extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-04-13 13:58:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct permission problems

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4120 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-06-16 20:45:12 +00:00
parent 2b11c85e85
commit 50810309e9
3 changed files with 60 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Shorewall/install.sh
View File

@ -256,12 +256,12 @@ chmod 755 ${PREFIX}/usr/share/shorewall/configfiles
# #
# Install the config file # Install the config file
# #
run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf run_install $OWNERSHIP -m 0644 shorewall.conf ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf
qt mywhich perl && perl -p -w -i -e 's|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;' /usr/share/shorewall/configfiles/shorewall.conf qt mywhich perl && perl -p -w -i -e 's|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;' /usr/share/shorewall/configfiles/shorewall.conf
if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then if [ ! -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
run_install $OWNERSHIP -m 0744 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf run_install $OWNERSHIP -m 0644 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf
echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf" echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf"
fi fi
@ -272,7 +272,7 @@ fi
# #
# Install the zones file # Install the zones file
# #
run_install $OWNERSHIP -m 0744 zones ${PREFIX}/usr/share/shorewall/configfiles/zones run_install $OWNERSHIP -m 0644 zones ${PREFIX}/usr/share/shorewall/configfiles/zones
if [ ! -f ${PREFIX}/etc/shorewall/zones ]; then if [ ! -f ${PREFIX}/etc/shorewall/zones ]; then
run_install $OWNERSHIP -m 0744 zones ${PREFIX}/etc/shorewall/zones run_install $OWNERSHIP -m 0744 zones ${PREFIX}/etc/shorewall/zones
@ -333,7 +333,7 @@ fi
# #
# Install the hosts file # Install the hosts file
# #
run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/usr/share/shorewall/configfiles/hosts run_install $OWNERSHIP -m 0644 hosts ${PREFIX}/usr/share/shorewall/configfiles/hosts
if [ ! -f ${PREFIX}/etc/shorewall/hosts ]; then if [ ! -f ${PREFIX}/etc/shorewall/hosts ]; then
run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/etc/shorewall/hosts run_install $OWNERSHIP -m 0600 hosts ${PREFIX}/etc/shorewall/hosts
@ -342,7 +342,7 @@ fi
# #
# Install the rules file # Install the rules file
# #
run_install $OWNERSHIP -m 0600 rules ${PREFIX}/usr/share/shorewall/configfiles/rules run_install $OWNERSHIP -m 0644 rules ${PREFIX}/usr/share/shorewall/configfiles/rules
if [ ! -f ${PREFIX}/etc/shorewall/rules ]; then if [ ! -f ${PREFIX}/etc/shorewall/rules ]; then
run_install $OWNERSHIP -m 0600 rules ${PREFIX}/etc/shorewall/rules run_install $OWNERSHIP -m 0600 rules ${PREFIX}/etc/shorewall/rules
@ -351,7 +351,7 @@ fi
# #
# Install the NAT file # Install the NAT file
# #
run_install $OWNERSHIP -m 0600 nat ${PREFIX}/usr/share/shorewall/configfiles/nat run_install $OWNERSHIP -m 0644 nat ${PREFIX}/usr/share/shorewall/configfiles/nat
if [ ! -f ${PREFIX}/etc/shorewall/nat ]; then if [ ! -f ${PREFIX}/etc/shorewall/nat ]; then
run_install $OWNERSHIP -m 0600 nat ${PREFIX}/etc/shorewall/nat run_install $OWNERSHIP -m 0600 nat ${PREFIX}/etc/shorewall/nat
@ -360,7 +360,7 @@ fi
# #
# Install the NETMAP file # Install the NETMAP file
# #
run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/usr/share/shorewall/configfiles/netmap run_install $OWNERSHIP -m 0644 netmap ${PREFIX}/usr/share/shorewall/configfiles/netmap
if [ ! -f ${PREFIX}/etc/shorewall/netmap ]; then if [ ! -f ${PREFIX}/etc/shorewall/netmap ]; then
run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/etc/shorewall/netmap run_install $OWNERSHIP -m 0600 netmap ${PREFIX}/etc/shorewall/netmap
@ -369,7 +369,7 @@ fi
# #
# Install the Parameters file # Install the Parameters file
# #
run_install $OWNERSHIP -m 0600 params ${PREFIX}/usr/share/shorewall/configfiles/params run_install $OWNERSHIP -m 0644 params ${PREFIX}/usr/share/shorewall/configfiles/params
if [ ! -f ${PREFIX}/etc/shorewall/params ]; then if [ ! -f ${PREFIX}/etc/shorewall/params ]; then
run_install $OWNERSHIP -m 0600 params ${PREFIX}/etc/shorewall/params run_install $OWNERSHIP -m 0600 params ${PREFIX}/etc/shorewall/params
@ -378,7 +378,7 @@ fi
# #
# Install the proxy ARP file # Install the proxy ARP file
# #
run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/usr/share/shorewall/configfiles/proxyarp run_install $OWNERSHIP -m 0644 proxyarp ${PREFIX}/usr/share/shorewall/configfiles/proxyarp
if [ ! -f ${PREFIX}/etc/shorewall/proxyarp ]; then if [ ! -f ${PREFIX}/etc/shorewall/proxyarp ]; then
run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/etc/shorewall/proxyarp run_install $OWNERSHIP -m 0600 proxyarp ${PREFIX}/etc/shorewall/proxyarp
@ -387,7 +387,7 @@ fi
# #
# Install the Stopped Routing file # Install the Stopped Routing file
# #
run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/usr/share/shorewall/configfiles/routestopped run_install $OWNERSHIP -m 0644 routestopped ${PREFIX}/usr/share/shorewall/configfiles/routestopped
if [ ! -f ${PREFIX}/etc/shorewall/routestopped ]; then if [ ! -f ${PREFIX}/etc/shorewall/routestopped ]; then
run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped run_install $OWNERSHIP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped
@ -396,7 +396,7 @@ fi
# #
# Install the Mac List file # Install the Mac List file
# #
run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/usr/share/shorewall/configfiles/maclist run_install $OWNERSHIP -m 0644 maclist ${PREFIX}/usr/share/shorewall/configfiles/maclist
if [ ! -f ${PREFIX}/etc/shorewall/maclist ]; then if [ ! -f ${PREFIX}/etc/shorewall/maclist ]; then
run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/etc/shorewall/maclist run_install $OWNERSHIP -m 0600 maclist ${PREFIX}/etc/shorewall/maclist
@ -405,7 +405,7 @@ fi
# #
# Install the Masq file # Install the Masq file
# #
run_install $OWNERSHIP -m 0600 masq ${PREFIX}/usr/share/shorewall/configfiles/masq run_install $OWNERSHIP -m 0644 masq ${PREFIX}/usr/share/shorewall/configfiles/masq
if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then if [ ! -f ${PREFIX}/etc/shorewall/masq ]; then
run_install $OWNERSHIP -m 0600 masq ${PREFIX}/etc/shorewall/masq run_install $OWNERSHIP -m 0600 masq ${PREFIX}/etc/shorewall/masq
@ -427,7 +427,7 @@ fi
# #
# Install the TC Rules file # Install the TC Rules file
# #
run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/usr/share/shorewall/configfiles/tcrules run_install $OWNERSHIP -m 0644 tcrules ${PREFIX}/usr/share/shorewall/configfiles/tcrules
if [ ! -f ${PREFIX}/etc/shorewall/tcrules ]; then if [ ! -f ${PREFIX}/etc/shorewall/tcrules ]; then
run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/etc/shorewall/tcrules run_install $OWNERSHIP -m 0600 tcrules ${PREFIX}/etc/shorewall/tcrules
@ -437,7 +437,7 @@ fi
# #
# Install the TOS file # Install the TOS file
# #
run_install $OWNERSHIP -m 0600 tos ${PREFIX}/usr/share/shorewall/configfiles/tos run_install $OWNERSHIP -m 0644 tos ${PREFIX}/usr/share/shorewall/configfiles/tos
if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then if [ ! -f ${PREFIX}/etc/shorewall/tos ]; then
run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos run_install $OWNERSHIP -m 0600 tos ${PREFIX}/etc/shorewall/tos
@ -446,7 +446,7 @@ fi
# #
# Install the Tunnels file # Install the Tunnels file
# #
run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/usr/share/shorewall/configfiles/tunnels run_install $OWNERSHIP -m 0644 tunnels ${PREFIX}/usr/share/shorewall/configfiles/tunnels
if [ ! -f ${PREFIX}/etc/shorewall/tunnels ]; then if [ ! -f ${PREFIX}/etc/shorewall/tunnels ]; then
run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/etc/shorewall/tunnels run_install $OWNERSHIP -m 0600 tunnels ${PREFIX}/etc/shorewall/tunnels
@ -455,7 +455,7 @@ fi
# #
# Install the blacklist file # Install the blacklist file
# #
run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/usr/share/shorewall/configfiles/blacklist run_install $OWNERSHIP -m 0644 blacklist ${PREFIX}/usr/share/shorewall/configfiles/blacklist
if [ ! -f ${PREFIX}/etc/shorewall/blacklist ]; then if [ ! -f ${PREFIX}/etc/shorewall/blacklist ]; then
run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/etc/shorewall/blacklist run_install $OWNERSHIP -m 0600 blacklist ${PREFIX}/etc/shorewall/blacklist
@ -474,7 +474,7 @@ delete_file ${PREFIX}/usr/share/shorewall/tcstart
# #
# Install the Providers file # Install the Providers file
# #
run_install $OWNERSHIP -m 0600 providers ${PREFIX}/usr/share/shorewall/configfiles/providers run_install $OWNERSHIP -m 0644 providers ${PREFIX}/usr/share/shorewall/configfiles/providers
if [ ! -f ${PREFIX}/etc/shorewall/providers ]; then if [ ! -f ${PREFIX}/etc/shorewall/providers ]; then
run_install $OWNERSHIP -m 0600 providers ${PREFIX}/etc/shorewall/providers run_install $OWNERSHIP -m 0600 providers ${PREFIX}/etc/shorewall/providers
@ -484,7 +484,7 @@ fi
# #
# Install the Route Rules file # Install the Route Rules file
# #
run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/usr/share/shorewall/configfiles/route_rules run_install $OWNERSHIP -m 0644 route_rules ${PREFIX}/usr/share/shorewall/configfiles/route_rules
if [ ! -f ${PREFIX}/etc/shorewall/route_rules ]; then if [ ! -f ${PREFIX}/etc/shorewall/route_rules ]; then
run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/etc/shorewall/route_rules run_install $OWNERSHIP -m 0600 route_rules ${PREFIX}/etc/shorewall/route_rules
@ -494,7 +494,7 @@ fi
# #
# Install the tcclasses file # Install the tcclasses file
# #
run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/usr/share/shorewall/configfiles/tcclasses run_install $OWNERSHIP -m 0644 tcclasses ${PREFIX}/usr/share/shorewall/configfiles/tcclasses
if [ ! -f ${PREFIX}/etc/shorewall/tcclasses ]; then if [ ! -f ${PREFIX}/etc/shorewall/tcclasses ]; then
run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/etc/shorewall/tcclasses run_install $OWNERSHIP -m 0600 tcclasses ${PREFIX}/etc/shorewall/tcclasses
@ -504,7 +504,7 @@ fi
# #
# Install the tcdevices file # Install the tcdevices file
# #
run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/usr/share/shorewall/configfiles/tcdevices run_install $OWNERSHIP -m 0644 tcdevices ${PREFIX}/usr/share/shorewall/configfiles/tcdevices
if [ ! -f ${PREFIX}/etc/shorewall/tcdevices ]; then if [ ! -f ${PREFIX}/etc/shorewall/tcdevices ]; then
run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/etc/shorewall/tcdevices run_install $OWNERSHIP -m 0600 tcdevices ${PREFIX}/etc/shorewall/tcdevices

13
Shorewall/releasenotes.txt
View File

@ -36,6 +36,9 @@ Problems Corrected in 3.2.0 RC 4
1) When install.sh was used to install/update Shorewall, the 1) When install.sh was used to install/update Shorewall, the
/usr/share/shorewall/Limit file had incorrect permissions. /usr/share/shorewall/Limit file had incorrect permissions.
2) Many permission problems in /usr/share/shorewall/configfiles/ have
been corrected.
Other changes in 3.2.0 RC 4 Other changes in 3.2.0 RC 4
1) The progress messages produced by Shorewall Lite now correctly 1) The progress messages produced by Shorewall Lite now correctly
@ -45,22 +48,22 @@ Other changes in 3.2.0 RC 4
on the firewall system(s). on the firewall system(s).
2) A "reload" command has been added. This command allows a non-root 2) A "reload" command has been added. This command allows a non-root
user with ssh access to a (usually) remote system to compile a firewall user with ssh access to a remote system to compile a firewall
script on the local system and to install that script on the remote script on the local system and to install that script on the remote
system. system.
Syntax is: Syntax is:
shorewall reload [ [ <directory> ] <system> ] shorewall reload [ <directory> ] <system>
If <directory> is omitted, the current working directory is If <directory> is omitted, the current working directory is
assumed. If <system> is omitted, the local system is assumed. assumed.
The command is equivalent to: The command is equivalent to:
/sbin/shorewall compile -e . firewall &&\ /sbin/shorewall compile -e . firewall &&\
scp firewall root@<system>:/var/lib/shorewall-lite/ &&\ scp firewall root@<system>:/var/lib/shorewall-lite/ &&\
ssh root@<system> '/sbin/shorewall-lite restart' ssh root@<system> '/sbin/shorewall-lite restart' # Note 1
In other words, the configuration in the specified (or defaulted) In other words, the configuration in the specified (or defaulted)
directory is compiled to a file called firewall in that directory is compiled to a file called firewall in that
@ -68,7 +71,7 @@ Other changes in 3.2.0 RC 4
(usually remote) <system> using scp. If the copy succeeds, (usually remote) <system> using scp. If the copy succeeds,
Shorewall Lite on <system> is restarted via ssh. Shorewall Lite on <system> is restarted via ssh.
Note: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved Note 1: In Shorewall Lite 3.2.0 RC4, the 'firewall' script has moved
from /usr/share/shorewall/ to /var/lib/shorewall/ in order to from /usr/share/shorewall/ to /var/lib/shorewall/ in order to
appease the LHS police. appease the LHS police.

64
Shorewall/shorewall.spec
View File

@ -172,38 +172,38 @@ fi
%attr(0644,root,root) /usr/share/shorewall/xmodules %attr(0644,root,root) /usr/share/shorewall/xmodules
%attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf %attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf
%attr(0600,root,root) /usr/share/shorewall/configfiles/zones %attr(0644,root,root) /usr/share/shorewall/configfiles/zones
%attr(0600,root,root) /usr/share/shorewall/configfiles/policy %attr(0644,root,root) /usr/share/shorewall/configfiles/policy
%attr(0600,root,root) /usr/share/shorewall/configfiles/interfaces %attr(0644,root,root) /usr/share/shorewall/configfiles/interfaces
%attr(0600,root,root) /usr/share/shorewall/configfiles/ipsec %attr(0644,root,root) /usr/share/shorewall/configfiles/ipsec
%attr(0600,root,root) /usr/share/shorewall/configfiles/rules %attr(0644,root,root) /usr/share/shorewall/configfiles/rules
%attr(0600,root,root) /usr/share/shorewall/configfiles/nat %attr(0644,root,root) /usr/share/shorewall/configfiles/nat
%attr(0600,root,root) /usr/share/shorewall/configfiles/netmap %attr(0644,root,root) /usr/share/shorewall/configfiles/netmap
%attr(0600,root,root) /usr/share/shorewall/configfiles/params %attr(0644,root,root) /usr/share/shorewall/configfiles/params
%attr(0600,root,root) /usr/share/shorewall/configfiles/proxyarp %attr(0644,root,root) /usr/share/shorewall/configfiles/proxyarp
%attr(0600,root,root) /usr/share/shorewall/configfiles/routestopped %attr(0644,root,root) /usr/share/shorewall/configfiles/routestopped
%attr(0600,root,root) /usr/share/shorewall/configfiles/maclist %attr(0644,root,root) /usr/share/shorewall/configfiles/maclist
%attr(0600,root,root) /usr/share/shorewall/configfiles/masq %attr(0644,root,root) /usr/share/shorewall/configfiles/masq
%attr(0600,root,root) /usr/share/shorewall/configfiles/tcrules %attr(0644,root,root) /usr/share/shorewall/configfiles/tcrules
%attr(0600,root,root) /usr/share/shorewall/configfiles/tos %attr(0644,root,root) /usr/share/shorewall/configfiles/tos
%attr(0600,root,root) /usr/share/shorewall/configfiles/tunnels %attr(0644,root,root) /usr/share/shorewall/configfiles/tunnels
%attr(0600,root,root) /usr/share/shorewall/configfiles/hosts %attr(0644,root,root) /usr/share/shorewall/configfiles/hosts
%attr(0600,root,root) /usr/share/shorewall/configfiles/blacklist %attr(0644,root,root) /usr/share/shorewall/configfiles/blacklist
%attr(0600,root,root) /usr/share/shorewall/configfiles/init %attr(0644,root,root) /usr/share/shorewall/configfiles/init
%attr(0600,root,root) /usr/share/shorewall/configfiles/initdone %attr(0644,root,root) /usr/share/shorewall/configfiles/initdone
%attr(0600,root,root) /usr/share/shorewall/configfiles/start %attr(0644,root,root) /usr/share/shorewall/configfiles/start
%attr(0600,root,root) /usr/share/shorewall/configfiles/stop %attr(0644,root,root) /usr/share/shorewall/configfiles/stop
%attr(0600,root,root) /usr/share/shorewall/configfiles/stopped %attr(0644,root,root) /usr/share/shorewall/configfiles/stopped
%attr(0600,root,root) /usr/share/shorewall/configfiles/ecn %attr(0644,root,root) /usr/share/shorewall/configfiles/ecn
%attr(0600,root,root) /usr/share/shorewall/configfiles/accounting %attr(0644,root,root) /usr/share/shorewall/configfiles/accounting
%attr(0600,root,root) /usr/share/shorewall/configfiles/actions %attr(0644,root,root) /usr/share/shorewall/configfiles/actions
%attr(0600,root,root) /usr/share/shorewall/configfiles/continue %attr(0644,root,root) /usr/share/shorewall/configfiles/continue
%attr(0600,root,root) /usr/share/shorewall/configfiles/started %attr(0644,root,root) /usr/share/shorewall/configfiles/started
%attr(0600,root,root) /usr/share/shorewall/configfiles/providers %attr(0644,root,root) /usr/share/shorewall/configfiles/providers
%attr(0600,root,root) /usr/share/shorewall/configfiles/route_rules %attr(0644,root,root) /usr/share/shorewall/configfiles/route_rules
%attr(0600,root,root) /usr/share/shorewall/configfiles/tcclasses %attr(0644,root,root) /usr/share/shorewall/configfiles/tcclasses
%attr(0600,root,root) /usr/share/shorewall/configfiles/tcdevices %attr(0644,root,root) /usr/share/shorewall/configfiles/tcdevices
%attr(0600,root,root) /usr/share/shorewall/configfiles/Makefile %attr(0644,root,root) /usr/share/shorewall/configfiles/Makefile
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn Samples