aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authoronefang2021-08-25 18:48:49 +1000
committeronefang2021-08-25 18:48:49 +1000
commita6362e420892869983ecf22c4f7134c1a5162d83 (patch)
tree31932eb2d3839d6955bca85a9628e5dbbf1ffbe7
parentNew sledjchisl pane layout. (diff)
downloadopensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.zip
opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.tar.gz
opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.tar.bz2
opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.tar.xz
Move the directory creation and securing to just before starting ROBUST.
-rw-r--r--src/sledjchisl/sledjchisl.c216
1 files changed, 106 insertions, 110 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index ab81ee1..9b875f5 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -8324,115 +8324,6 @@ Build the OpenSim.
8324 } 8324 }
8325 8325
8326 8326
8327////////////////////////////////////////////////////////////////////////////////////////////////////
8328// Sort out directories, part 2
8329////////////////////////////////////////////////////////////////////////////////////////////////////
8330
8331// TODO - only do this if in start mode.
8332
8333 // Doing this here coz at this point we should be the correct user.
8334 /* From man 7 inode -
8335 S_ISUID 04000 set-user-ID bit
8336 S_ISGID 02000 set-group-ID bit (see below)
8337 S_ISVTX 01000 sticky bit (see below)
8338
8339 S_IRWXU 00700 owner has read, write, and execute permission
8340 S_IRUSR 00400 owner has read permission
8341 S_IWUSR 00200 owner has write permission
8342 S_IXUSR 00100 owner has execute permission
8343
8344 S_IRWXG 00070 group has read, write, and execute permission
8345 S_IRGRP 00040 group has read permission
8346 S_IWGRP 00020 group has write permission
8347 S_IXGRP 00010 group has execute permission
8348
8349 S_IRWXO 00007 others (not in group) have read, write, and execute permission
8350 S_IROTH 00004 others have read permission
8351 S_IWOTH 00002 others have write permission
8352 S_IXOTH 00001 others have execute permission
8353
8354 The set-group-ID bit (S_ISGID) has several special uses. For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group
8355 ID from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the
8356 group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking.
8357
8358 The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory,
8359 and by a privileged process
8360 */
8361 V("Making directories in %s.", scRoot);
8362 if ((! qfile_exist(scBin)) && (! qfile_mkdir(scBin, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBin);
8363 if ((! qfile_exist(scEtc)) && (! qfile_mkdir(scEtc, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scEtc);
8364 if ((! qfile_exist(scLib)) && (! qfile_mkdir(scLib, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLib);
8365 if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBackup);
8366 if ((! qfile_exist(scCache)) && (! qfile_mkdir(scCache, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scCache);
8367 if ((! qfile_exist(scData)) && (! qfile_mkdir(scData, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scData);
8368 if ((! qfile_exist(scLog)) && (! qfile_mkdir(scLog, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLog);
8369 if ((! qfile_exist(scTemp)) && (! qfile_mkdir(scTemp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scTemp);
8370 tmp = xmprintf("%s/sessions", scCache);
8371 if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp);
8372 free(tmp);
8373 tmp = xmprintf("%s/users", scData);
8374 if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp);
8375 free(tmp);
8376 tmp = xmprintf("%s/db", scData);
8377 if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp);
8378 free(tmp);
8379
8380/* TODO - tighten up security.
8381Make sure correct permissions are set everywhere.
8382 sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH}
8383
8384Create the /opt/opensim-SC directory structure.
8385 AssetFiles/data Think OpenSim creates all the sub directories itself?
8386 AssetFiles/tmp/spool Think OpenSim creates all the sub directories itself?
8387 config/config.ini (move that etc/config.ini later)
8388. var/backups Copy examples/var/backups/*.IAR files, which are the newbie starter inventories.
8389. var/cache Think OpenSim creates all the sub directories itself?
8390. var/run HAS to be setup correctly BEFORE we try to start up tmux.
8391 web // Fill it with default web stuff from current -> example..
