From eb2aa23f727d4ed8767aaa81193d5fa0b2fc2216 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Sun, 24 Jun 2018 18:52:30 +0200 Subject: [PATCH] make sure config trees have correct permission --- Makefile | 4 ++-- permissions.mk | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 permissions.mk diff --git a/Makefile b/Makefile index a80a8a7..9b35790 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ stretch_%_root/bin/sh: chmod 755 "$(subst bin/sh,,$@)" debootstrap --arch=${ARCH} --variant=minbase stretch "$(subst bin/sh,,$@)" -stretch_%_root/: stretch_%_root/bin/sh ${CONFIG} .FORCE +stretch_%_root/: stretch_%_root/bin/sh ${CONFIG} permissions .FORCE for tree in ${CONFIG}; do for file in apt default timezone; do cp -av "$$tree/etc/$$file" "$@/etc/" || true; done; done chroot "$@" ln -sf /bin/true /usr/local/sbin/invoke-rc.d chroot "$@" sh -c 'apt-mark showmanual |xargs apt-mark auto || true' @@ -32,7 +32,7 @@ stretch_%_root/: stretch_%_root/bin/sh ${CONFIG} .FORCE chroot "$@" apt-get clean touch "$@" -stretch_%_config/: stretch_%_root/ ${CONFIG} .FORCE +stretch_%_config/: stretch_%_root/ ${CONFIG} permissions .FORCE btrfs subvolume delete "$@" || rm -r "$@" || true btrfs subvolume snapshot "$<" "$@" || cp -rlv "$<" "$@" cp -av $(addsuffix /*, ${CONFIG}) "$@" diff --git a/permissions.mk b/permissions.mk new file mode 100644 index 0000000..92a8ee0 --- /dev/null +++ b/permissions.mk @@ -0,0 +1,17 @@ +.PHONY: permissions + +permissions: ${CONFIG} .FORCE + chown -R root:root config_*/ + chmod 0755 config_*/ + -chmod -R a+rX config_*/etc/ + -chmod -R a+rX config_*/var/ + -chmod 0700 config_*/var/lib/polkit-1/ + -chmod 0750 config_*/root/ + -chmod 0700 config_*/root/.ssh/ + -chmod 0600 config_*/root/.ssh/authorized_keys + -chmod 0750 config_*/home/*/ + -chmod 0700 config_*/home/*/.ssh/ + -chmod 0600 config_*/home/*/.ssh/authorized_keys + -chgrp -R 107 config_*/var/spool/cron/crontabs/ + -chmod 1730 config_*/var/spool/cron/crontabs/ + -chmod 0600 config_*/var/spool/cron/crontabs/* -- 2.39.2