mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 06:48:07 +00:00
Adds world readable attribute to files created by Pi-hole to circumvent #2724
Signed-off-by: pvogt09 <50047961+pvogt09@users.noreply.github.com>
This commit is contained in:
parent
6a01a1257f
commit
5c575e73c7
@ -92,11 +92,13 @@ PoplistFile() {
|
||||
# Check whitelist file exists, and if not, create it
|
||||
if [[ ! -f "${whitelist}" ]]; then
|
||||
touch "${whitelist}"
|
||||
chmod a+r "${whitelist}"
|
||||
fi
|
||||
|
||||
# Check blacklist file exists, and if not, create it
|
||||
if [[ ! -f "${blacklist}" ]]; then
|
||||
touch "${blacklist}"
|
||||
chmod a+r "${blacklist}"
|
||||
fi
|
||||
|
||||
for dom in "${domList[@]}"; do
|
||||
@ -239,9 +241,10 @@ Displaylist() {
|
||||
NukeList() {
|
||||
if [[ -f "${listMain}" ]]; then
|
||||
# Back up original list
|
||||
cp "${listMain}" "${listMain}.bck~"
|
||||
cp -p "${listMain}" "${listMain}.bck~"
|
||||
# Empty out file
|
||||
echo "" > "${listMain}"
|
||||
chmod a+r "${listMain}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -90,6 +90,7 @@ checkout() {
|
||||
local path
|
||||
path="development/${binary}"
|
||||
echo "development" > /etc/pihole/ftlbranch
|
||||
chmod a+r /etc/pihole/ftlbranch
|
||||
elif [[ "${1}" == "master" ]] ; then
|
||||
# Shortcut to check out master branches
|
||||
echo -e " ${INFO} Shortcut \"master\" detected - checking out master branches..."
|
||||
@ -104,6 +105,7 @@ checkout() {
|
||||
local path
|
||||
path="master/${binary}"
|
||||
echo "master" > /etc/pihole/ftlbranch
|
||||
chmod a+r /etc/pihole/ftlbranch
|
||||
elif [[ "${1}" == "core" ]] ; then
|
||||
str="Fetching branches from ${piholeGitUrl}"
|
||||
echo -ne " ${INFO} $str"
|
||||
@ -166,6 +168,7 @@ checkout() {
|
||||
if check_download_exists "$path"; then
|
||||
echo " ${TICK} Branch ${2} exists"
|
||||
echo "${2}" > /etc/pihole/ftlbranch
|
||||
chmod a+r /etc/pihole/ftlbranch
|
||||
FTLinstall "${binary}"
|
||||
restart_service pihole-FTL
|
||||
enable_service pihole-FTL
|
||||
|
@ -39,8 +39,9 @@ if [[ "$@" == *"once"* ]]; then
|
||||
# Note that moving the file is not an option, as
|
||||
# dnsmasq would happily continue writing into the
|
||||
# moved file (it will have the same file handler)
|
||||
cp /var/log/pihole.log /var/log/pihole.log.1
|
||||
cp -p /var/log/pihole.log /var/log/pihole.log.1
|
||||
echo " " > /var/log/pihole.log
|
||||
chmod a+r /var/log/pihole.log
|
||||
fi
|
||||
else
|
||||
# Manual flushing
|
||||
@ -53,6 +54,7 @@ else
|
||||
echo " " > /var/log/pihole.log
|
||||
if [ -f /var/log/pihole.log.1 ]; then
|
||||
echo " " > /var/log/pihole.log.1
|
||||
chmod a+r /var/log/pihole.log.1
|
||||
fi
|
||||
fi
|
||||
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
|
||||
|
@ -51,6 +51,7 @@ if [[ "$2" == "remote" ]]; then
|
||||
|
||||
GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
|
||||
echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
|
||||
chmod a+r "${GITHUB_VERSION_FILE}"
|
||||
|
||||
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
|
||||
GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
|
||||
@ -66,6 +67,7 @@ else
|
||||
|
||||
CORE_BRANCH="$(get_local_branch /etc/.pihole)"
|
||||
echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
|
||||
chmod a+r "${LOCAL_BRANCH_FILE}"
|
||||
|
||||
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
|
||||
WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
|
||||
@ -79,6 +81,7 @@ else
|
||||
|
||||
CORE_VERSION="$(get_local_version /etc/.pihole)"
|
||||
echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
|
||||
chmod a+r "${LOCAL_VERSION_FILE}"
|
||||
|
||||
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
|
||||
WEB_VERSION="$(get_local_version /var/www/html/admin)"
|
||||
|
@ -322,6 +322,7 @@ dhcp-option=option:router,${DHCP_ROUTER}
|
||||
dhcp-leasefile=/etc/pihole/dhcp.leases
|
||||
#quiet-dhcp
|
||||
" > "${dhcpconfig}"
|
||||
chmod a+r "${dhcpconfig}"
|
||||
|
||||
if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
|
||||
echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
|
||||
@ -541,11 +542,13 @@ addAudit()
|
||||
do
|
||||
echo "${var}" >> /etc/pihole/auditlog.list
|
||||
done
|
||||
chmod a+r /etc/pihole/auditlog.list
|
||||
}
|
||||
|
||||
clearAudit()
|
||||
{
|
||||
echo -n "" > /etc/pihole/auditlog.list
|
||||
chmod a+r /etc/pihole/auditlog.list
|
||||
}
|
||||
|
||||
SetPrivacyLevel() {
|
||||
|
@ -194,7 +194,7 @@ if is_command apt-get ; then
|
||||
exit # exit the installer
|
||||
else
|
||||
printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}"
|
||||
cp ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list
|
||||
cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list
|
||||
printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup"
|
||||
add-apt-repository universe
|
||||
printf " %b Enabled %s\\n" "${TICK}" "'universe' repository"
|
||||
@ -847,7 +847,7 @@ setIFCFG() {
|
||||
# Put the IP in variables without the CIDR notation
|
||||
printf -v CIDR "%s" "${IPV4_ADDRESS##*/}"
|
||||
# Backup existing interface configuration:
|
||||
cp "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig
|
||||
cp -p "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig
|
||||
# Build Interface configuration file using the GLOBAL variables we have
|
||||
{
|
||||
echo "# Configured via Pi-hole installer"
|
||||
@ -1241,7 +1241,8 @@ version_check_dnsmasq() {
|
||||
printf "%b %b Backing up dnsmasq.conf to dnsmasq.conf.orig...\\n" "${OVER}" "${TICK}"
|
||||
printf " %b Restoring default dnsmasq.conf..." "${INFO}"
|
||||
# and replace it with the default
|
||||
cp ${dnsmasq_original_config} ${dnsmasq_conf}
|
||||
cp -p ${dnsmasq_original_config} ${dnsmasq_conf}
|
||||
chmod a+r ${dnsmasq_conf}
|
||||
printf "%b %b Restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}"
|
||||
# Otherwise,
|
||||
else
|
||||
@ -1252,7 +1253,7 @@ version_check_dnsmasq() {
|
||||
# If a file cannot be found,
|
||||
printf " %b No dnsmasq.conf found... restoring default dnsmasq.conf..." "${INFO}"
|
||||
# restore the default one
|
||||
cp ${dnsmasq_original_config} ${dnsmasq_conf}
|
||||
cp -p ${dnsmasq_original_config} ${dnsmasq_conf}
|
||||
printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}"
|
||||
fi
|
||||
|
||||
@ -1260,9 +1261,11 @@ version_check_dnsmasq() {
|
||||
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
|
||||
if [[ ! -d "/etc/dnsmasq.d" ]];then
|
||||
mkdir "/etc/dnsmasq.d"
|
||||
chmod 755 "/etc/dnsmasq.d"
|
||||
fi
|
||||
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory
|
||||
cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
|
||||
chmod a+r ${dnsmasq_pihole_01_location}
|
||||
printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}"
|
||||