8392
8393*/
8394 I("Securing directories and files in %s.", scRoot);
8395 if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config*.ini", scRoot);
8396 if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/config/ROBUST/*.ini", scRoot);
8397 if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc);
8398 if (shellMeFail("chmod ug+rw %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot);
8399 if (shellMeFail("chmod g+s %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot);
8400 if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config/*.ini", scRoot);
8401 if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/configROBUST/*.ini", scRoot);
8402
8403 if (shellMeFail("chmod ug=rwx,o= %s/AssetFiles", scRoot)) C("Can't set proper permissions for %s/AssetFiles", scRoot);
8404 if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scBackup)) C("Can't set proper permissions for %s", scBackup);
8405 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scBin)) C("Can't set proper permissions for %s", scBin);
8406 if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scCache)) C("Can't set proper permissions for %s", scCache);
8407 if (shellMeFail("chmod ug=rwx,o= %s", scCache)) C("Can't set proper permissions for %s", scCache);
8408 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scData)) C("Can't set proper permissions for %s", scData);
8409 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scEtc)) C("Can't set proper permissions for %s", scEtc);
8410 if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc);
8411 if (shellMeFail("chmod g+s %s", scEtc)) C("Can't set proper permissions for %s", scEtc);
8412 if (shellMeFail("chmod a+x %s/*.shini", scEtc)) C("Can't set proper permissions for %s/*.shini", scEtc);
8413 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLib)) C("Can't set proper permissions for %s", scLib);
8414 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLog)) C("Can't set proper permissions for %s", scLog);
8415 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scTemp)) C("Can't set proper permissions for %s", scTemp);
8416
8417// if (shellMeFail("chmod -R a+x %s/current/*.sh", scRoot)) C("Can't set proper permissions for %s/current/*.sh", scRoot);
8418// if (shellMeFail("chmod -R a+x %s/current/scripts/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/*.sh", scRoot);
8419// if (shellMeFail("chmod -R a+x %s/current/scripts/install/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/install/*.sh", scRoot);
8420// if (shellMeFail("chmod a+x %s/current/scripts/show-console", scRoot)) C("Can't set proper permissions for %s/current/scripts/show-console", scRoot);
8421// if (shellMeFail("chmod a+x %s/current/scripts/start-sim", scRoot)) C("Can't set proper permissions for %s/current/scripts/start-sim", scRoot);
8422
8423 char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot);
8424 tmp = xmprintf("%s/sledjchisl", scBin);
8425 V("Symlinking %s to %s", newPath, tmp);
8426 if (qfile_exist(tmp))
8427 {
8428 if (shellMeFail("rm %s", tmp))
8429 E("rm command failed!");
8430 }
8431 if (0 != symlink(newPath, tmp))
8432 perror_msg("Symlinking %s to %s", newPath, tmp);
8433 free(tmp);
8434 free(newPath);
8435
8436 8327
8437//////////////////////////////////////////////////////////////////////////////////////////////////// 8328////////////////////////////////////////////////////////////////////////////////////////////////////
8438// Other start up stuff. 8329// Other start up stuff.
@@ -8584,8 +8475,113 @@ Create the /opt/opensim-SC directory structure.
8584 // Start ROBUST or join the tmux session, or just figure out where the sims are running in tmux. 8475 // Start ROBUST or join the tmux session, or just figure out where the sims are running in tmux.
8585 if ((START == currentMode) && !checkSimIsRunning("ROBUST")) 8476 if ((START == currentMode) && !checkSimIsRunning("ROBUST"))
8586 { 8477 {
8587 char *c = xmprintf("cd %s/current/bin", scRoot); 8478////////////////////////////////////////////////////////////////////////////////////////////////////
8479// Sort out directories, part 2
8480////////////////////////////////////////////////////////////////////////////////////////////////////
8481
8482 // Doing this here coz at this point we should be the correct user, and we only want to do this during initial startup.
8483 /* From man 7 inode -
8484 S_ISUID 04000 set-user-ID bit
8485 S_ISGID 02000 set-group-ID bit (see below)
8486 S_ISVTX 01000 sticky bit (see below)
8487
8488 S_IRWXU 00700 owner has read, write, and execute permission
8489 S_IRUSR 00400 owner has read permission
8490 S_IWUSR 00200 owner has write permission
8491 S_IXUSR 00100 owner has execute permission
8492
8493 S_IRWXG 00070 group has read, write, and execute permission
8494 S_IRGRP 00040 group has read permission
8495 S_IWGRP 00020 group has write permission
8496 S_IXGRP 00010 group has execute permission
8497
8498 S_IRWXO 00007 others (not in group) have read, write, and execute permission
8499 S_IROTH 00004 others have read permission
8500 S_IWOTH 00002 others have write permission
8501 S_IXOTH 00001 others have execute permission
8502
8503 The set-group-ID bit (S_ISGID) has several special uses. For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group
8504 ID from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the
8505 group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking.
