Alter default umask / mode

'/home/_portzap/ports/' and '/usr/ports/' have reduced permissions for members of the '_portzap' group, who now possess read-only permissions for both directories. The 'portzap erase' command must be run by root, since members of the '_portzap' group can't delete contents of either of those directories anymore.
2024-04-20 02:23:20 -03:00 · 2024-04-20 02:23:20 -03:00 · 105b4f6594
commit 105b4f6594
parent 94493d6040
7 changed files with 19 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -29,14 +29,14 @@ the first time.
    # This command is delegated to the '_portzap' user.
    $ portzap pull

-    # Start over: erase /usr/ports/ and /home/_portzap/ports/.
-    # This command is delegated to the '_portzap' user.
-    $ portzap erase
-
    # Install /home/_portzap/ports/ into /usr/ports/.
    # This command requires root privileges.
    # portzap install

+    # Start over: erase /usr/ports/ and /home/_portzap/ports/.
+    # This command requires root privileges.
+    $ portzap erase
+

 ### ENVIRONMENT

--- a/libexec/portzap/portzap-clone
+++ b/libexec/portzap/portzap-clone
@ -8,7 +8,7 @@ git="${localbase}"/bin/git
 giturl=$1
 gitdir=$2
 branch=$3
-mode="ug=rwX,o="
+mode="u=rwX,g=rX,o="

 ##
 # main
--- a/libexec/portzap/portzap-erase
+++ b/libexec/portzap/portzap-erase
@ -8,8 +8,8 @@ installdir=$2

 ##
 # main
-if ! "${libexec}"/isportzap-member; then
-    echo "[-] This command must be run by a member of the '_portzap' group"
+if [ "$(id -u)" != "0" ]; then
+    echo "[-] This command must be run by root"
    exit 1
 fi

--- a/libexec/portzap/portzap-install
+++ b/libexec/portzap/portzap-install
@ -6,7 +6,7 @@ gitdir=$1
 installdir=$2
 revfile=$3
 libexec=$(dirname "$0")
-mode="ug=rwX,o="
+mode="u=rwX,g=rX,o="

 ##
 # functions
--- a/libexec/portzap/portzap-pull
+++ b/libexec/portzap/portzap-pull
@ -7,7 +7,7 @@ localbase=${LOCALBASE:-/usr/local}
 git="${localbase}"/bin/git
 gitdir=$1
 branch=$2
-mode="ug=rwX,o="
+mode="u=rwX,g=rX,o="
 owner="_portzap:_portzap"

 ##
--- a/man/man8/portzap.8
+++ b/man/man8/portzap.8
@ -34,19 +34,20 @@ Pull updates into /home/_portzap/ports/.
 .br
 This command is delegated to the '_portzap' user.
 .Pp
-.Nm portzap erase
-.br
-Start over: erase /usr/ports/ and /home/_portzap/ports/.
-.br
-This command is delegated to the '_portzap' user.
-.br
-.Pp
 .Nm portzap install
 .br
 Install /home/_portzap/ports/ into /usr/ports/.
 .br
 This command requires root privileges.
 .Pp
+.Nm portzap erase
+.br
+Start over: erase /usr/ports/ and /home/_portzap/ports/.
+.br
+This command requires root privileges.
+.br
+.Pp
+.Pp
 .Sh ENVIRONMENT
 .sp
 .sp
--- a/share/portzap/doas.conf
+++ b/share/portzap/doas.conf
@ -2,6 +2,6 @@
 # portzap
 permit nopass root as _portzap cmd /usr/local/bin/git
 permit nopass :_portzap as _portzap cmd /usr/local/bin/git
-permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports
-permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports/.git
+permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports
+permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports/.git
 permit nopass :_portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git