# Replace our placeholder values with the GLOBAL DNS variables that we populated earlier
|
||||
# First, swap in the interface to listen on
|
||||
@ -1382,6 +1385,7 @@ installConfigs() {
|
||||
mkdir /etc/lighttpd
|
||||
# and set the owners
|
||||
chown "${USER}":root /etc/lighttpd
|
||||
chmod 755 /etc/lighttpd
|
||||
# Otherwise, if the config file already exists
|
||||
elif [[ -f "/etc/lighttpd/lighttpd.conf" ]]; then
|
||||
# back up the original
|
||||
@ -1389,8 +1393,10 @@ installConfigs() {
|
||||
fi
|
||||
# and copy in the config file Pi-hole needs
|
||||
cp ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf
|
||||
chmod a+r /etc/lighttpd/lighttpd.conf
|
||||
# Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it
|
||||
touch /etc/lighttpd/external.conf
|
||||
chmod a+r /etc/lighttpd/external.conf
|
||||
# if there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config
|
||||
if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then
|
||||
sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf
|
||||
@ -1422,15 +1428,26 @@ install_manpage() {
|
||||
if [[ ! -d "/usr/local/share/man/man8" ]]; then
|
||||
# if not present, create man8 directory
|
||||
mkdir /usr/local/share/man/man8
|
||||
chown root:staff /usr/local/share/man/man8
|
||||
chmod a+r /usr/local/share/man/man8
|
||||
chmod a+x /usr/local/share/man/man8
|
||||
chmod g+s /usr/local/share/man/man8
|
||||
fi
|
||||
if [[ ! -d "/usr/local/share/man/man5" ]]; then
|
||||
# if not present, create man8 directory
|
||||
# if not present, create man5 directory
|
||||
mkdir /usr/local/share/man/man5
|
||||
chown root:staff /usr/local/share/man/man5
|
||||
chmod a+r /usr/local/share/man/man5
|
||||
chmod a+x /usr/local/share/man/man5
|
||||
chmod g+s /usr/local/share/man/man5
|
||||
fi
|
||||
# Testing complete, copy the files & update the man db
|
||||
cp ${PI_HOLE_LOCAL_REPO}/manpages/pihole.8 /usr/local/share/man/man8/pihole.8
|
||||
chmod a+r /usr/local/share/man/man8/pihole.8
|
||||
cp ${PI_HOLE_LOCAL_REPO}/manpages/pihole-FTL.8 /usr/local/share/man/man8/pihole-FTL.8
|
||||
chmod a+r /usr/local/share/man/man8/pihole-FTL.8
|
||||
cp ${PI_HOLE_LOCAL_REPO}/manpages/pihole-FTL.conf.5 /usr/local/share/man/man5/pihole-FTL.conf.5
|
||||
chmod a+r /usr/local/share/man/man5/pihole-FTL.conf.5
|
||||
if mandb -q &>/dev/null; then
|
||||
# Updated successfully
|
||||
printf "%b %b man pages installed and database updated\\n" "${OVER}" "${TICK}"
|
||||
@ -1711,6 +1728,9 @@ installCron() {
|
||||
printf "\\n %b %s..." "${INFO}" "${str}"
|
||||
# Copy the cron file over from the local repo
|
||||
cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.cron /etc/cron.d/pihole
|
||||
# File must not be world or group writeable and must be owned by root
|
||||
chmod 644 /etc/cron.d/pihole
|
||||
chown root:root /etc/cron.d/pihole
|
||||
# Randomize gravity update time
|
||||
sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole
|
||||
# Randomize update checker time
|
||||
@ -1818,6 +1838,7 @@ finalExports() {
|
||||
echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
|
||||
echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
|
||||
}>> "${setupVars}"
|
||||
chmod 744 "${setupVars}"
|
||||
|
||||
# Set the privacy level
|
||||
sed -i '/PRIVACYLEVEL/d' "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
|
||||
@ -1841,6 +1862,7 @@ installLogrotate() {
|
||||
printf "\\n %b %s..." "${INFO}" "${str}"
