Alter default umask / mode
'/home/_portzap/ports/' and '/usr/ports/' have reduced permissions for members of the '_portzap' group, who now possess read-only permissions for both directories. The 'portzap erase' command must be run by root, since members of the '_portzap' group can't delete contents of either of those directories anymore.
This commit is contained in:
parent
94493d6040
commit
105b4f6594
7 changed files with 19 additions and 18 deletions
|
@ -29,14 +29,14 @@ the first time.
|
|||
# This command is delegated to the '_portzap' user.
|
||||
$ portzap pull
|
||||
|
||||
# Start over: erase /usr/ports/ and /home/_portzap/ports/.
|
||||
# This command is delegated to the '_portzap' user.
|
||||
$ portzap erase
|
||||
|
||||
# Install /home/_portzap/ports/ into /usr/ports/.
|
||||
# This command requires root privileges.
|
||||
# portzap install
|
||||
|
||||
# Start over: erase /usr/ports/ and /home/_portzap/ports/.
|
||||
# This command requires root privileges.
|
||||
$ portzap erase
|
||||
|
||||
|
||||
### ENVIRONMENT
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ git="${localbase}"/bin/git
|
|||
giturl=$1
|
||||
gitdir=$2
|
||||
branch=$3
|
||||
mode="ug=rwX,o="
|
||||
mode="u=rwX,g=rX,o="
|
||||
|
||||
##
|
||||
# main
|
||||
|
|
|
@ -8,8 +8,8 @@ installdir=$2
|
|||
|
||||
##
|
||||
# main
|
||||
if ! "${libexec}"/isportzap-member; then
|
||||
echo "[-] This command must be run by a member of the '_portzap' group"
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "[-] This command must be run by root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ gitdir=$1
|
|||
installdir=$2
|
||||
revfile=$3
|
||||
libexec=$(dirname "$0")
|
||||
mode="ug=rwX,o="
|
||||
mode="u=rwX,g=rX,o="
|
||||
|
||||
##
|
||||
# functions
|
||||
|
|
|
@ -7,7 +7,7 @@ localbase=${LOCALBASE:-/usr/local}
|
|||
git="${localbase}"/bin/git
|
||||
gitdir=$1
|
||||
branch=$2
|
||||
mode="ug=rwX,o="
|
||||
mode="u=rwX,g=rX,o="
|
||||
owner="_portzap:_portzap"
|
||||
|
||||
##
|
||||
|
|
|
@ -34,19 +34,20 @@ Pull updates into /home/_portzap/ports/.
|
|||
.br
|
||||
This command is delegated to the '_portzap' user.
|
||||
.Pp
|
||||
.Nm portzap erase
|
||||
.br
|
||||
Start over: erase /usr/ports/ and /home/_portzap/ports/.
|
||||
.br
|
||||
This command is delegated to the '_portzap' user.
|
||||
.br
|
||||
.Pp
|
||||
.Nm portzap install
|
||||
.br
|
||||
Install /home/_portzap/ports/ into /usr/ports/.
|
||||
.br
|
||||
This command requires root privileges.
|
||||
.Pp
|
||||
.Nm portzap erase
|
||||
.br
|
||||
Start over: erase /usr/ports/ and /home/_portzap/ports/.
|
||||
.br
|
||||
This command requires root privileges.
|
||||
.br
|
||||
.Pp
|
||||
.Pp
|
||||
.Sh ENVIRONMENT
|
||||
.sp
|
||||
.sp
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
# portzap
|
||||
permit nopass root as _portzap cmd /usr/local/bin/git
|
||||
permit nopass :_portzap as _portzap cmd /usr/local/bin/git
|
||||
permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports
|
||||
permit nopass :_portzap as root cmd /bin/chmod args -R ug=rwX,o= /home/_portzap/ports/.git
|
||||
permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports
|
||||
permit nopass :_portzap as root cmd /bin/chmod args -R u=rwX,g=rX,o= /home/_portzap/ports/.git
|
||||
permit nopass :_portzap as root cmd /usr/sbin/chown args -R _portzap:_portzap /home/_portzap/ports/.git
|
||||
|
|
Loading…
Reference in a new issue