CC-2797: Files in /etc/airtime should not be world readable
-upgrade script
This commit is contained in:
martin
parent
1b165f473c
commit
62aff0014d
|
|
@ -68,7 +68,7 @@ class AirtimeIni
|
||||||
if (!copy(AirtimeInstall::GetAirtimeSrcDir()."/build/airtime.conf", AirtimeIni::CONF_FILE_AIRTIME)){
|
if (!copy(AirtimeInstall::GetAirtimeSrcDir()."/build/airtime.conf", AirtimeIni::CONF_FILE_AIRTIME)){
|
||||||
echo "Could not copy airtime.conf to /etc/airtime/. Exiting.";
|
echo "Could not copy airtime.conf to /etc/airtime/. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (!self::ChangeFileOwnerGroupModToPypo(AirtimeIni::CONF_FILE_AIRTIME, self::CONF_WWW_DATA_GRP)){
|
} else if (!self::ChangeFileOwnerGroupMod(AirtimeIni::CONF_FILE_AIRTIME, self::CONF_WWW_DATA_GRP)){
|
||||||
echo "Could not set ownership of api_client.cfg to 'pypo'. Exiting.";
|
echo "Could not set ownership of api_client.cfg to 'pypo'. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
@ -76,7 +76,7 @@ class AirtimeIni
|
||||||
if (!copy(__DIR__."/../../python_apps/api_clients/api_client.cfg", AirtimeIni::CONF_FILE_API_CLIENT)){
|
if (!copy(__DIR__."/../../python_apps/api_clients/api_client.cfg", AirtimeIni::CONF_FILE_API_CLIENT)){
|
||||||
echo "Could not copy api_client.cfg to /etc/airtime/. Exiting.";
|
echo "Could not copy api_client.cfg to /etc/airtime/. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (!self::ChangeFileOwnerGroupModToPypo(AirtimeIni::CONF_FILE_API_CLIENT, self::CONF_PYPO_GRP)){
|
} else if (!self::ChangeFileOwnerGroupMod(AirtimeIni::CONF_FILE_API_CLIENT, self::CONF_PYPO_GRP)){
|
||||||
echo "Could not set ownership of api_client.cfg to 'pypo'. Exiting.";
|
echo "Could not set ownership of api_client.cfg to 'pypo'. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
@ -84,7 +84,7 @@ class AirtimeIni
|
||||||
if (!copy(__DIR__."/../../python_apps/pypo/pypo.cfg", AirtimeIni::CONF_FILE_PYPO)){
|
if (!copy(__DIR__."/../../python_apps/pypo/pypo.cfg", AirtimeIni::CONF_FILE_PYPO)){
|
||||||
echo "Could not copy pypo.cfg to /etc/airtime/. Exiting.";
|
echo "Could not copy pypo.cfg to /etc/airtime/. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (!self::ChangeFileOwnerGroupModToPypo(AirtimeIni::CONF_FILE_PYPO, self::CONF_PYPO_GRP)){
|
} else if (!self::ChangeFileOwnerGroupMod(AirtimeIni::CONF_FILE_PYPO, self::CONF_PYPO_GRP)){
|
||||||
echo "Could not set ownership of pypo.cfg to 'pypo'. Exiting.";
|
echo "Could not set ownership of pypo.cfg to 'pypo'. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
@ -92,7 +92,7 @@ class AirtimeIni
|
||||||
if (!copy(__DIR__."/../../python_apps/show-recorder/recorder.cfg", AirtimeIni::CONF_FILE_RECORDER)){
|
if (!copy(__DIR__."/../../python_apps/show-recorder/recorder.cfg", AirtimeIni::CONF_FILE_RECORDER)){
|
||||||
echo "Could not copy recorder.cfg to /etc/airtime/. Exiting.";
|
echo "Could not copy recorder.cfg to /etc/airtime/. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (!self::ChangeFileOwnerGroupModToPypo(AirtimeIni::CONF_FILE_RECORDER, self::CONF_PYPO_GRP)){
