Alter default umask / mode

'/home/_portzap/ports/' and '/usr/ports/' have reduced permissions for
members of the '_portzap' group, who now possess read-only permissions
for both directories.

The 'portzap erase' command must be run by root, since members of the
'_portzap' group can't delete contents of either of those directories
anymore.

README.md

@@ -29,14 +29,14 @@ the first time.
     # This command is delegated to the '_portzap' user.
     $ portzap pull
 
-    # Start over: erase /usr/ports/ and /home/_portzap/ports/.
-    # This command is delegated to the '_portzap' user.
-    $ portzap erase
-
     # Install /home/_portzap/ports/ into /usr/ports/.
     # This command requires root privileges.
     # portzap install
 
+    # Start over: erase /usr/ports/ and /home/_portzap/ports/.
+    # This command requires root privileges.
+    $ portzap erase
+
 
 ### ENVIRONMENT
 

libexec/portzap/portzap-clone

@@ -8,7 +8,7 @@ git="${localbase}"/bin/git
 giturl=$1
 gitdir=$2
 branch=$3
-mode="ug=rwX,o="
+mode="u=rwX,g=rX,o="
 
 ##
 # main

libexec/portzap/portzap-erase

@@ -8,8 +8,8 @@ installdir=$2
 
 ##
 # main
-if ! "${libexec}"/isportzap-member; then
-    echo "[-] This command must be run by a member of the '_portzap' group"
+if [ "$(id -u)" != "0" ]; then
+    echo "[-] This command must be run by root"
     exit 1
 fi
 

libexec/portzap/portzap-install

@@ -6,7 +6,7 @@ gitdir=$1
 installdir=$2
 revfile=$3
 libexec=$(dirname "$0")
-mode="ug=rwX,o="
+mode="u=rwX,g=rX,o="
 
 ##
 # functions

libexec/portzap/portzap-pull

@@ -7,7 +7,7 @@ localbase=${LOCALBASE:-/usr/local}
 git="${localbase}"/bin/git
 gitdir=$1
 branch=$2
-mode="ug=rwX,o="
+mode="u=rwX,g=rX,o="
 owner="_portzap:_portzap"
 
 ##

man/man8/portzap.8

@@ -34,19 +34,20 @@ Pull updates into /home/_portzap/ports/.
 .br
 This command is delegated to the '_portzap' user.
 .Pp
-.Nm portzap erase
-.br
-Start over: erase /usr/ports/ and /home/_portzap/ports/.
-.br
-This command is delegated to the '_portzap' user.
-.br
-.Pp
 .Nm portzap install
 .br
 Install /home/_portzap/ports/ into /usr/ports/.
 .br
 This command requires root privileges.
 .Pp
+.Nm portzap erase
+.br
+Start over: erase /usr/ports/ and /home/_portzap/ports/.
+.br
+This command requires root privileges.
+.br
+.Pp
+.Pp
 .Sh ENVIRONMENT
 .sp
 .sp

share/portzap/doas.conf

@@ -2,6 +2,6 @@
 # portzap
 permit nopass root as _portzap cmd /usr/local/bin/git
 permit nopass :_portzap as _portzap cmd /usr/local/bin/git
-permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports
-permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports/.git
+permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports
+permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports/.git
 permit nopass :_portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git