Remove read permission for others on senible log files
Signed-off-by: Christian König <ckoenig@posteo.de>
This commit is contained in:
parent
b20aa865b9
commit
954a0c2a14
|
@ -1394,7 +1394,7 @@ curl_to_tricorder() {
|
||||||
upload_to_tricorder() {
|
upload_to_tricorder() {
|
||||||
local username="pihole"
|
local username="pihole"
|
||||||
# Set the permissions and owner
|
# Set the permissions and owner
|
||||||
chmod 644 ${PIHOLE_DEBUG_LOG}
|
chmod 640 ${PIHOLE_DEBUG_LOG}
|
||||||
chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}
|
chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}
|
||||||
|
|
||||||
# Let the user know debugging is complete with something strikingly visual
|
# Let the user know debugging is complete with something strikingly visual
|
||||||
|
|
|
@ -46,7 +46,7 @@ if [[ "$@" == *"once"* ]]; then
|
||||||
# moved file (it will have the same file handler)
|
# moved file (it will have the same file handler)
|
||||||
cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
|
cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
|
||||||
echo " " > /var/log/pihole/pihole.log
|
echo " " > /var/log/pihole/pihole.log
|
||||||
chmod 644 /var/log/pihole/pihole.log
|
chmod 640 /var/log/pihole/pihole.log
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# Manual flushing
|
# Manual flushing
|
||||||
|
@ -59,7 +59,7 @@ else
|
||||||
echo " " > /var/log/pihole/pihole.log
|
echo " " > /var/log/pihole/pihole.log
|
||||||
if [ -f /var/log/pihole/pihole.log.1 ]; then
|
if [ -f /var/log/pihole/pihole.log.1 ]; then
|
||||||
echo " " > /var/log/pihole/pihole.log.1
|
echo " " > /var/log/pihole/pihole.log.1
|
||||||
chmod 644 /var/log/pihole/pihole.log.1
|
chmod 640 /var/log/pihole/pihole.log.1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
|
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
|
||||||
|
|
|
@ -71,12 +71,13 @@ start() {
|
||||||
[ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
|
[ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
|
||||||
[ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
|
[ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
|
||||||
[ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log
|
[ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log
|
||||||
[ ! -f /var/log/pihole/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
|
[ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
|
||||||
[ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
|
[ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
|
||||||
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
|
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
|
||||||
chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
|
chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
|
||||||
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
|
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
|
||||||
chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log
|
chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log
|
||||||
|
chmod -f 0640 /var/log/pihole/pihole.log
|
||||||
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
|
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
|
||||||
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
|
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
|
||||||
# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
|
# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
|
||||||
|
|
Loading…
Reference in New Issue