From d77dbf736cbeb1f5bc7e885e7ccb0b8cfc9c1bdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= Date: Wed, 18 Oct 2023 22:09:38 +0200 Subject: [PATCH] Logrotate config file needs to be owned by root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Christian König --- advanced/Templates/pihole-FTL-prestart.sh | 4 ++++ automated install/basic-install.sh | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/advanced/Templates/pihole-FTL-prestart.sh b/advanced/Templates/pihole-FTL-prestart.sh index abeaabc4..c6817828 100755 --- a/advanced/Templates/pihole-FTL-prestart.sh +++ b/advanced/Templates/pihole-FTL-prestart.sh @@ -16,6 +16,10 @@ chown -R pihole:pihole /etc/pihole /var/log/pihole chmod -R 0640 /var/log/pihole chmod -R 0660 /etc/pihole +# Logrotate config file need to be owned by root and must not be writable by group and others +chown root:root /etc/pihole/logrotate +chmod 0644 /etc/pihole/logrotate + # allow all users to enter the directories chmod 0755 /etc/pihole /var/log/pihole diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index ac516415..4d656283 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1483,7 +1483,8 @@ installLogrotate() { return 2 fi # Copy the file over from the local repo - install -o pihole -g pihole -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} + # Logrotate config file must be owned by root and not writable by group or other + install -o root -g root -D -m 644 -T "${PI_HOLE_LOCAL_REPO}"/advanced/Templates/logrotate ${target} # Different operating systems have different user / group # settings for logrotate that makes it impossible to create # a static logrotate file that will work with e.g.