|
} else if (!self::ChangeFileOwnerGroupMod(AirtimeIni::CONF_FILE_RECORDER, self::CONF_PYPO_GRP)){
|
||||||
echo "Could not set ownership of recorder.cfg to 'pypo'. Exiting.";
|
echo "Could not set ownership of recorder.cfg to 'pypo'. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
@ -100,7 +100,7 @@ class AirtimeIni
|
||||||
if (!copy(__DIR__."/../../python_apps/pypo/liquidsoap_scripts/liquidsoap.cfg", AirtimeIni::CONF_FILE_LIQUIDSOAP)){
|
if (!copy(__DIR__."/../../python_apps/pypo/liquidsoap_scripts/liquidsoap.cfg", AirtimeIni::CONF_FILE_LIQUIDSOAP)){
|
||||||
echo "Could not copy liquidsoap.cfg to /etc/airtime/. Exiting.";
|
echo "Could not copy liquidsoap.cfg to /etc/airtime/. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (!self::ChangeFileOwnerGroupModToPypo(AirtimeIni::CONF_FILE_LIQUIDSOAP, self::CONF_PYPO_GRP)){
|
} else if (!self::ChangeFileOwnerGroupMod(AirtimeIni::CONF_FILE_LIQUIDSOAP, self::CONF_PYPO_GRP)){
|
||||||
echo "Could not set ownership of liquidsoap.cfg to 'pypo'. Exiting.";
|
echo "Could not set ownership of liquidsoap.cfg to 'pypo'. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
@ -108,13 +108,13 @@ class AirtimeIni
|
||||||
if (!copy(__DIR__."/../../python_apps/media-monitor/media-monitor.cfg", AirtimeIni::CONF_FILE_MEDIAMONITOR)){
|
if (!copy(__DIR__."/../../python_apps/media-monitor/media-monitor.cfg", AirtimeIni::CONF_FILE_MEDIAMONITOR)){
|
||||||
echo "Could not copy media-monitor.cfg to /etc/airtime/. Exiting.";
|
echo "Could not copy media-monitor.cfg to /etc/airtime/. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if (!self::ChangeFileOwnerGroupModToPypo(AirtimeIni::CONF_FILE_MEDIAMONITOR, self::CONF_PYPO_GRP)){
|
} else if (!self::ChangeFileOwnerGroupMod(AirtimeIni::CONF_FILE_MEDIAMONITOR, self::CONF_PYPO_GRP)){
|
||||||
echo "Could not set ownership of media-monitor.cfg to 'pypo'. Exiting.";
|
echo "Could not set ownership of media-monitor.cfg to 'pypo'. Exiting.";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static function ChangeFileOwnerGroupModToPypo($filename, $user){
|
public static function ChangeFileOwnerGroupMod($filename, $user){
|
||||||
return (chown($filename, $user) &&
|
return (chown($filename, $user) &&
|
||||||
chgrp($filename, $user) &&
|
chgrp($filename, $user) &&
|
||||||
chmod($filename, 0640));
|
chmod($filename, 0640));
|
||||||
|
|
|
||||||
|
|
@ -332,6 +332,9 @@ class AirtimeIni200{
|
||||||
const CONF_FILE_API_CLIENT = "/etc/airtime/api_client.cfg";
|
const CONF_FILE_API_CLIENT = "/etc/airtime/api_client.cfg";
|
||||||
const CONF_FILE_MONIT = "/etc/monit/conf.d/airtime-monit.cfg";
|
const CONF_FILE_MONIT = "/etc/monit/conf.d/airtime-monit.cfg";
|
||||||
|
|
||||||
|
const CONF_PYPO_GRP = "pypo";
|
||||||
|
const CONF_WWW_DATA_GRP = "www-data";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This function updates an INI style config file.
|
* This function updates an INI style config file.