|
||||
# Copy the file over from the local repo
|
||||
cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate
|
||||
chmod a+r /etc/pihole/logrotate
|
||||
# Different operating systems have different user / group
|
||||
# settings for logrotate that makes it impossible to create
|
||||
# a static logrotate file that will work with e.g.
|
||||
@ -2431,6 +2453,7 @@ copy_to_install_log() {
|
||||
# Copy the contents of file descriptor 3 into the install log
|
||||
# Since we use color codes such as '\e[1;33m', they should be removed
|
||||
sed 's/\[[0-9;]\{1,5\}m//g' < /proc/$$/fd/3 > "${installLogLoc}"
|
||||
chmod a+r "${installLogLoc}"
|
||||
}
|
||||
|
||||
main() {
|
||||
@ -2516,6 +2539,8 @@ main() {
|
||||
welcomeDialogs
|
||||
# Create directory for Pi-hole storage
|
||||
mkdir -p /etc/pihole/
|
||||
chmod a+r /ect/pihole/
|
||||
chmod a+x /etc/pihole/
|
||||
# Determine available interfaces
|
||||
get_available_interfaces
|
||||
# Find interfaces and let the user choose one
|
||||
|
@ -153,7 +153,7 @@ removeNoPurge() {
|
||||
|
||||
# Restore Resolved
|
||||
if [[ -e /etc/systemd/resolved.conf.orig ]]; then
|
||||
${SUDO} cp /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
|
||||
${SUDO} cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
|
||||
systemctl reload-or-restart systemd-resolved
|
||||
fi
|
||||
|
||||
|
@ -485,6 +485,7 @@ gravity_SortAndFilterConsolidatedList() {
|
||||
fi
|
||||
|
||||
sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}"
|
||||
chmod a+r "${piholeDir}/${preEventHorizon}"
|
||||
|
||||
if [[ "${haveSourceUrls}" == true ]]; then
|
||||
echo -e "${OVER} ${TICK} ${str}"
|
||||
@ -509,6 +510,7 @@ gravity_Whitelist() {
|
||||
|
||||
# Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile
|
||||
comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}"
|
||||
chmod a+r "${piholeDir}/${whitelistMatter}"
|
||||
|
||||
echo -e "${OVER} ${INFO} ${str}"
|
||||
}
|
||||
@ -561,6 +563,7 @@ gravity_ParseLocalDomains() {
|
||||
|
||||
# Empty $localList if it already exists, otherwise, create it
|
||||
: > "${localList}"
|
||||
chmod a+r "${localList}"
|
||||
|
||||
gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}"
|
||||
|
||||
@ -581,8 +584,9 @@ gravity_ParseBlacklistDomains() {
|
||||
mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
|
||||
else
|
||||
# There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
|
||||
cp "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
|
||||
cp -p "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
|
||||
fi
|
||||
chmod a+r "${piholeDir}/${accretionDisc}"
|
||||
|
||||
# Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
|
||||
output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 )
|
||||
@ -592,6 +596,7 @@ gravity_ParseBlacklistDomains() {
|
||||
echo -e "\\n ${CROSS} Unable to move ${accretionDisc} from ${piholeDir}\\n ${output}"
|
||||
gravity_Cleanup "error"
|
||||
fi
|
||||
chmod a+r "${adList}"
|
||||
}
|
||||
|
||||
# Create user-added blacklist entries
|
||||
@ -602,6 +607,7 @@ gravity_ParseUserDomains() {
|
||||
# Copy the file over as /etc/pihole/black.list so dnsmasq can use it
|
||||
cp "${blacklistFile}" "${blackList}" 2> /dev/null || \
|
||||
echo -e "\\n ${CROSS} Unable to move ${blacklistFile##*/} to ${piholeDir}"
|
||||
chmod a+r "${blackList}"
|
||||
}
|
||||
|
||||
# Trap Ctrl-C
|
||||
|
4
pihole
4
pihole
@ -151,10 +151,12 @@ Time:
|
||||
if [[ -e "${gravitylist}" ]]; then
|
||||
mv "${gravitylist}" "${gravitylist}.bck"
|
||||
echo "" > "${gravitylist}"
|
||||
chmod a+r "${gravitylist}"
|
||||
fi
|
||||
if [[ -e "${blacklist}" ]]; then
|
||||
mv "${blacklist}" "${blacklist}.bck"
|
||||
echo "" > "${blacklist}"
|
||||
chmod a+r "${blacklist}"
|
||||
fi
|
||||
if [[ $# > 1 ]]; then
|
||||
local error=false
|
||||
@ -206,9 +208,11 @@ Time:
|
||||
|
||||
if [[ -e "${gravitylist}.bck" ]]; then
|
||||
mv "${gravitylist}.bck" "${gravitylist}"
|
||||
chmod a+r "${gravitylist}"
|
||||
fi
|
||||
if [[ -e "${blacklist}.bck" ]]; then
|
||||
mv "${blacklist}.bck" "${blacklist}"
|
||||
chmod a+r "${blacklist}"
|
||||
fi
|
||||
sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
|
||||
echo "BLOCKING_ENABLED=true" >> "${setupVars}"
|
||||
|
Loading…
Reference in New Issue
Block a user