Summary: | net-dns/bind: Feature request: Add a check for sane folder/file permission | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Niklas Johansson <raphexion> |
Component: | Current packages | Assignee: | Mikle Kolyada (RETIRED) <zlogene> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | chutzpah, jstein |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Niklas Johansson
2012-08-07 12:16:16 UTC
I am really bad in bash and ebuild scripts but I tried to do an implementation. It is probably horrible but at least I tried. permission_user_match() { file_id=$(stat --format="%u" $2) user_id=$(id -u $1) if [ "$user_id" != "$file_id" ]; then eerror "$1 has the wrong user permission" fi } permission_group_match() { file_gid=$(stat --format="%g" $2) user_gid=$(id -g $1) if [ "$user_gid" != "$file_gid" ]; then eerror "$1 has the wrong group permission" fi } user_may_write() { access=$(stat --format="%A" $2) if [ "${access:2:1}" != "w" ]; then eerror "$1 may not write to $2" fi } group_may_write() { access=$(stat --format="%A" $2) if [ "${access:5:1}" != "w" ]; then eerror "$1 may not write to $2" fi } checkpermissions() { ebegin "Checking named permissions" permission_group_match named ${CHROOT}/var/bind permission_group_match named ${CHROOT}/etc/bind permission_group_match named ${CHROOT}/var/run/named group_may_write named ${CHROOT}/var/bind group_may_write named ${CHROOT}/etc/bind group_may_write named ${CHROOT}/var/run/named eend 0 return 0 } |