coolaj86/walnut.js
1
1
Fork 1
Code Issues Pull Requests Releases Activity

avoided setting setuid/setgid bits on files

Browse Source
This commit is contained in:
tigerbot 2017-06-15 12:25:02 -06:00
parent dc226f8531
commit 63d19dad6a
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
install.sh
View File

@ -274,5 +274,14 @@ $sudo_cmd chown -R www-data:www-data /opt/walnut || true
$sudo_cmd chown -R _www:_www /opt/walnut || true $sudo_cmd chown -R _www:_www /opt/walnut || true
$sudo_cmd chown -R www-data:www-data /srv/walnut || true $sudo_cmd chown -R www-data:www-data /srv/walnut || true
$sudo_cmd chown -R _www:_www /srv/walnut || true $sudo_cmd chown -R _www:_www /srv/walnut || true
$sudo_cmd chmod -R ug+rwXs /srv/walnut $sudo_cmd chmod -R ug+rwX /srv/walnut
$sudo_cmd chmod -R ug+rwXs /opt/walnut $sudo_cmd chmod -R ug+rwX /opt/walnut
# +s sets the setuid/setgid bit, which when set on directories makes it so anything
# created inside the directory maintains the same user/group (depending on the bits
# set). Any directory created within a directory with those bits set will also have
# those bits set. When setuid or setgid bits are set on a file however it means that
# if the file is executed it will run with the permissions of the user/group no matter
# who actually runs it (see the ping executable for example).
# I'm not sure that all systems actually support the use of these bits.
find /srv/walnut -type d -exec $sudo_cmd chmod ug+s {} \; || true
find /opt/walnut -type d -exec $sudo_cmd chmod ug+s {} \; || true