From 4d81f70d3741455e5ecf591f2aca1082c28a6eea Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 20 Jan 2006 19:51:22 +0000 Subject: [PATCH] Change security to allow normal user to compile git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3331 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/install.sh | 14 +++-- Shorewall/releasenotes.txt | 2 + Shorewall/shorewall.spec | 110 +++++++++++++++++++------------------ 3 files changed, 67 insertions(+), 59 deletions(-) diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 9a1b40ee8..ebe49c017 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -249,6 +249,10 @@ echo "Shorewall script installed in ${PREFIX}${DEST}/$INIT" mkdir -p ${PREFIX}/etc/shorewall mkdir -p ${PREFIX}/usr/share/shorewall mkdir -p ${PREFIX}/var/lib/shorewall + +chmod 755 ${PREFIX}/etc/shorewall +chmod 755 ${PREFIX}/usr/share/shorewall + # # Install the config file # @@ -549,7 +553,7 @@ fi # # Install the Standard Actions file # -install_file actions.std ${PREFIX}/usr/share/shorewall/actions.std 0600 +install_file actions.std ${PREFIX}/usr/share/shorewall/actions.std 0644 echo echo "Standard actions file installed as ${PREFIX}/etc/shorewall/actions.std" @@ -557,7 +561,7 @@ echo "Standard actions file installed as ${PREFIX}/etc/shorewall/actions.std" # Install the Actions file # if [ ! -f ${PREFIX}/etc/shorewall/actions ]; then - run_install $OWNERSHIP -m 0600 actions ${PREFIX}/etc/shorewall/actions + run_install $OWNERSHIP -m 0644 actions ${PREFIX}/etc/shorewall/actions echo echo "Actions file installed as ${PREFIX}/etc/shorewall/actions" fi @@ -573,7 +577,7 @@ echo "Makefile installed as ${PREFIX}/etc/shorewall/Makefile" # Install the Action files # for f in action.* ; do - install_file $f ${PREFIX}/usr/share/shorewall/$f 0600 + install_file $f ${PREFIX}/usr/share/shorewall/$f 0644 echo echo "Action ${f#*.} file installed as ${PREFIX}/usr/share/shorewall/$f" done @@ -584,7 +588,7 @@ echo "Limit action extension script installed as ${PREFIX}/usr/share/shorewall/L # Install the Macro files # for f in macro.* ; do - install_file $f ${PREFIX}/usr/share/shorewall/$f 0600 + install_file $f ${PREFIX}/usr/share/shorewall/$f 0644 echo echo "Macro ${f#*.} file installed as ${PREFIX}/usr/share/shorewall/$f" done @@ -592,7 +596,7 @@ done # Install the program skeleton files # for f in prog.* ; do - install_file $f ${PREFIX}/usr/share/shorewall/$f 0600 + install_file $f ${PREFIX}/usr/share/shorewall/$f 0644 echo echo "Program skeleton file ${f#*.} installed as ${PREFIX}/usr/share/shorewall/$f" done diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index a004931de..a7faab778 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -40,6 +40,8 @@ New Features in 3.1.3 Shorewall installed, you will need to generate the program with the "-e" option. + In 3.1.4, I hope to have support for other distributions included. + Migration Considerations: None. