From 6001fe34ec3d3ad652a7013f467d1948efb3e096 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Sun, 8 Oct 2023 23:03:33 +0200 Subject: [PATCH 1/4] Set owner of gravity output files to pihole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- gravity.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/gravity.sh b/gravity.sh index 9133d33d..4f87c1d7 100755 --- a/gravity.sh +++ b/gravity.sh @@ -488,6 +488,10 @@ compareLists() { # We assume here it was changed upstream database_adlist_status "${adlistID}" "1" fi + + # set owner of the file to pihole + chown pihole:pihole "${target}.sha1" + } # Download specified URL and perform checks on HTTP status and file content @@ -621,6 +625,9 @@ gravity_DownloadBlocklistFromUrl() { database_adlist_status "${adlistID}" "4" fi fi + + # set owner of the file to pihole + chown pihole:pihole "${saveLocation}" } # Parse source files into domains format From 679aab10d0400d55470a5d53215158490736068a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 9 Oct 2023 21:52:43 +0200 Subject: [PATCH 2/4] Run gravity as user pihole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 ++-- gravity.sh | 7 ------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ef2c8d52..ae605fcf 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1385,8 +1385,8 @@ installCron() { # Gravity is a very important script as it aggregates all of the domains into a single HOSTS formatted list, # which is what Pi-hole needs to begin blocking ads runGravity() { - # Run gravity in the current shell - { /opt/pihole/gravity.sh --force; } + # Run gravity in the current shell as user pihole + { exec sudo -u pihole bash /opt/pihole/gravity.sh --force; } } # Check if the pihole user exists and create if it does not diff --git a/gravity.sh b/gravity.sh index 4f87c1d7..9133d33d 100755 --- a/gravity.sh +++ b/gravity.sh @@ -488,10 +488,6 @@ compareLists() { # We assume here it was changed upstream database_adlist_status "${adlistID}" "1" fi - - # set owner of the file to pihole - chown pihole:pihole "${target}.sha1" - } # Download specified URL and perform checks on HTTP status and file content @@ -625,9 +621,6 @@ gravity_DownloadBlocklistFromUrl() { database_adlist_status "${adlistID}" "4" fi fi - - # set owner of the file to pihole - chown pihole:pihole "${saveLocation}" } # Parse source files into domains format From 22863845a0018708aaf8b215cd00666e87fceebf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 9 Oct 2023 22:05:01 +0200 Subject: [PATCH 3/4] Set owner/group of /etc/pihole to pihole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ae605fcf..4a938dc7 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -2141,8 +2141,8 @@ main() { if [[ "${useUpdateVars}" == false ]]; then # Display welcome dialogs welcomeDialogs - # Create directory for Pi-hole storage - install -d -m 755 /etc/pihole/ + # Create directory for Pi-hole storage (/etc/pihole/) + install -o pihole -g pihole -d -m 660 "${PI_HOLE_CONFIG_DIR}" # Determine available interfaces get_available_interfaces # Find interfaces and let the user choose one From 2061f3a70e7f0e64709e330552ba8e85671080ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Mon, 9 Oct 2023 22:35:02 +0200 Subject: [PATCH 4/4] Set owner/permissions at the right place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- automated install/basic-install.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 4a938dc7..efe1d4f3 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1085,12 +1085,15 @@ installScripts() { installConfigs() { printf "\\n %b Installing configs from %s...\\n" "${INFO}" "${PI_HOLE_LOCAL_REPO}" + # Ensure that permissions are correctly set + chown -R pihole:pihole /etc/pihole # Install list of DNS servers # Format: Name;Primary IPv4;Secondary IPv4;Primary IPv6;Secondary IPv6 # Some values may be empty (for example: DNS servers without IPv6 support) echo "${DNS_SERVERS}" > "${PI_HOLE_CONFIG_DIR}/dns-servers.conf" chmod 644 "${PI_HOLE_CONFIG_DIR}/dns-servers.conf" + chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/dns-servers.conf" # Install empty custom.list file if it does not exist if [[ ! -r "${PI_HOLE_CONFIG_DIR}/custom.list" ]]; then @@ -1386,7 +1389,7 @@ installCron() { # which is what Pi-hole needs to begin blocking ads runGravity() { # Run gravity in the current shell as user pihole - { exec sudo -u pihole bash /opt/pihole/gravity.sh --force; } + { sudo -u pihole bash /opt/pihole/gravity.sh --force; } } # Check if the pihole user exists and create if it does not @@ -1480,7 +1483,7 @@ installLogrotate() { return 2 fi # Copy the file over from the local repo - install -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} + install -o pihole -g pihole -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g. @@ -2049,6 +2052,7 @@ copy_to_install_log() { # Since we use color codes such as '\e[1;33m', they should be removed sed 's/\[[0-9;]\{1,5\}m//g' < /proc/$$/fd/3 > "${installLogLoc}" chmod 644 "${installLogLoc}" + chown pihole:pihole "${installLogLoc}" } main() { @@ -2142,7 +2146,7 @@ main() { # Display welcome dialogs welcomeDialogs # Create directory for Pi-hole storage (/etc/pihole/) - install -o pihole -g pihole -d -m 660 "${PI_HOLE_CONFIG_DIR}" + install -d -m 755 "${PI_HOLE_CONFIG_DIR}" # Determine available interfaces get_available_interfaces # Find interfaces and let the user choose one