From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 27 Jan 2013 14:58:14 +0000 (+0100)
Subject: Merge remote-tracking branch 'ms/axel-fixperms' into next
X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=83f1971428fa456462ee24ad6f0baab12f1ae8d7;hp=4d4760225bb7f2de1df9b38bfa56599c3f935499

Merge remote-tracking branch 'ms/axel-fixperms' into next
---

diff --git a/config/etc/group b/config/etc/group
index 3b155fa88..46e4b8029 100644
--- a/config/etc/group
+++ b/config/etc/group
@@ -14,7 +14,7 @@ dialout:x:16:
 floppy:x:19:
 tape:x:20:
 utmp:x:22:
-squid:x:23:
+squid:x:23:nobody
 ntp:x:38:
 dip:x:40:
 mysql:x:41:
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index 2d6b2e2cb..d2cf7102c 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl
 usr/local/bin/timectrl
 #usr/local/bin/tripwirectrl
 usr/local/bin/updxlratorctrl
-usr/local/bin/updxsetperms
 usr/local/bin/upnpctrl
 usr/local/bin/urlfilterctrl
 usr/local/bin/wirelessctrl
diff --git a/config/rootfiles/core/66/update.sh b/config/rootfiles/core/66/update.sh
index ac4e3ac64..d764c4322 100644
--- a/config/rootfiles/core/66/update.sh
+++ b/config/rootfiles/core/66/update.sh
@@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo
 add_to_backup etc/sysconfig/lm_sensors
 add_to_backup etc/sysconfig/rc.local
 add_to_backup usr/local/bin/vpn-watch
+add_to_backup usr/local/bin/updxsetperms
 add_to_backup usr/libexec/ipsec
 
 # Backup the files
@@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then
 	exit 2
 fi
 
+# Add user nobody to group squid.
+usermod -a -G squid nobody
+
 echo
 echo Update Kernel to $KVER ...
 #
@@ -184,6 +188,9 @@ rm -rf /lib/libncurses*
 rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
 rm -f /usr/local/bin/vpn-watch
 
+# Remove update accelerator permissions script.
+rm -f /usr/local/bin/updxsetperms
+
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
diff --git a/config/updxlrator/download b/config/updxlrator/download
index 8b219bcab..1624609f4 100644
--- a/config/updxlrator/download
+++ b/config/updxlrator/download
@@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/;
 unless (-d "$repository/download/$vendorid")
 {
 	system("mkdir -p $repository/download/$vendorid");
-	#system("chmod 775 $repository/download/$vendorid");
+	chmod 0775, "$repository/download/$vendorid";
 }
 
 if($restartdl == 0)
@@ -159,13 +159,13 @@ if ($_ == 0)
 	unless (-d "$repository/$vendorid")
 	{
 		system("mkdir -p $repository/$vendorid");
-		#system("chmod 775 $repository/$vendorid");
+		chmod 0775, "$repository/$vendorid";
 	}
 
 	unless (-d "$repository/$vendorid/$uuid")
 	{
 		system("mkdir -p $repository/$vendorid/$uuid");
-		#system("chmod 775 $repository/$vendorid/$uuid");
+		chmod 0775, "$repository/$vendorid/$uuid";
 	}
 
 	&writelog("Moving file to the cache directory: $vendorid/$uuid");
@@ -180,8 +180,15 @@ if ($_ == 0)
 	&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
 	&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
 
-	system("/usr/local/bin/updxsetperms");
-	#system("chmod 775 $repository/$vendorid/$uuid/*");
+	# Update permissions of all files in the download directory.
+	my @files = (
+		"$repository/$vendorid/$uuid/source.url",
+		"$repository/$vendorid/$uuid/status",
+		"$repository/$vendorid/$uuid/checkup.log",
+		"$repository/$vendorid/$uuid/access.log",
+		"$repository/$vendorid/$uuid/$updatefile"
+	);
+	chmod 0664, @files;
 
 	unlink ("$repository/download/$vendorid/$updatefile.info");
 
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 33d1d667e..cc33266d0 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
 	smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
 	getconntracktable
-SUID_UPDX = updxsetperms
 
 install : all
 	install -m 755  $(PROGS) /usr/local/bin
 	install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
-	install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
 
-all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX)
+all : $(PROGS) $(SUID_PROGS)
 
 clean : 
-	-rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core
+	-rm -f $(PROGS) $(SUID_PROGS) *.o core
 
 ######
 
@@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o
 
 $(PROGS): setuid.o
 
-$(SUID_UPDX): setuid.o
-
 logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
 	$(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
@@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o
 setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
 	$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
-updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o
-	$(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
 fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
 	$(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@