aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2006-06-09 17:27:21 +0000
committerMicah Anderson <micah@riseup.net>2006-06-09 17:27:21 +0000
commit489e294c50b6cba7545a110d26edd43e6b6e55ea (patch)
treefd541fac1e850d7d64384835caad5b501e34bb64 /src
parent8589faa7f04c8d29298da45ad17ffecacc4498cb (diff)
downloadbackupninja-489e294c50b6cba7545a110d26edd43e6b6e55ea.tar.gz
backupninja-489e294c50b6cba7545a110d26edd43e6b6e55ea.tar.bz2
Added a slightly modified version of the anti-fascist patch (allows for
a configurable admingroup to be set, instead of forcing it to be root), closes debian bug#370396
Diffstat (limited to 'src')
-rwxr-xr-xsrc/backupninja.in44
1 files changed, 33 insertions, 11 deletions
diff --git a/src/backupninja.in b/src/backupninja.in
index 2835a3c..57936da 100755
--- a/src/backupninja.in
+++ b/src/backupninja.in
@@ -130,17 +130,37 @@ function msg {
#
function check_perms() {
- local file=$1
- local perms=`ls -ld $file`
- perms=${perms:4:6}
- if [ "$perms" != "------" ]; then
- echo "Configuration files must not be group or world writable/readable! Dying on file $file"
- fatal "Configuration files must not be group or world writable/readable! Dying on file $file"
- fi
- if [ `ls -ld $file | awk '{print $3}'` != "root" ]; then
- echo "Configuration files must be owned by root! Dying on file $file"
- fatal "Configuration files must be owned by root! Dying on file $file"
- fi
+ local file=$1
+ local perms
+ perms=($(stat -L --printf='%a %g %G %u %U' $file))
+ local gperm=${perms[0]:1:1}
+ local wperm=${perms[0]:2:1}
+ local gid=${perms[1]}
+ local group=${perms[2]}
+ local owner=${perms[3]}
+
+ if [ "$owner" != 0 ]; then
+ echo "Configuration files must be owned by root! Dying on file $file"
+ fatal "Configuration files must be owned by root! Dying on file $file"
+ fi
+
+ if [ $wperm -gt 0 ]; then
+ echo "Configuration files must not be world writable/readable! Dying on file $file"
+ fatal "Configuration files must not be world writable/readable! Dying on file $file"
+ fi
+
+ if [ $gperm -gt 0 ]; then
+ case "$admingroup" in
+ $gid|$group) :;;
+
+ *)
+ if [ "$gid" != 0 ]; then
+ echo "Configuration files must writable/readable by group ${perms[2]}! Dying on file $file"
+ fatal "Configuration files must writable/readable by group ${perms[2]}! Dying on file $file"
+ fi
+ ;;
+ esac
+ fi
}
# simple lowercase function
@@ -423,6 +443,7 @@ getconf PGSQLDUMP /usr/bin/pg_dump
getconf PGSQLDUMPALL /usr/bin/pg_dumpall
getconf GZIP /bin/gzip
getconf RSYNC /usr/bin/rsync
+getconf admingroup root
# initialize vservers support
# (get config variables and check real vservers availability)
@@ -461,6 +482,7 @@ fi
for file in $files; do
[ -f "$file" ] || continue
+ check_perms ${file%/*} # check containing dir
check_perms $file
suffix="${file##*.}"
base=`basename $file`