0x1eef/portzap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Alter default umask / mode

Browse source 
'/home/_portzap/ports/' and '/usr/ports/' have reduced permissions for
members of the '_portzap' group, who now possess read-only permissions
for both directories.

The 'portzap erase' command must be run by root, since members of the
'_portzap' group can't delete contents of either of those directories
anymore.
This commit is contained in:
0x1eef 2024-04-20 02:23:20 -03:00
parent 94493d6040
commit 105b4f6594
7 changed files with 19 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -29,14 +29,14 @@ the first time.
# This command is delegated to the '_portzap' user. # This command is delegated to the '_portzap' user.
$ portzap pull $ portzap pull
# Start over: erase /usr/ports/ and /home/_portzap/ports/.
# This command is delegated to the '_portzap' user.
$ portzap erase
# Install /home/_portzap/ports/ into /usr/ports/. # Install /home/_portzap/ports/ into /usr/ports/.
# This command requires root privileges. # This command requires root privileges.
# portzap install # portzap install
# Start over: erase /usr/ports/ and /home/_portzap/ports/.
# This command requires root privileges.
$ portzap erase
### ENVIRONMENT ### ENVIRONMENT

2
libexec/portzap/portzap-clone
View file

@ -8,7 +8,7 @@ git="${localbase}"/bin/git
giturl=$1 giturl=$1
gitdir=$2 gitdir=$2
branch=$3 branch=$3
mode="ug=rwX,o=" mode="u=rwX,g=rX,o="
## ##
# main # main

4
libexec/portzap/portzap-erase
View file

@ -8,8 +8,8 @@ installdir=$2
## ##
# main # main
if ! "${libexec}"/isportzap-member; then if [ "$(id -u)" != "0" ]; then
echo "[-] This command must be run by a member of the '_portzap' group" echo "[-] This command must be run by root"
exit 1 exit 1
fi fi

2
libexec/portzap/portzap-install
View file

@ -6,7 +6,7 @@ gitdir=$1
installdir=$2 installdir=$2
revfile=$3 revfile=$3
libexec=$(dirname "$0") libexec=$(dirname "$0")
mode="ug=rwX,o=" mode="u=rwX,g=rX,o="
## ##
# functions # functions

2
libexec/portzap/portzap-pull
View file

@ -7,7 +7,7 @@ localbase=${LOCALBASE:-/usr/local}
git="${localbase}"/bin/git git="${localbase}"/bin/git
gitdir=$1 gitdir=$1
branch=$2 branch=$2
mode="ug=rwX,o=" mode="u=rwX,g=rX,o="
owner="_portzap:_portzap" owner="_portzap:_portzap"
## ##

15
man/man8/portzap.8
View file

@ -34,19 +34,20 @@ Pull updates into /home/_portzap/ports/.
.br .br
This command is delegated to the '_portzap' user. This command is delegated to the '_portzap' user.
.Pp .Pp
.Nm portzap erase
.br
Start over: erase /usr/ports/ and /home/_portzap/ports/.
.br
This command is delegated to the '_portzap' user.
.br
.Pp
.Nm portzap install .Nm portzap install
.br .br
Install /home/_portzap/ports/ into /usr/ports/. Install /home/_portzap/ports/ into /usr/ports/.
.br .br
This command requires root privileges. This command requires root privileges.
.Pp .Pp
.Nm portzap erase
.br
Start over: erase /usr/ports/ and /home/_portzap/ports/.
.br
This command requires root privileges.
.br
.Pp
.Pp
.Sh ENVIRONMENT .Sh ENVIRONMENT
.sp .sp
.sp .sp

4
share/portzap/doas.conf
View file

@ -2,6 +2,6 @@
# portzap # portzap
permit nopass root as _portzap cmd /usr/local/bin/git permit nopass root as _portzap cmd /usr/local/bin/git
permit nopass :_portzap as _portzap cmd /usr/local/bin/git permit nopass :_portzap as _portzap cmd /usr/local/bin/git
permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports
permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports/.git permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports/.git
permit nopass :_portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git permit nopass :_portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git