From 308f0c3cae1a75cd859c11f5f38322d68a234d85 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Sun, 8 Oct 2006 00:42:47 +0000 Subject: [PATCH] fixed configuration files permission check git-svn-id: http://code.autistici.org/svn/backupninja/trunk@449 758a04ac-41e6-0310-8a23-8373a73cc35d --- ChangeLog | 4 ++++ src/backupninja.in | 28 ++++++++++++++++++---------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 046eaa5..47281e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ version 0.9.5 -- unreleased + backupninja changes + . Fixed checks on configuration files permissions, since the patch + applied to fix #370396 broke this, especially for configuration files + created with permissions 000 by an older ninjahelper version. handler changes sys: . Fixed typo breaking things for VServers. diff --git a/src/backupninja.in b/src/backupninja.in index f0622bd..920d89e 100755 --- a/src/backupninja.in +++ b/src/backupninja.in @@ -131,32 +131,40 @@ function msg { function check_perms() { local file=$1 + debug "check_perms $file" local perms - perms=($(stat -L --format='%a %g %G %u %U' $file)) - local gperm=${perms[0]:1:1} - local wperm=${perms[0]:2:1} - local gid=${perms[1]} - local group=${perms[2]} - local owner=${perms[3]} + local owners + + perms=($(stat -L --format='%A' $file)) + debug "perms: $perms" + local gperm=${perms:4:3} + debug "gperm: $gperm" + local wperm=${perms:7:3} + debug "wperm: $wperm" + + owners=($(stat -L --format='%g %G %u %U' $file)) + local gid=${owners[0]} + local group=${owners[1]} + local owner=${owners[2]} if [ "$owner" != 0 ]; then echo "Configuration files must be owned by root! Dying on file $file" fatal "Configuration files must be owned by root! Dying on file $file" fi - if [ $wperm -gt 0 ]; then + if [ "$wperm" != '---' ]; then echo "Configuration files must not be world writable/readable! Dying on file $file" fatal "Configuration files must not be world writable/readable! Dying on file $file" fi - if [ $gperm -gt 0 ]; then + if [ "$gperm" != '---' ]; then case "$admingroup" in $gid|$group) :;; *) if [ "$gid" != 0 ]; then - echo "Configuration files must not be writable/readable by group ${perms[2]}! Dying on file $file" - fatal "Configuration files must not be writable/readable by group ${perms[2]}! Dying on file $file" + echo "Configuration files must not be writable/readable by group $group! Use the admingroup option in backupninja.conf. Dying on file $file" + fatal "Configuration files must not be writable/readable by group $group! Use the admingroup option in backupninja.conf. Dying on file $file" fi ;; esac -- 2.30.2