From cf5cdb8f4f08a84bf5d68f23ca970eb130d91411 Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Tue, 10 Oct 2023 13:04:45 -0500 Subject: [PATCH] Hardening permissions and adding existential check for aether user --- Makefile | 12 ++++++------ installscript | 8 +++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index 566655f..84b3360 100644 --- a/Makefile +++ b/Makefile @@ -7,16 +7,16 @@ compile: install: compile mkdir -p ${pkgdir}/usr/local/sbin mkdir -p ${pkgdir}/usr/local/etc - install -m 0750 -o aether aether.bash ${pkgdir}/usr/local/sbin - install -m 0750 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin - install -m 0750 -o root -g root remote-backup ${pkgdir}/usr/local/sbin - install -m 0750 -o aether -d ${pkgdir}/usr/local/etc/Aether - install -m 0750 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries + install -m 0700 -o aether aether.bash ${pkgdir}/usr/local/sbin + install -m 0700 -o root -g root aether-gen.bash ${pkgdir}/usr/local/sbin + install -m 0700 -o root -g root remote-backup ${pkgdir}/usr/local/sbin + install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether + install -m 0700 -o aether -d ${pkgdir}/usr/local/etc/Aether/backup-entries mkdir -p ${pkgdir}/usr/lib/systemd/system for i in *.service *.timer; do install -m 0640 -o root -g root "$$i" ${pkgdir}/usr/lib/systemd/system; done checkperm: - for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0750 "$$i"; done + for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chmod 0700 "$$i"; done for i in ${pkgdir}/usr/local/sbin/aether.bash ${pkgdir}/usr/local/sbin/aether-gen.bash ${pkgdir}/usr/local/sbin/remote-backup ${pkgdir}/usr/local/etc/Aether; do chown root: "$$i"; done chown aether: ${pkgdir}/usr/local/sbin/aether.bash for i in *.service *.timer; do chown root: ${pkgdir}/usr/lib/systemd/system; chmod 0640 ${pkgdir}/usr/lib/systemd/system; done diff --git a/installscript b/installscript index b6b8311..cfe877f 100644 --- a/installscript +++ b/installscript @@ -1,7 +1,9 @@ pre_install() { - groupadd aether &>/dev/null - useradd -g aether -d /srv/aether -s /bin/false aether &> /dev/null - chown -R aether:aether /srv/aether &> /dev/null + if ! id aether &>/dev/null; then + groupadd aether &>/dev/null + useradd -g aether -d /srv/aether -s /bin/false aether &> /dev/null + chown -R aether:aether /srv/aether &> /dev/null + fi } pre_remove() {