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 876125e73..5880b9b87 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -67,7 +67,7 @@ fi %attr(0700,root,root) %dir /etc/shorewall %attr(0700,root,root) %dir /usr/share/shorewall %attr(0700,root,root) %dir /var/lib/shorewall -%attr(0600,root,root) %config(noreplace) /etc/shorewall/shorewall.conf +%attr(0644,root,root) %config(noreplace) /etc/shorewall/shorewall.conf %attr(0600,root,root) %config(noreplace) /etc/shorewall/zones %attr(0600,root,root) %config(noreplace) /etc/shorewall/policy %attr(0600,root,root) %config(noreplace) /etc/shorewall/interfaces @@ -101,67 +101,69 @@ fi %attr(0600,root,root) %config(noreplace) /etc/shorewall/tcdevices %attr(0600,root,root) %config(noreplace) /etc/shorewall/Makefile -%attr(0544,root,root) /sbin/shorewall +%attr(0555,root,root) /sbin/shorewall -%attr(0600,root,root) /usr/share/shorewall/version -%attr(0600,root,root) /usr/share/shorewall/actions.std -%attr(0600,root,root) /usr/share/shorewall/action.Drop -%attr(0600,root,root) /usr/share/shorewall/action.Limit -%attr(0600,root,root) /usr/share/shorewall/action.Reject -%attr(0600,root,root) /usr/share/shorewall/action.template +%attr(0644,root,root) /usr/share/shorewall/version +%attr(0644,root,root) /usr/share/shorewall/actions.std +%attr(0644,root,root) /usr/share/shorewall/action.Drop +%attr(0644,root,root) /usr/share/shorewall/action.Limit +%attr(0644,root,root) /usr/share/shorewall/action.Reject +%attr(0644,root,root) /usr/share/shorewall/action.template %attr(0444,root,root) /usr/share/shorewall/functions %attr(0544,root,root) /usr/share/shorewall/firewall %attr(0544,root,root) /usr/share/shorewall/help -%attr(0600,root,root) /usr/share/shorewall/Limit -%attr(0600,root,root) /usr/share/shorewall/macro.AllowICMPs -%attr(0600,root,root) /usr/share/shorewall/macro.Amanda -%attr(0600,root,root) /usr/share/shorewall/macro.Auth -%attr(0600,root,root) /usr/share/shorewall/macro.BitTorrent -%attr(0600,root,root) /usr/share/shorewall/macro.CVS -%attr(0600,root,root) /usr/share/shorewall/macro.Distcc -%attr(0600,root,root) /usr/share/shorewall/macro.DNS -%attr(0600,root,root) /usr/share/shorewall/macro.DropDNSrep -%attr(0600,root,root) /usr/share/shorewall/macro.DropUPnP -%attr(0600,root,root) /usr/share/shorewall/macro.Edonkey -%attr(0600,root,root) /usr/share/shorewall/macro.FTP -%attr(0600,root,root) /usr/share/shorewall/macro.Gnutella -%attr(0600,root,root) /usr/share/shorewall/macro.ICQ -%attr(0600,root,root) /usr/share/shorewall/macro.IMAP -%attr(0600,root,root) /usr/share/shorewall/macro.LDAP -%attr(0600,root,root) /usr/share/shorewall/macro.MySQL -%attr(0600,root,root) /usr/share/shorewall/macro.NNTP -%attr(0600,root,root) /usr/share/shorewall/macro.NTP -%attr(0600,root,root) /usr/share/shorewall/macro.NTPbrd -%attr(0600,root,root) /usr/share/shorewall/macro.PCA -%attr(0600,root,root) /usr/share/shorewall/macro.Ping -%attr(0600,root,root) /usr/share/shorewall/macro.POP3 -%attr(0600,root,root) /usr/share/shorewall/macro.PostgreSQL -%attr(0600,root,root) /usr/share/shorewall/macro.Rdate -%attr(0600,root,root) /usr/share/shorewall/macro.Rsync -%attr(0600,root,root) /usr/share/shorewall/macro.SMB -%attr(0600,root,root) /usr/share/shorewall/macro.SMBswat -%attr(0600,root,root) /usr/share/shorewall/macro.SMTP -%attr(0600,root,root) /usr/share/shorewall/macro.SNMP -%attr(0600,root,root) /usr/share/shorewall/macro.SPAMD -%attr(0600,root,root) /usr/share/shorewall/macro.SSH -%attr(0600,root,root) /usr/share/shorewall/macro.Submission -%attr(0600,root,root) /usr/share/shorewall/macro.SVN -%attr(0600,root,root) /usr/share/shorewall/macro.Syslog -%attr(0600,root,root) /usr/share/shorewall/macro.Telnet -%attr(0600,root,root) /usr/share/shorewall/macro.template -%attr(0600,root,root) /usr/share/shorewall/macro.Trcrt -%attr(0600,root,root) /usr/share/shorewall/macro.VNC -%attr(0600,root,root) /usr/share/shorewall/macro.VNCL -%attr(0600,root,root) /usr/share/shorewall/macro.Web -%attr(0600,root,root) /usr/share/shorewall/macro.Webmin -%attr(0600,root,root) /usr/share/shorewall/prog.footer -%attr(0600,root,root) /usr/share/shorewall/prog.header -%attr(0600,root,root) /usr/share/shorewall/rfc1918 -%attr(0600,root,root) /usr/share/shorewall/configpath +%attr(0644,root,root) /usr/share/shorewall/Limit +%attr(0644,root,root) /usr/share/shorewall/macro.AllowICMPs +%attr(0644,root,root) /usr/share/shorewall/macro.Amanda +%attr(0644,root,root) /usr/share/shorewall/macro.Auth +%attr(0644,root,root) /usr/share/shorewall/macro.BitTorrent +%attr(0644,root,root) /usr/share/shorewall/macro.CVS +%attr(0644,root,root) /usr/share/shorewall/macro.Distcc +%attr(0644,root,root) /usr/share/shorewall/macro.DNS +%attr(0644,root,root) /usr/share/shorewall/macro.DropDNSrep +%attr(0644,root,root) /usr/share/shorewall/macro.DropUPnP +%attr(0644,root,root) /usr/share/shorewall/macro.Edonkey +%attr(0644,root,root) /usr/share/shorewall/macro.FTP +%attr(0644,root,root) /usr/share/shorewall/macro.Gnutella +%attr(0644,root,root) /usr/share/shorewall/macro.ICQ +%attr(0644,root,root) /usr/share/shorewall/macro.IMAP +%attr(0644,root,root) /usr/share/shorewall/macro.LDAP +%attr(0644,root,root) /usr/share/shorewall/macro.MySQL +%attr(0644,root,root) /usr/share/shorewall/macro.NNTP +%attr(0644,root,root) /usr/share/shorewall/macro.NTP +%attr(0644,root,root) /usr/share/shorewall/macro.NTPbrd +%attr(0644,root,root) /usr/share/shorewall/macro.PCA +%attr(0644,root,root) /usr/share/shorewall/macro.Ping +%attr(0644,root,root) /usr/share/shorewall/macro.POP3 +%attr(0644,root,root) /usr/share/shorewall/macro.PostgreSQL +%attr(0644,root,root) /usr/share/shorewall/macro.Rdate +%attr(0644,root,root) /usr/share/shorewall/macro.Rsync +%attr(0644,root,root) /usr/share/shorewall/macro.SMB +%attr(0644,root,root) /usr/share/shorewall/macro.SMBswat +%attr(0644,root,root) /usr/share/shorewall/macro.SMTP +%attr(0644,root,root) /usr/share/shorewall/macro.SNMP +%attr(0644,root,root) /usr/share/shorewall/macro.SPAMD +%attr(0644,root,root) /usr/share/shorewall/macro.SSH +%attr(0644,root,root) /usr/share/shorewall/macro.Submission +%attr(0644,root,root) /usr/share/shorewall/macro.SVN +%attr(0644,root,root) /usr/share/shorewall/macro.Syslog +%attr(0644,root,root) /usr/share/shorewall/macro.Telnet +%attr(0644,root,root) /usr/share/shorewall/macro.template +%attr(0644,root,root) /usr/share/shorewall/macro.Trcrt +%attr(0644,root,root) /usr/share/shorewall/macro.VNC +%attr(0644,root,root) /usr/share/shorewall/macro.VNCL +%attr(0644,root,root) /usr/share/shorewall/macro.Web +%attr(0644,root,root) /usr/share/shorewall/macro.Webmin +%attr(0644,root,root) /usr/share/shorewall/prog.footer +%attr(0644,root,root) /usr/share/shorewall/prog.header +%attr(0644,root,root) /usr/share/shorewall/rfc1918 +%attr(0644,root,root) /usr/share/shorewall/configpath %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples %changelog +* Fri Tue 20 2006 Tom Eastep tom@shorewall.net +- Change security so that ordinary users can compile * Sun Tue 17 2006 Tom Eastep tom@shorewall.net - Added program skeleton Files * Sun Jan 15 2006 Tom Eastep tom@shorewall.net