8506
8507 The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory,
8508 and by a privileged process
8509 */
8510 V("Making directories in %s.", scRoot);
8511 if ((! qfile_exist(scBin)) && (! qfile_mkdir(scBin, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBin);
8512 if ((! qfile_exist(scEtc)) && (! qfile_mkdir(scEtc, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scEtc);
8513 if ((! qfile_exist(scLib)) && (! qfile_mkdir(scLib, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLib);
8514 if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBackup);
8515 if ((! qfile_exist(scCache)) && (! qfile_mkdir(scCache, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scCache);
8516 if ((! qfile_exist(scData)) && (! qfile_mkdir(scData, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scData);
8517 if ((! qfile_exist(scLog)) && (! qfile_mkdir(scLog, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLog);
8518 if ((! qfile_exist(scTemp)) && (! qfile_mkdir(scTemp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scTemp);
8519 tmp = xmprintf("%s/sessions", scCache);
8520 if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp);
8521 free(tmp);
8522 tmp = xmprintf("%s/users", scData);
8523 if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp);
8524 free(tmp);
8525 tmp = xmprintf("%s/db", scData);
8526 if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp);
8527 free(tmp);
8588 8528
8529/* TODO - tighten up security.
8530Make sure correct permissions are set everywhere.
8531 sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH}
8532
8533Create the /opt/opensim-SC directory structure.
8534 AssetFiles/data Think OpenSim creates all the sub directories itself?
8535 AssetFiles/tmp/spool Think OpenSim creates all the sub directories itself?
8536 config/config.ini (move that etc/config.ini later)
8537. var/backups Copy examples/var/backups/*.IAR files, which are the newbie starter inventories.
8538. var/cache Think OpenSim creates all the sub directories itself?
8539. var/run HAS to be setup correctly BEFORE we try to start up tmux.
8540 web // Fill it with default web stuff from current -> example..
8541*/
8542 I("Securing directories and files in %s. This might take awhile.", scRoot);
8543 if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config*.ini", scRoot);
8544 if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/config/ROBUST/*.ini", scRoot);
8545 if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc);
8546 if (shellMeFail("chmod ug+rw %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot);
8547 if (shellMeFail("chmod g+s %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot);
8548 if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config/*.ini", scRoot);
8549 if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/configROBUST/*.ini", scRoot);
8550
8551 if (shellMeFail("chmod ug=rwx,o= %s/AssetFiles", scRoot)) C("Can't set proper permissions for %s/AssetFiles", scRoot);
8552 if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scBackup)) C("Can't set proper permissions for %s", scBackup);
8553 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scBin)) C("Can't set proper permissions for %s", scBin);
8554 if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scCache)) C("Can't set proper permissions for %s", scCache);
8555 if (shellMeFail("chmod ug=rwx,o= %s", scCache)) C("Can't set proper permissions for %s", scCache);
8556 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scData)) C("Can't set proper permissions for %s", scData);
8557 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scEtc)) C("Can't set proper permissions for %s", scEtc);
8558 if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc);
8559 if (shellMeFail("chmod g+s %s", scEtc)) C("Can't set proper permissions for %s", scEtc);
8560 if (shellMeFail("chmod a+x %s/*.shini", scEtc)) C("Can't set proper permissions for %s/*.shini", scEtc);
8561 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLib)) C("Can't set proper permissions for %s", scLib);
8562 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLog)) C("Can't set proper permissions for %s", scLog);
8563 if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scTemp)) C("Can't set proper permissions for %s", scTemp);
8564
8565// if (shellMeFail("chmod -R a+x %s/current/*.sh", scRoot)) C("Can't set proper permissions for %s/current/*.sh", scRoot);
8566// if (shellMeFail("chmod -R a+x %s/current/scripts/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/*.sh", scRoot);
8567// if (shellMeFail("chmod -R a+x %s/current/scripts/install/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/install/*.sh", scRoot);
8568// if (shellMeFail("chmod a+x %s/current/scripts/show-console", scRoot)) C("Can't set proper permissions for %s/current/scripts/show-console", scRoot);
8569// if (shellMeFail("chmod a+x %s/current/scripts/start-sim", scRoot)) C("Can't set proper permissions for %s/current/scripts/start-sim", scRoot);
8570
8571 char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot);
8572 tmp = xmprintf("%s/sledjchisl", scBin);
8573 V("Symlinking %s to %s", newPath, tmp);
8574 if (qfile_exist(tmp))
8575 {
8576 if (shellMeFail("rm %s", tmp))
8577 E("rm command failed!");
8578 }
8579 if (0 != symlink(newPath, tmp))
8580 perror_msg("Symlinking %s to %s", newPath, tmp);
8581 free(tmp);
8582 free(newPath);
8583
8584 char *c = xmprintf("cd %s/current/bin", scRoot);
8589 I("ROBUST is starting up."); 8585 I("ROBUST is starting up.");
8590 sendTmuxCmd("@0.%1", c); 8586 sendTmuxCmd("@0.%1", c);
8591 free(c); 8587 free(c);