4,12 @@ sympl-core (10.0.200504.0) stable; urgency=low
-- Doug Targett <dougtargett@gmail.com> Tue, 05 May 2020 17:55:30 +0100
sympl-core (10.0.200427.0) stable; urgency=medium
* Further fixes to prevent sympl-filesystem-security from changing permissions where it shouldn't. (#290)
-- Paul Cammish <sympl@kelduum.net> Mon, 27 Apr 2020 13:47:07 +0100
sympl-core (10.0.200420.0) stable; urgency=medium
* Prevent sympl-filesystem-security from changing permissions of /etc/firewall/local.d/ contents.
......
......@@ -140,9 +140,29 @@ fi
if [ -d /etc/sympl ]; then
find "/etc/sympl" ! -type l ! -path '*/test.d/*' ! -path '*/firewall/local.d/*' \( ! -user sympl -o ! -group sympl \) $VERBOSE -exec echo chown sympl:sympl {} \;
find "/etc/sympl" ! -type l ! -path '*/test.d/*' ! -path '*/firewall/local.d/*' \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 775 $VERBOSE -exec chmod 775 {} \; \)
# Make (almost) everything owned by sympl:sympl
find "/etc/sympl" ! -type l \
! -path '*/test.d/*' \
! -path '*/firewall/local.d/*' \
\( ! -user sympl -o ! -group sympl \) \
$VERBOSE -exec echo chown sympl:sympl {} \;
# Make (almost) everything read-only for others
find "/etc/sympl" ! -type l \
! -path '*/test.d/*' \
! -path '*/firewall/local.d/*' \
! -path '*/backup.d/post-backup.d/*' \
! -path '*/backup.d/pre-backup.d/*' \
\( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; \
-o -type d ! -perm 775 $VERBOSE -exec chmod 775 {} \; \)
if [ -d /etc/sympl/backup.d/post-backup.d ] || [ -d /etc/sympl/backup.d/pre-backup.d ]; then
# Make sure theres at least something executable in the backup pre/post scripts
if [ $(find "/etc/sympl/backup.d/" -type f \( -path '*/backup.d/post-backup.d/*' -o -path '*/backup.d/pre-backup.d/*' \) -name '*-*' -executable | wc -l) == 0 ]; then
chmod +x /etc/sympl/backup.d/post-backup.d/* 2&> /dev/null || true
chmod +x /etc/sympl/backup.d/pre-backup.d/* 2&> /dev/null || true
fi
fi
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment