Correct permission problems

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4120 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-03-31 02:46:27 +02:00 · 2006-06-16 20:45:12 +00:00 · 2006-06-16 20:45:12 +00:00 · 50810309e9
commit 50810309e9
parent 2b11c85e85
3 changed files with 60 additions and 57 deletions
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@ -256,12 +256,12 @@ chmod 755 ${PREFIX}/usr/share/shorewall/configfiles
 #
 # Install the config file
 #
-run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf
+run_install $OWNERSHIP -m 0644 shorewall.conf ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf

 qt mywhich perl && perl -p -w -i -e 's|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;' /usr/share/shorewall/configfiles/shorewall.conf

 if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
-   run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf
+   run_install $OWNERSHIP -m 0644 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf
   echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf"
 fi

@ -272,7 +272,7 @@ fi
 #
 # Install the zones file
 #
-run_install $OWNERSHIP -m 0744 zones ${PREFIX}/usr/share/shorewall/configfiles/zones
+run_install $OWNERSHIP -m 0644 zones ${PREFIX}/usr/share/shorewall/configfiles/zones

 if [ ! -f ${PREFIX}/etc/shorewall/zones ]; then
    run_install $OWNERSHIP -m 0744 zones ${PREFIX}/etc/shorewall/zones
@ -333,7 +333,7 @@ fi
 #
 # Install the hosts file
 #
-run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/usr/share/shorewall/configfiles/hosts
+run_install $OWNERSHIP -m 0644 hosts ${PREFIX}/usr/share/shorewall/configfiles/hosts

 if [ ! -f ${PREFIX}/etc/shorewall/hosts ]; then
    run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/etc/shorewall/hosts
@ -342,7 +342,7 @@ fi
 #
 # Install the rules file
 #
-run_install $OWNERSHIP -m 0600 rules ${PREFIX}/usr/share/shorewall/configfiles/rules
+run_install $OWNERSHIP -m 0644 rules ${PREFIX}/usr/share/shorewall/configfiles/rules

 if [ ! -f ${PREFIX}/etc/shorewall/rules ]; then
    run_install $OWNERSHIP -m 0600 rules ${PREFIX}/etc/shorewall/rules
@ -351,7 +351,7 @@ fi
 #
 # Install the NAT file
 #
-run_install $OWNERSHIP -m 0600 nat ${PREFIX}/usr/share/shorewall/configfiles/nat
+run_install $OWNERSHIP -m 0644 nat ${PREFIX}/usr/share/shorewall/configfiles/nat

 if [ ! -f ${PREFIX}/etc/shorewall/nat ]; then
    run_install $OWNERSHIP -m 0600 nat ${PREFIX}/etc/shorewall/nat
@ -360,7 +360,7 @@ fi
 #
 # Install the NETMAP file
 #
-run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/usr/share/shorewall/configfiles/netmap
+run_install $OWNERSHIP -m 0644 netmap ${PREFIX}/usr/share/shorewall/configfiles/netmap

 if [ ! -f ${PREFIX}/etc/shorewall/netmap ]; then
    run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/etc/shorewall/netmap
@ -369,7 +369,7 @@ fi
 #
 # Install the Parameters file
 #
-run_install $OWNERSHIP -m 0600 params ${PREFIX}/usr/share/shorewall/configfiles/params
+run_install $OWNERSHIP -m 0644 params ${PREFIX}/usr/share/shorewall/configfiles/params

 if [ ! -f ${PREFIX}/etc/shorewall/params ]; then
    run_install $OWNERSHIP -m 0600 params ${PREFIX}/etc/shorewall/params
@ -378,7 +378,7 @@ fi
 #
 # Install the proxy ARP file
 #
-run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/usr/share/shorewall/configfiles/proxyarp
+run_install $OWNERSHIP -m 0644 proxyarp ${PREFIX}/usr/share/shorewall/configfiles/proxyarp

 if [ ! -f ${PREFIX}/etc/shorewall/proxyarp ]; then
    run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/etc/shorewall/proxyarp
@ -387,7 +387,7 @@ fi
 #
 # Install the Stopped Routing file
 #
-run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/usr/share/shorewall/configfiles/routestopped
+run_install $OWNERSHIP -m 0644 routestopped ${PREFIX}/usr/share/shorewall/configfiles/routestopped

 if [ ! -f ${PREFIX}/etc/shorewall/routestopped ]; then
    run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped
@ -396,7 +396,7 @@ fi
 #
 # Install the Mac List file
 #
-run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/usr/share/shorewall/configfiles/maclist
+run_install $OWNERSHIP -m 0644 maclist ${PREFIX}/usr/share/shorewall/configfiles/maclist

 if [ ! -f ${PREFIX}/etc/shorewall/maclist ]; then
    run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/etc/shorewall/maclist
@ -405,7 +405,7 @@ fi
 #
 # Install the Masq file
 #
-run_install $OWNERSHIP -m 0600 masq ${PREFIX}/usr/share/shorewall/configfiles/masq
+run_install $OWNERSHIP -m 0644 masq ${PREFIX}/usr/share/shorewall/configfiles/masq

 if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then
    run_install $OWNERSHIP -m 0600 masq ${PREFIX}/etc/shorewall/masq
@ -427,7 +427,7 @@ fi
 #
 # Install the TC Rules file
 #
-run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/usr/share/shorewall/configfiles/tcrules
+run_install $OWNERSHIP -m 0644 tcrules ${PREFIX}/usr/share/shorewall/configfiles/tcrules

 if [ ! -f ${PREFIX}/etc/shorewall/tcrules ]; then
    run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/etc/shorewall/tcrules
@ -437,7 +437,7 @@ fi
 #
 # Install the TOS file
 #
-run_install $OWNERSHIP -m 0600 tos ${PREFIX}/usr/share/shorewall/configfiles/tos
+run_install $OWNERSHIP -m 0644 tos ${PREFIX}/usr/share/shorewall/configfiles/tos

 if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then
    run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos
@ -446,7 +446,7 @@ fi
 #
 # Install the Tunnels file
 #
-run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/usr/share/shorewall/configfiles/tunnels
+run_install $OWNERSHIP -m 0644 tunnels ${PREFIX}/usr/share/shorewall/configfiles/tunnels

 if [ ! -f ${PREFIX}/etc/shorewall/tunnels ]; then
    run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/etc/shorewall/tunnels
@ -455,7 +455,7 @@ fi
 #
 # Install the blacklist file
 #
-run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/usr/share/shorewall/configfiles/blacklist
+run_install $OWNERSHIP -m 0644 blacklist ${PREFIX}/usr/share/shorewall/configfiles/blacklist

 if [ ! -f ${PREFIX}/etc/shorewall/blacklist ]; then
    run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/etc/shorewall/blacklist
@ -474,7 +474,7 @@ delete_file ${PREFIX}/usr/share/shorewall/tcstart
 #
 # Install the Providers file
 #
-run_install $OWNERSHIP -m 0600 providers ${PREFIX}/usr/share/shorewall/configfiles/providers
+run_install $OWNERSHIP -m 0644 providers ${PREFIX}/usr/share/shorewall/configfiles/providers

 if [ ! -f ${PREFIX}/etc/shorewall/providers ]; then
    run_install $OWNERSHIP -m 0600 providers ${PREFIX}/etc/shorewall/providers
@ -484,7 +484,7 @@ fi
 #
 # Install the Route Rules file
 #
-run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/usr/share/shorewall/configfiles/route_rules
+run_install $OWNERSHIP -m 0644 route_rules ${PREFIX}/usr/share/shorewall/configfiles/route_rules

 if [ ! -f ${PREFIX}/etc/shorewall/route_rules ]; then
    run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/etc/shorewall/route_rules
@ -494,7 +494,7 @@ fi
 #
 # Install the tcclasses file
 #
-run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/usr/share/shorewall/configfiles/tcclasses
+run_install $OWNERSHIP -m 0644 tcclasses ${PREFIX}/usr/share/shorewall/configfiles/tcclasses

 if [ ! -f ${PREFIX}/etc/shorewall/tcclasses ]; then
    run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/etc/shorewall/tcclasses
@ -504,7 +504,7 @@ fi
 #
 # Install the tcdevices file
 #
-run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/usr/share/shorewall/configfiles/tcdevices
+run_install $OWNERSHIP -m 0644 tcdevices ${PREFIX}/usr/share/shorewall/configfiles/tcdevices

 if [ ! -f ${PREFIX}/etc/shorewall/tcdevices ]; then
    run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/etc/shorewall/tcdevices
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -36,6 +36,9 @@ Problems Corrected in 3.2.0 RC 4
 1)  When install.sh was used to install/update Shorewall, the
    /usr/share/shorewall/Limit file had incorrect permissions.

+2)  Many permission problems in /usr/share/shorewall/configfiles/ have
+    been corrected.
+
 Other changes in 3.2.0 RC 4

 1)  The progress messages produced by Shorewall Lite now correctly
@ -45,22 +48,22 @@ Other changes in 3.2.0 RC 4
    on the firewall system(s).

 2)  A "reload" command has been added. This command allows a non-root
-    user with ssh access to a (usually) remote system to compile a firewall
+    user with ssh access to a remote system to compile a firewall
    script on the local system and to install that script on the remote
    system.

    Syntax is:

-	   shorewall reload [ [ <directory> ] <system> ]
+	   shorewall reload [ <directory> ] <system>

    If <directory> is omitted, the current working directory is
-    assumed. If <system> is omitted, the local system is assumed.
+    assumed.

    The command is equivalent to:

    /sbin/shorewall compile -e . firewall &&\
    scp firewall root@<system>:/var/lib/shorewall-lite/ &&\
-    ssh root@<system> '/sbin/shorewall-lite restart'
+    ssh root@<system> '/sbin/shorewall-lite restart' # Note 1

    In other words, the configuration in the specified (or defaulted)
    directory is compiled to a file called firewall in that
@ -68,7 +71,7 @@ Other changes in 3.2.0 RC 4
    (usually remote) <system> using scp. If the copy succeeds,
    Shorewall Lite on <system> is restarted via ssh.

-    Note: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved
+    Note 1: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved
    from /usr/share/shorewall/ to /var/lib/shorewall/ in order to
    appease the LHS police.

--- a/Shorewall/shorewall.spec
+++ b/Shorewall/shorewall.spec
@ -172,38 +172,38 @@ fi
 %attr(0644,root,root) /usr/share/shorewall/xmodules

