diff --git a/Shorewall/install.sh b/Shorewall/install.sh index 5aea514f7..4bc5e609a 100755 --- a/Shorewall/install.sh +++ b/Shorewall/install.sh @@ -256,12 +256,12 @@ chmod 755 ${PREFIX}/usr/share/shorewall/configfiles # # Install the config file # -run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf +run_install $OWNERSHIP -m 0644 shorewall.conf ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf qt mywhich perl && perl -p -w -i -e 's|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;' /usr/share/shorewall/configfiles/shorewall.conf if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then - run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf + run_install $OWNERSHIP -m 0644 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf" fi @@ -272,7 +272,7 @@ fi # # Install the zones file # -run_install $OWNERSHIP -m 0744 zones ${PREFIX}/usr/share/shorewall/configfiles/zones +run_install $OWNERSHIP -m 0644 zones ${PREFIX}/usr/share/shorewall/configfiles/zones if [ ! -f ${PREFIX}/etc/shorewall/zones ]; then run_install $OWNERSHIP -m 0744 zones ${PREFIX}/etc/shorewall/zones @@ -333,7 +333,7 @@ fi # # Install the hosts file # -run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/usr/share/shorewall/configfiles/hosts +run_install $OWNERSHIP -m 0644 hosts ${PREFIX}/usr/share/shorewall/configfiles/hosts if [ ! -f ${PREFIX}/etc/shorewall/hosts ]; then run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/etc/shorewall/hosts @@ -342,7 +342,7 @@ fi # # Install the rules file # -run_install $OWNERSHIP -m 0600 rules ${PREFIX}/usr/share/shorewall/configfiles/rules +run_install $OWNERSHIP -m 0644 rules ${PREFIX}/usr/share/shorewall/configfiles/rules if [ ! -f ${PREFIX}/etc/shorewall/rules ]; then run_install $OWNERSHIP -m 0600 rules ${PREFIX}/etc/shorewall/rules @@ -351,7 +351,7 @@ fi # # Install the NAT file # -run_install $OWNERSHIP -m 0600 nat ${PREFIX}/usr/share/shorewall/configfiles/nat +run_install $OWNERSHIP -m 0644 nat ${PREFIX}/usr/share/shorewall/configfiles/nat if [ ! -f ${PREFIX}/etc/shorewall/nat ]; then run_install $OWNERSHIP -m 0600 nat ${PREFIX}/etc/shorewall/nat @@ -360,7 +360,7 @@ fi # # Install the NETMAP file # -run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/usr/share/shorewall/configfiles/netmap +run_install $OWNERSHIP -m 0644 netmap ${PREFIX}/usr/share/shorewall/configfiles/netmap if [ ! -f ${PREFIX}/etc/shorewall/netmap ]; then run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/etc/shorewall/netmap @@ -369,7 +369,7 @@ fi # # Install the Parameters file # -run_install $OWNERSHIP -m 0600 params ${PREFIX}/usr/share/shorewall/configfiles/params +run_install $OWNERSHIP -m 0644 params ${PREFIX}/usr/share/shorewall/configfiles/params if [ ! -f ${PREFIX}/etc/shorewall/params ]; then run_install $OWNERSHIP -m 0600 params ${PREFIX}/etc/shorewall/params @@ -378,7 +378,7 @@ fi # # Install the proxy ARP file # -run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/usr/share/shorewall/configfiles/proxyarp +run_install $OWNERSHIP -m 0644 proxyarp ${PREFIX}/usr/share/shorewall/configfiles/proxyarp if [ ! -f ${PREFIX}/etc/shorewall/proxyarp ]; then run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/etc/shorewall/proxyarp @@ -387,7 +387,7 @@ fi # # Install the Stopped Routing file # -run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/usr/share/shorewall/configfiles/routestopped +run_install $OWNERSHIP -m 0644 routestopped ${PREFIX}/usr/share/shorewall/configfiles/routestopped if [ ! -f ${PREFIX}/etc/shorewall/routestopped ]; then run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped @@ -396,7 +396,7 @@ fi # # Install the Mac List file # -run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/usr/share/shorewall/configfiles/maclist +run_install $OWNERSHIP -m 0644 maclist ${PREFIX}/usr/share/shorewall/configfiles/maclist if [ ! -f ${PREFIX}/etc/shorewall/maclist ]; then run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/etc/shorewall/maclist @@ -405,7 +405,7 @@ fi # # Install the Masq file # -run_install $OWNERSHIP -m 0600 masq ${PREFIX}/usr/share/shorewall/configfiles/masq +run_install $OWNERSHIP -m 0644 masq ${PREFIX}/usr/share/shorewall/configfiles/masq if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then run_install $OWNERSHIP -m 0600 masq ${PREFIX}/etc/shorewall/masq @@ -427,7 +427,7 @@ fi # # Install the TC Rules file # -run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/usr/share/shorewall/configfiles/tcrules +run_install $OWNERSHIP -m 0644 tcrules ${PREFIX}/usr/share/shorewall/configfiles/tcrules if [ ! -f ${PREFIX}/etc/shorewall/tcrules ]; then run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/etc/shorewall/tcrules @@ -437,7 +437,7 @@ fi # # Install the TOS file # -run_install $OWNERSHIP -m 0600 tos ${PREFIX}/usr/share/shorewall/configfiles/tos +run_install $OWNERSHIP -m 0644 tos ${PREFIX}/usr/share/shorewall/configfiles/tos if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos @@ -446,7 +446,7 @@ fi # # Install the Tunnels file # -run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/usr/share/shorewall/configfiles/tunnels +run_install $OWNERSHIP -m 0644 tunnels ${PREFIX}/usr/share/shorewall/configfiles/tunnels if [ ! -f ${PREFIX}/etc/shorewall/tunnels ]; then run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/etc/shorewall/tunnels @@ -455,7 +455,7 @@ fi # # Install the blacklist file # -run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/usr/share/shorewall/configfiles/blacklist +run_install $OWNERSHIP -m 0644 blacklist ${PREFIX}/usr/share/shorewall/configfiles/blacklist if [ ! -f ${PREFIX}/etc/shorewall/blacklist ]; then run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/etc/shorewall/blacklist @@ -474,7 +474,7 @@ delete_file ${PREFIX}/usr/share/shorewall/tcstart # # Install the Providers file # -run_install $OWNERSHIP -m 0600 providers ${PREFIX}/usr/share/shorewall/configfiles/providers +run_install $OWNERSHIP -m 0644 providers ${PREFIX}/usr/share/shorewall/configfiles/providers if [ ! -f ${PREFIX}/etc/shorewall/providers ]; then run_install $OWNERSHIP -m 0600 providers ${PREFIX}/etc/shorewall/providers @@ -484,7 +484,7 @@ fi # # Install the Route Rules file # -run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/usr/share/shorewall/configfiles/route_rules +run_install $OWNERSHIP -m 0644 route_rules ${PREFIX}/usr/share/shorewall/configfiles/route_rules if [ ! -f ${PREFIX}/etc/shorewall/route_rules ]; then run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/etc/shorewall/route_rules @@ -494,7 +494,7 @@ fi # # Install the tcclasses file # -run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/usr/share/shorewall/configfiles/tcclasses +run_install $OWNERSHIP -m 0644 tcclasses ${PREFIX}/usr/share/shorewall/configfiles/tcclasses if [ ! -f ${PREFIX}/etc/shorewall/tcclasses ]; then run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/etc/shorewall/tcclasses @@ -504,7 +504,7 @@ fi # # Install the tcdevices file # -run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/usr/share/shorewall/configfiles/tcdevices +run_install $OWNERSHIP -m 0644 tcdevices ${PREFIX}/usr/share/shorewall/configfiles/tcdevices if [ ! -f ${PREFIX}/etc/shorewall/tcdevices ]; then run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/etc/shorewall/tcdevices diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 3bb37b462..ed867d643 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -36,6 +36,9 @@ Problems Corrected in 3.2.0 RC 4 1) When install.sh was used to install/update Shorewall, the /usr/share/shorewall/Limit file had incorrect permissions. +2) Many permission problems in /usr/share/shorewall/configfiles/ have + been corrected. + Other changes in 3.2.0 RC 4 1) The progress messages produced by Shorewall Lite now correctly @@ -45,22 +48,22 @@ Other changes in 3.2.0 RC 4 on the firewall system(s). 2) A "reload" command has been added. This command allows a non-root - user with ssh access to a (usually) remote system to compile a firewall + user with ssh access to a remote system to compile a firewall script on the local system and to install that script on the remote system. Syntax is: - shorewall reload [ [ ] ] + shorewall reload [ ] If is omitted, the current working directory is - assumed. If is omitted, the local system is assumed. + assumed. The command is equivalent to: /sbin/shorewall compile -e . firewall &&\ scp firewall root@:/var/lib/shorewall-lite/ &&\ - ssh root@ '/sbin/shorewall-lite restart' + ssh root@ '/sbin/shorewall-lite restart' # Note 1 In other words, the configuration in the specified (or defaulted) directory is compiled to a file called firewall in that @@ -68,7 +71,7 @@ Other changes in 3.2.0 RC 4 (usually remote) using scp. If the copy succeeds, Shorewall Lite on is restarted via ssh. - Note: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved + Note 1: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved from /usr/share/shorewall/ to /var/lib/shorewall/ in order to appease the LHS police. diff --git a/Shorewall/shorewall.spec b/Shorewall/shorewall.spec index 730f9a696..584149133 100644 --- a/Shorewall/shorewall.spec +++ b/Shorewall/shorewall.spec @@ -172,38 +172,38 @@ fi %attr(0644,root,root) /usr/share/shorewall/xmodules %attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf -%attr(0600,root,root) /usr/share/shorewall/configfiles/zones -%attr(0600,root,root) /usr/share/shorewall/configfiles/policy -%attr(0600,root,root) /usr/share/shorewall/configfiles/interfaces -%attr(0600,root,root) /usr/share/shorewall/configfiles/ipsec -%attr(0600,root,root) /usr/share/shorewall/configfiles/rules -%attr(0600,root,root) /usr/share/shorewall/configfiles/nat -%attr(0600,root,root) /usr/share/shorewall/configfiles/netmap -%attr(0600,root,root) /usr/share/shorewall/configfiles/params -%attr(0600,root,root) /usr/share/shorewall/configfiles/proxyarp -%attr(0600,root,root) /usr/share/shorewall/configfiles/routestopped -%attr(0600,root,root) /usr/share/shorewall/configfiles/maclist -%attr(0600,root,root) /usr/share/shorewall/configfiles/masq -%attr(0600,root,root) /usr/share/shorewall/configfiles/tcrules -%attr(0600,root,root) /usr/share/shorewall/configfiles/tos -%attr(0600,root,root) /usr/share/shorewall/configfiles/tunnels -%attr(0600,root,root) /usr/share/shorewall/configfiles/hosts -%attr(0600,root,root) /usr/share/shorewall/configfiles/blacklist -%attr(0600,root,root) /usr/share/shorewall/configfiles/init -%attr(0600,root,root) /usr/share/shorewall/configfiles/initdone -%attr(0600,root,root) /usr/share/shorewall/configfiles/start -%attr(0600,root,root) /usr/share/shorewall/configfiles/stop -%attr(0600,root,root) /usr/share/shorewall/configfiles/stopped -%attr(0600,root,root) /usr/share/shorewall/configfiles/ecn -%attr(0600,root,root) /usr/share/shorewall/configfiles/accounting -%attr(0600,root,root) /usr/share/shorewall/configfiles/actions -%attr(0600,root,root) /usr/share/shorewall/configfiles/continue -%attr(0600,root,root) /usr/share/shorewall/configfiles/started -%attr(0600,root,root) /usr/share/shorewall/configfiles/providers -%attr(0600,root,root) /usr/share/shorewall/configfiles/route_rules -%attr(0600,root,root) /usr/share/shorewall/configfiles/tcclasses -%attr(0600,root,root) /usr/share/shorewall/configfiles/tcdevices -%attr(0600,root,root) /usr/share/shorewall/configfiles/Makefile +%attr(0644,root,root) /usr/share/shorewall/configfiles/zones +%attr(0644,root,root) /usr/share/shorewall/configfiles/policy +%attr(0644,root,root) /usr/share/shorewall/configfiles/interfaces +%attr(0644,root,root) /usr/share/shorewall/configfiles/ipsec +%attr(0644,root,root) /usr/share/shorewall/configfiles/rules +%attr(0644,root,root) /usr/share/shorewall/configfiles/nat +%attr(0644,root,root) /usr/share/shorewall/configfiles/netmap +%attr(0644,root,root) /usr/share/shorewall/configfiles/params +%attr(0644,root,root) /usr/share/shorewall/configfiles/proxyarp +%attr(0644,root,root) /usr/share/shorewall/configfiles/routestopped +%attr(0644,root,root) /usr/share/shorewall/configfiles/maclist +%attr(0644,root,root) /usr/share/shorewall/configfiles/masq +%attr(0644,root,root) /usr/share/shorewall/configfiles/tcrules +%attr(0644,root,root) /usr/share/shorewall/configfiles/tos +%attr(0644,root,root) /usr/share/shorewall/configfiles/tunnels +%attr(0644,root,root) /usr/share/shorewall/configfiles/hosts +%attr(0644,root,root) /usr/share/shorewall/configfiles/blacklist +%attr(0644,root,root) /usr/share/shorewall/configfiles/init +%attr(0644,root,root) /usr/share/shorewall/configfiles/initdone +%attr(0644,root,root) /usr/share/shorewall/configfiles/start +%attr(0644,root,root) /usr/share/shorewall/configfiles/stop +%attr(0644,root,root) /usr/share/shorewall/configfiles/stopped +%attr(0644,root,root) /usr/share/shorewall/configfiles/ecn +%attr(0644,root,root) /usr/share/shorewall/configfiles/accounting +%attr(0644,root,root) /usr/share/shorewall/configfiles/actions +%attr(0644,root,root) /usr/share/shorewall/configfiles/continue +%attr(0644,root,root) /usr/share/shorewall/configfiles/started +%attr(0644,root,root) /usr/share/shorewall/configfiles/providers +%attr(0644,root,root) /usr/share/shorewall/configfiles/route_rules +%attr(0644,root,root) /usr/share/shorewall/configfiles/tcclasses +%attr(0644,root,root) /usr/share/shorewall/configfiles/tcdevices +%attr(0644,root,root) /usr/share/shorewall/configfiles/Makefile %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples