Logrotate config file needs to be owned by root

Signed-off-by: Christian König <ckoenig@posteo.de>
This commit is contained in:
Christian König 2023-10-18 22:09:38 +02:00
parent 2deadb2e4a
commit d77dbf736c
No known key found for this signature in database
2 changed files with 6 additions and 1 deletions

View File

@ -16,6 +16,10 @@ chown -R pihole:pihole /etc/pihole /var/log/pihole
chmod -R 0640 /var/log/pihole
chmod -R 0660 /etc/pihole
# Logrotate config file need to be owned by root and must not be writable by group and others
chown root:root /etc/pihole/logrotate
chmod 0644 /etc/pihole/logrotate
# allow all users to enter the directories
chmod 0755 /etc/pihole /var/log/pihole

View File

@ -1483,7 +1483,8 @@ installLogrotate() {
return 2
fi
# Copy the file over from the local repo
install -o pihole -g pihole -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target}
# Logrotate config file must be owned by root and not writable by group or other
install -o root -g root -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target}
# Different operating systems have different user / group
# settings for logrotate that makes it impossible to create
# a static logrotate file that will work with e.g.