|
||||||
*
|
*
|
||||||
|
|
@ -430,13 +433,49 @@ class AirtimeIni200{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Re: http://dev.sourcefabric.org/browse/CC-2797
|
||||||
|
* We don't want config files to be world-readable so we
|
||||||
|
* set the strictest permissions possible. */
|
||||||
|
public static function changeConfigFilePermissions(){
|
||||||
|
if (!self::ChangeFileOwnerGroupMod(AirtimeIni200::CONF_FILE_AIRTIME, self::CONF_WWW_DATA_GRP)){
|
||||||
|
echo "Could not set ownership of api_client.cfg to 'pypo'. Exiting.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (!self::ChangeFileOwnerGroupMod(AirtimeIni200::CONF_FILE_API_CLIENT, self::CONF_PYPO_GRP)){
|
||||||
|
echo "Could not set ownership of api_client.cfg to 'pypo'. Exiting.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (!self::ChangeFileOwnerGroupMod(AirtimeIni200::CONF_FILE_PYPO, self::CONF_PYPO_GRP)){
|
||||||
|
echo "Could not set ownership of pypo.cfg to 'pypo'. Exiting.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (!self::ChangeFileOwnerGroupMod(AirtimeIni200::CONF_FILE_RECORDER, self::CONF_PYPO_GRP)){
|
||||||
|
echo "Could not set ownership of recorder.cfg to 'pypo'. Exiting.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (!self::ChangeFileOwnerGroupMod(AirtimeIni200::CONF_FILE_LIQUIDSOAP, self::CONF_PYPO_GRP)){
|
||||||
|
echo "Could not set ownership of liquidsoap.cfg to 'pypo'. Exiting.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
if (!self::ChangeFileOwnerGroupMod(AirtimeIni200::CONF_FILE_MEDIAMONITOR, self::CONF_PYPO_GRP)){
|
||||||
|
echo "Could not set ownership of media-monitor.cfg to 'pypo'. Exiting.";
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function ChangeFileOwnerGroupMod($filename, $user){
|
||||||
|
return (chown($filename, $user) &&
|
||||||
|
chgrp($filename, $user) &&
|
||||||
|
chmod($filename, 0640));
|
||||||
|
}
|
||||||
|
|
||||||
public static function upgradeConfigFiles(){
|
public static function upgradeConfigFiles(){
|
||||||
|
|
||||||
$configFiles = array(AirtimeIni200::CONF_FILE_AIRTIME,
|
$configFiles = array(AirtimeIni200::CONF_FILE_AIRTIME,
|
||||||
AirtimeIni200::CONF_FILE_PYPO,
|
AirtimeIni200::CONF_FILE_PYPO,
|
||||||
AirtimeIni200::CONF_FILE_RECORDER,
|
AirtimeIni200::CONF_FILE_RECORDER,
|
||||||
AirtimeIni200::CONF_FILE_LIQUIDSOAP,
|
AirtimeIni200::CONF_FILE_LIQUIDSOAP,
|
||||||
AirtimeIni200::CONF_FILE_MONIT,
|
AirtimeIni200::CONF_FILE_MEDIAMONITOR,
|
||||||
AirtimeIni200::CONF_FILE_API_CLIENT);
|
AirtimeIni200::CONF_FILE_API_CLIENT);
|
||||||
|
|
||||||
// Backup the config files
|
// Backup the config files
|
||||||
|
|
@ -445,7 +484,8 @@ class AirtimeIni200{
|
||||||
// do not back up monit cfg
|
// do not back up monit cfg
|
||||||
if (file_exists($conf) && $conf != AirtimeIni200::CONF_FILE_MONIT) {
|
if (file_exists($conf) && $conf != AirtimeIni200::CONF_FILE_MONIT) {
|
||||||
echo "Backing up $conf to $conf$suffix.bak".PHP_EOL;
|
echo "Backing up $conf to $conf$suffix.bak".PHP_EOL;
|
||||||
copy($conf, $conf.$suffix.".bak");
|
//copy($conf, $conf.$suffix.".bak");
|
||||||
|
exec("cp -p $conf $conf$suffix.bak"); //use cli version to preserve file attributes
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -508,6 +548,7 @@ ConvertToUtc::convert_cc_show_instances();
|
||||||
|
|
||||||
// merging/updating config files
|
// merging/updating config files
|
||||||
echo "* Updating configFiles\n";
|
echo "* Updating configFiles\n";
|
||||||
|
AirtimeIni200::changeConfigFilePermissions();
|
||||||
AirtimeIni200::upgradeConfigFiles();
|
AirtimeIni200::upgradeConfigFiles();
|
||||||
|
|
||||||
$values = parse_ini_file(AirtimeIni200::CONF_FILE_AIRTIME, true);
|
$values = parse_ini_file(AirtimeIni200::CONF_FILE_AIRTIME, true);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue