mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 06:48:07 +00:00
Remove read permission for others on senible log files
Signed-off-by: Christian König <ckoenig@posteo.de>
This commit is contained in:
parent
b20aa865b9
commit
954a0c2a14
@ -1394,7 +1394,7 @@ curl_to_tricorder() {
|
||||
upload_to_tricorder() {
|
||||
local username="pihole"
|
||||
# Set the permissions and owner
|
||||
chmod 644 ${PIHOLE_DEBUG_LOG}
|
||||
chmod 640 ${PIHOLE_DEBUG_LOG}
|
||||
chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG}
|
||||
|
||||
# Let the user know debugging is complete with something strikingly visual
|
||||
|
@ -46,7 +46,7 @@ if [[ "$@" == *"once"* ]]; then
|
||||
# moved file (it will have the same file handler)
|
||||
cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1
|
||||
echo " " > /var/log/pihole/pihole.log
|
||||
chmod 644 /var/log/pihole/pihole.log
|
||||
chmod 640 /var/log/pihole/pihole.log
|
||||
fi
|
||||
else
|
||||
# Manual flushing
|
||||
@ -59,7 +59,7 @@ else
|
||||
echo " " > /var/log/pihole/pihole.log
|
||||
if [ -f /var/log/pihole/pihole.log.1 ]; then
|
||||
echo " " > /var/log/pihole/pihole.log.1
|
||||
chmod 644 /var/log/pihole/pihole.log.1
|
||||
chmod 640 /var/log/pihole/pihole.log.1
|
||||
fi
|
||||
fi
|
||||
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)
|
||||
|
@ -71,12 +71,13 @@ start() {
|
||||
[ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
|
||||
[ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
|
||||
[ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log
|
||||
[ ! -f /var/log/pihole/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
|
||||
[ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
|
||||
[ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
|
||||
# Ensure that permissions are set so that pihole-FTL can edit all necessary files
|
||||
chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
|
||||
# Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
|
||||
chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log
|
||||
chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log
|
||||
chmod -f 0640 /var/log/pihole/pihole.log
|
||||
# Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
|
||||
chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
|
||||
# Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
|
||||
|
Loading…
Reference in New Issue
Block a user