From 6001fe34ec3d3ad652a7013f467d1948efb3e096 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Sun, 8 Oct 2023 23:03:33 +0200
Subject: [PATCH 1/4] Set owner of gravity output files to pihole
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 gravity.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gravity.sh b/gravity.sh
index 9133d33d..4f87c1d7 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -488,6 +488,10 @@ compareLists() {
     # We assume here it was changed upstream
     database_adlist_status "${adlistID}" "1"
   fi
+
+  # set owner of the file to pihole
+  chown pihole:pihole "${target}.sha1"
+
 }
 
 # Download specified URL and perform checks on HTTP status and file content
@@ -621,6 +625,9 @@ gravity_DownloadBlocklistFromUrl() {
       database_adlist_status "${adlistID}" "4"
     fi
   fi
+
+  # set owner of the file to pihole
+  chown pihole:pihole "${saveLocation}"
 }
 
 # Parse source files into domains format

From 679aab10d0400d55470a5d53215158490736068a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Mon, 9 Oct 2023 21:52:43 +0200
Subject: [PATCH 2/4] Run gravity as user pihole
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 automated install/basic-install.sh | 4 ++--
 gravity.sh                         | 7 -------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index ef2c8d52..ae605fcf 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -1385,8 +1385,8 @@ installCron() {
 # Gravity is a very important script as it aggregates all of the domains into a single HOSTS formatted list,
 # which is what Pi-hole needs to begin blocking ads
 runGravity() {
-    # Run gravity in the current shell
-    { /opt/pihole/gravity.sh --force; }
+    # Run gravity in the current shell as user pihole
+    { exec sudo -u pihole bash /opt/pihole/gravity.sh --force; }
 }
 
 # Check if the pihole user exists and create if it does not
diff --git a/gravity.sh b/gravity.sh
index 4f87c1d7..9133d33d 100755
--- a/gravity.sh
+++ b/gravity.sh
@@ -488,10 +488,6 @@ compareLists() {
     # We assume here it was changed upstream
     database_adlist_status "${adlistID}" "1"
   fi
-
-  # set owner of the file to pihole
-  chown pihole:pihole "${target}.sha1"
-
 }
 
 # Download specified URL and perform checks on HTTP status and file content
@@ -625,9 +621,6 @@ gravity_DownloadBlocklistFromUrl() {
       database_adlist_status "${adlistID}" "4"
     fi
   fi
-
-  # set owner of the file to pihole
-  chown pihole:pihole "${saveLocation}"
 }
 
 # Parse source files into domains format

From 22863845a0018708aaf8b215cd00666e87fceebf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Mon, 9 Oct 2023 22:05:01 +0200
Subject: [PATCH 3/4] Set owner/group of /etc/pihole to pihole
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 automated install/basic-install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index ae605fcf..4a938dc7 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -2141,8 +2141,8 @@ main() {
     if [[ "${useUpdateVars}" == false ]]; then
         # Display welcome dialogs
         welcomeDialogs
-        # Create directory for Pi-hole storage
-        install -d -m 755 /etc/pihole/
+        # Create directory for Pi-hole storage (/etc/pihole/)
+        install -o pihole -g pihole -d -m 660 "${PI_HOLE_CONFIG_DIR}"
         # Determine available interfaces
         get_available_interfaces
         # Find interfaces and let the user choose one

From 2061f3a70e7f0e64709e330552ba8e85671080ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20K=C3=B6nig?= <ckoenig@posteo.de>
Date: Mon, 9 Oct 2023 22:35:02 +0200
Subject: [PATCH 4/4] Set owner/permissions at the right place
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian König <ckoenig@posteo.de>
---
 automated install/basic-install.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh
index 4a938dc7..efe1d4f3 100755
--- a/automated install/basic-install.sh	
+++ b/automated install/basic-install.sh	
@@ -1085,12 +1085,15 @@ installScripts() {
 installConfigs() {
     printf "\\n  %b Installing configs from %s...\\n" "${INFO}" "${PI_HOLE_LOCAL_REPO}"
 
+    # Ensure that permissions are correctly set
+    chown -R pihole:pihole /etc/pihole
 
     # Install list of DNS servers
     # Format: Name;Primary IPv4;Secondary IPv4;Primary IPv6;Secondary IPv6
     # Some values may be empty (for example: DNS servers without IPv6 support)
     echo "${DNS_SERVERS}" > "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
     chmod 644 "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
+    chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
 
     # Install empty custom.list file if it does not exist
     if [[ ! -r "${PI_HOLE_CONFIG_DIR}/custom.list" ]]; then
@@ -1386,7 +1389,7 @@ installCron() {
 # which is what Pi-hole needs to begin blocking ads
 runGravity() {
     # Run gravity in the current shell as user pihole
-    { exec sudo -u pihole bash /opt/pihole/gravity.sh --force; }
+    { sudo -u pihole bash /opt/pihole/gravity.sh --force; }
 }
 
 # Check if the pihole user exists and create if it does not
@@ -1480,7 +1483,7 @@ installLogrotate() {
         return 2
     fi
     # Copy the file over from the local repo
-    install -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target}
+    install -o pihole -g pihole -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target}
     # Different operating systems have different user / group
     # settings for logrotate that makes it impossible to create
     # a static logrotate file that will work with e.g.
@@ -2049,6 +2052,7 @@ copy_to_install_log() {
     # Since we use color codes such as '\e[1;33m', they should be removed
     sed 's/\[[0-9;]\{1,5\}m//g' < /proc/$$/fd/3 > "${installLogLoc}"
     chmod 644 "${installLogLoc}"
+    chown pihole:pihole "${installLogLoc}"
 }
 
 main() {
@@ -2142,7 +2146,7 @@ main() {
         # Display welcome dialogs
         welcomeDialogs
         # Create directory for Pi-hole storage (/etc/pihole/)
-        install -o pihole -g pihole -d -m 660 "${PI_HOLE_CONFIG_DIR}"
+        install -d -m 755 "${PI_HOLE_CONFIG_DIR}"
         # Determine available interfaces
         get_available_interfaces
         # Find interfaces and let the user choose one