 %attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf
-%attr(0600,root,root) /usr/share/shorewall/configfiles/zones
-%attr(0600,root,root) /usr/share/shorewall/configfiles/policy
-%attr(0600,root,root) /usr/share/shorewall/configfiles/interfaces
-%attr(0600,root,root) /usr/share/shorewall/configfiles/ipsec
-%attr(0600,root,root) /usr/share/shorewall/configfiles/rules
-%attr(0600,root,root) /usr/share/shorewall/configfiles/nat
-%attr(0600,root,root) /usr/share/shorewall/configfiles/netmap
-%attr(0600,root,root) /usr/share/shorewall/configfiles/params
-%attr(0600,root,root) /usr/share/shorewall/configfiles/proxyarp
-%attr(0600,root,root) /usr/share/shorewall/configfiles/routestopped
-%attr(0600,root,root) /usr/share/shorewall/configfiles/maclist
-%attr(0600,root,root) /usr/share/shorewall/configfiles/masq
-%attr(0600,root,root) /usr/share/shorewall/configfiles/tcrules
-%attr(0600,root,root) /usr/share/shorewall/configfiles/tos
-%attr(0600,root,root) /usr/share/shorewall/configfiles/tunnels
-%attr(0600,root,root) /usr/share/shorewall/configfiles/hosts
-%attr(0600,root,root) /usr/share/shorewall/configfiles/blacklist
-%attr(0600,root,root) /usr/share/shorewall/configfiles/init
-%attr(0600,root,root) /usr/share/shorewall/configfiles/initdone
-%attr(0600,root,root) /usr/share/shorewall/configfiles/start
-%attr(0600,root,root) /usr/share/shorewall/configfiles/stop
-%attr(0600,root,root) /usr/share/shorewall/configfiles/stopped
-%attr(0600,root,root) /usr/share/shorewall/configfiles/ecn
-%attr(0600,root,root) /usr/share/shorewall/configfiles/accounting
-%attr(0600,root,root) /usr/share/shorewall/configfiles/actions
-%attr(0600,root,root) /usr/share/shorewall/configfiles/continue
-%attr(0600,root,root) /usr/share/shorewall/configfiles/started
-%attr(0600,root,root) /usr/share/shorewall/configfiles/providers
-%attr(0600,root,root) /usr/share/shorewall/configfiles/route_rules
-%attr(0600,root,root) /usr/share/shorewall/configfiles/tcclasses
-%attr(0600,root,root) /usr/share/shorewall/configfiles/tcdevices
-%attr(0600,root,root) /usr/share/shorewall/configfiles/Makefile
+%attr(0644,root,root) /usr/share/shorewall/configfiles/zones
+%attr(0644,root,root) /usr/share/shorewall/configfiles/policy
+%attr(0644,root,root) /usr/share/shorewall/configfiles/interfaces
+%attr(0644,root,root) /usr/share/shorewall/configfiles/ipsec
+%attr(0644,root,root) /usr/share/shorewall/configfiles/rules
+%attr(0644,root,root) /usr/share/shorewall/configfiles/nat
+%attr(0644,root,root) /usr/share/shorewall/configfiles/netmap
+%attr(0644,root,root) /usr/share/shorewall/configfiles/params
+%attr(0644,root,root) /usr/share/shorewall/configfiles/proxyarp
+%attr(0644,root,root) /usr/share/shorewall/configfiles/routestopped
+%attr(0644,root,root) /usr/share/shorewall/configfiles/maclist
+%attr(0644,root,root) /usr/share/shorewall/configfiles/masq
+%attr(0644,root,root) /usr/share/shorewall/configfiles/tcrules
+%attr(0644,root,root) /usr/share/shorewall/configfiles/tos
+%attr(0644,root,root) /usr/share/shorewall/configfiles/tunnels
+%attr(0644,root,root) /usr/share/shorewall/configfiles/hosts
+%attr(0644,root,root) /usr/share/shorewall/configfiles/blacklist
+%attr(0644,root,root) /usr/share/shorewall/configfiles/init
+%attr(0644,root,root) /usr/share/shorewall/configfiles/initdone
+%attr(0644,root,root) /usr/share/shorewall/configfiles/start
+%attr(0644,root,root) /usr/share/shorewall/configfiles/stop
+%attr(0644,root,root) /usr/share/shorewall/configfiles/stopped
+%attr(0644,root,root) /usr/share/shorewall/configfiles/ecn
+%attr(0644,root,root) /usr/share/shorewall/configfiles/accounting
+%attr(0644,root,root) /usr/share/shorewall/configfiles/actions
+%attr(0644,root,root) /usr/share/shorewall/configfiles/continue
+%attr(0644,root,root) /usr/share/shorewall/configfiles/started
+%attr(0644,root,root) /usr/share/shorewall/configfiles/providers
+%attr(0644,root,root) /usr/share/shorewall/configfiles/route_rules
+%attr(0644,root,root) /usr/share/shorewall/configfiles/tcclasses
+%attr(0644,root,root) /usr/share/shorewall/configfiles/tcdevices
+%attr(0644,root,root) /usr/share/shorewall/configfiles/Makefile

 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples