aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorficus <ficus@robocracy.org>2012-09-27 17:20:25 +0200
committerficus <ficus@robocracy.org>2012-09-27 17:23:14 +0200
commit2b30e84f7f405a6951d486293708e1a2159cdb78 (patch)
tree1a3d0aae6d2b56c545aa1812d7b75bba1a4a8b14
parent965630efc1231308cac6525bfbe6ea9a2c475410 (diff)
downloadtorouter-2b30e84f7f405a6951d486293708e1a2159cdb78.tar.gz
torouter-2b30e84f7f405a6951d486293708e1a2159cdb78.zip
install config files as root, not torouter user
-rwxr-xr-xfreedom-maker/buildrootfs.sh4
-rwxr-xr-xpackages/torouter-prep/src/torouter_preboot.sh32
2 files changed, 20 insertions, 16 deletions
diff --git a/freedom-maker/buildrootfs.sh b/freedom-maker/buildrootfs.sh
index 9dad31e..7ac69ad 100755
--- a/freedom-maker/buildrootfs.sh
+++ b/freedom-maker/buildrootfs.sh
@@ -101,9 +101,9 @@ umount $target/var/cache/apt/
# copy!
echo "Copying the source directory to the torouter rootfs..."
-rsync -av $source/ $target
+rsync -av --no-owner --no-group $source/ $target
echo "Copying the torouter config directory to the torouter rootfs..."
-rsync -av ../configs/ $target
+rsync -av --no-owner --no-group ../configs/ $target
# add extra packages to the image
bin/packages
diff --git a/packages/torouter-prep/src/torouter_preboot.sh b/packages/torouter-prep/src/torouter_preboot.sh
index 79523fa..18703a5 100755
--- a/packages/torouter-prep/src/torouter_preboot.sh
+++ b/packages/torouter-prep/src/torouter_preboot.sh
@@ -16,39 +16,43 @@ export TORADMINGROUP="debian-tor"
# if [ `apt-get --simulate install apt-utils tor torouterui ttdnsd` ]
# Set us to have a default host name and hosts file
-cp $config_dir/etc/hostname /etc/hostname
-cp $config_dir/etc/hosts /etc/hosts
+install -o root -g root -m 600 $config_dir/etc/hostname /etc/hostname
+install -o root -g root -m 600 $config_dir/etc/hosts /etc/hosts
# We need to prep apt to understand that we want packages from other repos
-cp $config_dir/etc/apt/sources.list /etc/apt/sources.list
+install -o root -g root -m 600 $config_dir/etc/apt/sources.list /etc/apt/sources.list
# Reconfigure /etc/inittab here
-cp $config_dir/etc/inittab /etc/inittab
+install -o root -g root -m 600 $config_dir/etc/inittab /etc/inittab
# Reconfigure fstab
-cp $config_dir/etc/fstab /etc/fstab
+install -o root -g root -m 600 $config_dir/etc/fstab /etc/fstab
# Configure the network
# eth0 is our "internet" interface with a dhcp client
-cp $config_dir/etc/network/interfaces /etc/network/interfaces
+install -o root -g root -m 600 $config_dir/etc/network/interfaces /etc/network/interfaces
# Configure dnsmasq
-cp $config_dir/etc/dnsmasq.conf /etc/dnsmasq.conf
+install -o root -g root -m 600 $config_dir/etc/dnsmasq.conf /etc/dnsmasq.conf
mkdir -p /etc/dnsmasq.d
-cp $config_dir/etc/dnsmasq.d/* /etc/dnsmasq.d/
+chown root:root /etc/dnsmasq.d
+install -o root -g root -m 600 $config_dir/etc/dnsmasq.d/lan /etc/dnsmasq.d/lan
+install -o root -g root -m 600 $config_dir/etc/dnsmasq.d/wifi /etc/dnsmasq.d/wifi
# Configure ntp
-cp $config_dir/etc/ntp.conf /etc/ntp.conf
-cp $config_dir/etc/default/openntpd /etc/default/openntpd
+install -o root -g root -m 600 $config_dir/etc/ntp.conf /etc/ntp.conf
+install -o root -g root -m 600 $config_dir/etc/default/openntpd /etc/default/openntpd
# Configure ssh
-cp $config_dir/etc/ssh/sshd_config /etc/ssh/sshd_config
+install -o root -g root -m 600 $config_dir/etc/ssh/sshd_config /etc/ssh/sshd_config
# XXX We should configure ufw here
# XXX We should configure denyhosts
-cp $config_dir/etc/tor/torrc /etc/tor/torrc
-cp $config_dir/etc/default/ttdnsd /etc/default/ttdnsd
+# torrc permissions get overwritten below
+install -o root -g root -m 600 $config_dir/etc/tor/torrc /etc/tor/torrc
+
+install -o root -g root -m 600 $config_dir/etc/default/ttdnsd /etc/default/ttdnsd
# install tor firewall helper
install -o root -g root -m 750 $config_dir/sbin/tor-wireless-firewall.sh /usr/sbin/
@@ -63,7 +67,7 @@ apt-get install -f
apt-get -y clean
## Disable ipv6 support for now
-cp $config_dir/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf
+install -o root -g root -m 600 $config_dir/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf
## add users and groups (ignore failures if groups already exist)
addgroup $ADMINGROUP