squidclamav: Fix permissions of /etc/squidclamav.conf.
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 16 Jul 2013 17:42:53 +0000 (19:42 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 16 Jul 2013 17:44:57 +0000 (19:44 +0200)
The file must not be executable, but writeable by anybody
in the group nobody.

lfs/squidclamav
src/paks/squidclamav/update.sh

index 79bf5d010ddb1ed2c7f1cf117d651b1035d94432..7d9e6afec2861342354c2d77a7aa8042b02b1ef7 100644 (file)
@@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squidclamav-5.11-dont_use_ipv6.patch
        cd $(DIR_APP) && ./configure --prefix=/usr
        cd $(DIR_APP) && make install
-       install -v -m 755  $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
+       install -v -m 664 $(DIR_CONF)/squidclamav/squidclamav.conf /etc/squidclamav.conf
+       chown -v root:nobody /etc/squidclamav.conf
        install -v -m 644 $(DIR_SRC)/config/backup/includes/squidclamav /var/ipfire/backup/addons/includes/squidclamav
        chmod 755 /srv/web/ipfire/html/clwarn.cgi
        @rm -rf $(DIR_APP)
index 4b542164e87f8260a45804d6a19b185f26a7ceae..c7380d9c740a8cd74ea3bb1e66f4717039809d5b 100644 (file)
@@ -41,6 +41,10 @@ if [ "$VERSION" -lt "16" ]; then
      -e "s/^#squid_port 3128/squid_port 800/g" \
      -e "s/^#trust_cache 1/trust_cache 1/g" -i /etc/squidclamav.conf
 
+ # Fix permissions.
+ chmod 664 /etc/squidclamav.conf
+ chown root.nobody /etc/squidclamav.conf
+
  # Regenerate configuration files.
  perl /srv/web/ipfire/cgi-bin/proxy.cgi
 fi