Commit 6552f717 authored by mh's avatar mh
Browse files

whitespace clanup

parent 06416c28
......@@ -11,13 +11,13 @@ def script_option_keys
end
# further settings files used by this script
def script_settings_files_def
{
'adjust_permissions.dirs' => {
:uid => sftp_user_uid,
:gid => group_gid,
def script_settings_files_def
{
'adjust_permissions.dirs' => {
:uid => sftp_user_uid,
:gid => group_gid,
:reject_mmask => 0007 }
}
}
end
# verify security related things to that script
......
......@@ -24,7 +24,7 @@ def _settings_files_map_and_check(files)
files.each do |file, options|
file_path = File.expand_path(File.join(@base_dir,file))
stat = File.stat(file_path)
security_fail("#{file} does not exist.") unless File.exists?(file_path)
security_fail("#{file} does not exist.") unless File.exists?(file_path)
security_fail("#{file} has insecure permissions. Expected uid to be #{options[:uid]}") unless options[:uid].nil? || stat.uid == options[:uid]
security_fail("#{file} has insecure permissions. Expected gid to be #{options[:gid]}") unless options[:gid].nil? || stat.gid == options[:gid]
security_fail("#{file} has insecure permissions. Mode should not apply to mask #{options[:reject_mmask]}") unless options[:reject_mmask].nil? || (stat.mode & options[:reject_mmask] == 0)
......@@ -35,8 +35,8 @@ end
def settings_files_def
{
options_filename => {
:uid => 0,
options_filename => {
:uid => 0,
:reject_mmask => 0027 }
}
end
......@@ -99,8 +99,8 @@ def sftp_user_uid
@stp_user_uid ||= Etc.getpwnam(options['sftp_user']).uid
end
def run_user_uid
@run_user_uid ||= Etc.getpwnam(options['run_user']).uid
def run_user_uid
@run_user_uid ||= Etc.getpwnam(options['run_user']).uid
end
def group_gid
......@@ -152,7 +152,7 @@ end
def on_filelist(list,owner)
list.each_line do |path|
path = File.expand_path(path.chomp)
if path.start_with? "#{options['webdir']}"
if path.start_with? "#{options['webdir']}"
if (File.directory?(path)||File.file?(path))
if File.stat(path).uid == owner
yield path
......
......@@ -9,7 +9,7 @@ def script_option_keys
end
# further settings files used by this script
def script_settings_files_def
def script_settings_files_def
end
# verify security related things to that script
......@@ -44,7 +44,7 @@ end
def update_mode
cmd("getfacl --absolute-names -R #{shellescape(options['webdir'])} > #{perm_file}")
FileUtils.chmod 0400, "#{perm_file}"
chown_R(sftp_user_uid,options['run_user'])
end
......@@ -60,13 +60,13 @@ def reset_update_mode
File.delete(perm_file)
# set group write permissions to newly created files, if they are in a
# set group write permissions to newly created files, if they are in a
# preexisting folder, which has group write permissions:
# --
# First collect preexisting directories with group write access
dirs = cmd("find #{shellescape(options['webdir'])} -user #{options['sftp_user']} -type d -perm /g+w")
on_filelist(dirs,sftp_user_uid) do |path|
# collect any newly created file or folder within and make
# collect any newly created file or folder within and make
# them writeable by the group
dirs = cmd("find #{shellescape(path)} -user #{options['run_user']} -type d")
files = cmd("find #{shellescape(path)} -user #{options['run_user']} -type f")
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment