diff options
| author | Micah Anderson <micah@riseup.net> | 2006-06-09 17:27:21 +0000 | 
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2006-06-09 17:27:21 +0000 | 
| commit | 489e294c50b6cba7545a110d26edd43e6b6e55ea (patch) | |
| tree | fd541fac1e850d7d64384835caad5b501e34bb64 | |
| parent | 8589faa7f04c8d29298da45ad17ffecacc4498cb (diff) | |
| download | backupninja-489e294c50b6cba7545a110d26edd43e6b6e55ea.tar.gz backupninja-489e294c50b6cba7545a110d26edd43e6b6e55ea.tar.bz2 | |
Added a slightly modified version of the anti-fascist patch (allows for
a configurable admingroup to be set, instead of forcing it to be root),
closes debian bug#370396
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | etc/backupninja.conf.in | 4 | ||||
| -rwxr-xr-x | src/backupninja.in | 44 | 
4 files changed, 43 insertions, 11 deletions
| @@ -15,3 +15,4 @@ cmccallum@thecsl.org  Daniel.Bonniot@inria.fr  Brad Fritz <brad@fritzfam.com> -- trac patch  garcondumonde@riseup.net +Martin Krafft madduck@debian.org -- admingroup patch
\ No newline at end of file @@ -3,6 +3,11 @@ version 0.9.4 -- unreleased  	 . Fixed bug in toint(), and thus isnow(), which caused it  	   to not work when run from cron.  	 . Recursively ignore subdirs in /etc/backup.d (Closes: #361102) +	 . Add admingroup option to configuration to allow a group that can +	   read/write configurations (instead of only allowing root). Checks +	   and complains about group-readable files only when the group differs +	   from the one in the configuration file (default is root as before).  +	   Thanks to Martin Krafft for the patch (Closes: #370396).      handler changes  	Added tar handler  	mysql: diff --git a/etc/backupninja.conf.in b/etc/backupninja.conf.in index 362eb59..10ac2bb 100644 --- a/etc/backupninja.conf.in +++ b/etc/backupninja.conf.in @@ -25,6 +25,10 @@ reportsuccess = yes  # even if there was no error. (default = yes)  reportwarning = yes +# set to the administration group that is allowed to  +# read/write configuration files in /etc/backup.d +admingroup = root +  #######################################################  # for most installations, the defaults below are good #  ####################################################### diff --git a/src/backupninja.in b/src/backupninja.in index 2835a3c..57936da 100755 --- a/src/backupninja.in +++ b/src/backupninja.in @@ -130,17 +130,37 @@ function msg {  #  function check_perms() { -	local file=$1 -	local perms=`ls -ld $file` -	perms=${perms:4:6} -	if [ "$perms" != "------" ]; then -		echo "Configuration files must not be group or world writable/readable! Dying on file $file" -		fatal "Configuration files must not be group or world writable/readable! Dying on file $file" -	fi -	if [ `ls -ld $file | awk '{print $3}'` != "root" ]; then -		echo "Configuration files must be owned by root! Dying on file $file" -		fatal "Configuration files must be owned by root! Dying on file $file" -	fi +   local file=$1 +   local perms +   perms=($(stat -L --printf='%a %g %G %u %U' $file)) +   local gperm=${perms[0]:1:1} +   local wperm=${perms[0]:2:1} +   local gid=${perms[1]} +   local group=${perms[2]} +   local owner=${perms[3]} + +   if [ "$owner" != 0 ]; then +      echo "Configuration files must be owned by root! Dying on file $file" +      fatal "Configuration files must be owned by root! Dying on file $file" +   fi +    +   if [ $wperm -gt 0 ]; then +      echo "Configuration files must not be world writable/readable! Dying on file $file" +      fatal "Configuration files must not be world writable/readable! Dying on file $file" +   fi + +   if [ $gperm -gt 0 ]; then +      case "$admingroup" in +         $gid|$group) :;; + +         *) +           if [ "$gid" != 0 ]; then +              echo "Configuration files must writable/readable by group ${perms[2]}! Dying on file $file" +              fatal "Configuration files must writable/readable by group ${perms[2]}! Dying on file $file" +           fi +         ;; +         esac +   fi  }  # simple lowercase function @@ -423,6 +443,7 @@ getconf PGSQLDUMP /usr/bin/pg_dump  getconf PGSQLDUMPALL /usr/bin/pg_dumpall  getconf GZIP /bin/gzip  getconf RSYNC /usr/bin/rsync +getconf admingroup root  # initialize vservers support  # (get config variables and check real vservers availability) @@ -461,6 +482,7 @@ fi  for file in $files; do  	[ -f "$file" ] || continue +        check_perms ${file%/*} # check containing dir  	check_perms $file  	suffix="${file##*.}"  	base=`basename $file` | 
