diff options
author | onefang | 2021-08-25 18:48:49 +1000 |
---|---|---|
committer | onefang | 2021-08-25 18:48:49 +1000 |
commit | a6362e420892869983ecf22c4f7134c1a5162d83 (patch) | |
tree | 31932eb2d3839d6955bca85a9628e5dbbf1ffbe7 | |
parent | New sledjchisl pane layout. (diff) | |
download | opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.zip opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.tar.gz opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.tar.bz2 opensim-SC-a6362e420892869983ecf22c4f7134c1a5162d83.tar.xz |
Move the directory creation and securing to just before starting ROBUST.
-rw-r--r-- | src/sledjchisl/sledjchisl.c | 216 |
1 files changed, 106 insertions, 110 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index ab81ee1..9b875f5 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c | |||
@@ -8324,115 +8324,6 @@ Build the OpenSim. | |||
8324 | } | 8324 | } |
8325 | 8325 | ||
8326 | 8326 | ||
8327 | //////////////////////////////////////////////////////////////////////////////////////////////////// | ||
8328 | // Sort out directories, part 2 | ||
8329 | //////////////////////////////////////////////////////////////////////////////////////////////////// | ||
8330 | |||
8331 | // TODO - only do this if in start mode. | ||
8332 | |||
8333 | // Doing this here coz at this point we should be the correct user. | ||
8334 | /* From man 7 inode - | ||
8335 | S_ISUID 04000 set-user-ID bit | ||
8336 | S_ISGID 02000 set-group-ID bit (see below) | ||
8337 | S_ISVTX 01000 sticky bit (see below) | ||
8338 | |||
8339 | S_IRWXU 00700 owner has read, write, and execute permission | ||
8340 | S_IRUSR 00400 owner has read permission | ||
8341 | S_IWUSR 00200 owner has write permission | ||
8342 | S_IXUSR 00100 owner has execute permission | ||
8343 | |||
8344 | S_IRWXG 00070 group has read, write, and execute permission | ||
8345 | S_IRGRP 00040 group has read permission | ||
8346 | S_IWGRP 00020 group has write permission | ||
8347 | S_IXGRP 00010 group has execute permission | ||
8348 | |||
8349 | S_IRWXO 00007 others (not in group) have read, write, and execute permission | ||
8350 | S_IROTH 00004 others have read permission | ||
8351 | S_IWOTH 00002 others have write permission | ||
8352 | S_IXOTH 00001 others have execute permission | ||
8353 | |||
8354 | The set-group-ID bit (S_ISGID) has several special uses. For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group | ||
8355 | ID from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the | ||
8356 | group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking. | ||
8357 | |||
8358 | The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory, | ||
8359 | and by a privileged process | ||
8360 | */ | ||
8361 | V("Making directories in %s.", scRoot); | ||
8362 | if ((! qfile_exist(scBin)) && (! qfile_mkdir(scBin, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBin); | ||
8363 | if ((! qfile_exist(scEtc)) && (! qfile_mkdir(scEtc, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scEtc); | ||
8364 | if ((! qfile_exist(scLib)) && (! qfile_mkdir(scLib, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLib); | ||
8365 | if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBackup); | ||
8366 | if ((! qfile_exist(scCache)) && (! qfile_mkdir(scCache, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scCache); | ||
8367 | if ((! qfile_exist(scData)) && (! qfile_mkdir(scData, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scData); | ||
8368 | if ((! qfile_exist(scLog)) && (! qfile_mkdir(scLog, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLog); | ||
8369 | if ((! qfile_exist(scTemp)) && (! qfile_mkdir(scTemp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scTemp); | ||
8370 | tmp = xmprintf("%s/sessions", scCache); | ||
8371 | if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); | ||
8372 | free(tmp); | ||
8373 | tmp = xmprintf("%s/users", scData); | ||
8374 | if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); | ||
8375 | free(tmp); | ||
8376 | tmp = xmprintf("%s/db", scData); | ||
8377 | if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); | ||
8378 | free(tmp); | ||
8379 | |||
8380 | /* TODO - tighten up security. | ||
8381 | Make sure correct permissions are set everywhere. | ||
8382 | sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH} | ||
8383 | |||
8384 | Create the /opt/opensim-SC directory structure. | ||
8385 | AssetFiles/data Think OpenSim creates all the sub directories itself? | ||
8386 | AssetFiles/tmp/spool Think OpenSim creates all the sub directories itself? | ||
8387 | config/config.ini (move that etc/config.ini later) | ||
8388 | . var/backups Copy examples/var/backups/*.IAR files, which are the newbie starter inventories. | ||
8389 | . var/cache Think OpenSim creates all the sub directories itself? | ||
8390 | . var/run HAS to be setup correctly BEFORE we try to start up tmux. | ||
8391 | web // Fill it with default web stuff from current -> example.. | ||
8392 | |||
8393 | */ | ||
8394 | I("Securing directories and files in %s.", scRoot); | ||
8395 | if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config*.ini", scRoot); | ||
8396 | if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/config/ROBUST/*.ini", scRoot); | ||
8397 | if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); | ||
8398 | if (shellMeFail("chmod ug+rw %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); | ||
8399 | if (shellMeFail("chmod g+s %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); | ||
8400 | if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config/*.ini", scRoot); | ||
8401 | if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/configROBUST/*.ini", scRoot); | ||
8402 | |||
8403 | if (shellMeFail("chmod ug=rwx,o= %s/AssetFiles", scRoot)) C("Can't set proper permissions for %s/AssetFiles", scRoot); | ||
8404 | if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scBackup)) C("Can't set proper permissions for %s", scBackup); | ||
8405 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scBin)) C("Can't set proper permissions for %s", scBin); | ||
8406 | if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scCache)) C("Can't set proper permissions for %s", scCache); | ||
8407 | if (shellMeFail("chmod ug=rwx,o= %s", scCache)) C("Can't set proper permissions for %s", scCache); | ||
8408 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scData)) C("Can't set proper permissions for %s", scData); | ||
8409 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scEtc)) C("Can't set proper permissions for %s", scEtc); | ||
8410 | if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); | ||
8411 | if (shellMeFail("chmod g+s %s", scEtc)) C("Can't set proper permissions for %s", scEtc); | ||
8412 | if (shellMeFail("chmod a+x %s/*.shini", scEtc)) C("Can't set proper permissions for %s/*.shini", scEtc); | ||
8413 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLib)) C("Can't set proper permissions for %s", scLib); | ||
8414 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLog)) C("Can't set proper permissions for %s", scLog); | ||
8415 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scTemp)) C("Can't set proper permissions for %s", scTemp); | ||
8416 | |||
8417 | // if (shellMeFail("chmod -R a+x %s/current/*.sh", scRoot)) C("Can't set proper permissions for %s/current/*.sh", scRoot); | ||
8418 | // if (shellMeFail("chmod -R a+x %s/current/scripts/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/*.sh", scRoot); | ||
8419 | // if (shellMeFail("chmod -R a+x %s/current/scripts/install/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/install/*.sh", scRoot); | ||
8420 | // if (shellMeFail("chmod a+x %s/current/scripts/show-console", scRoot)) C("Can't set proper permissions for %s/current/scripts/show-console", scRoot); | ||
8421 | // if (shellMeFail("chmod a+x %s/current/scripts/start-sim", scRoot)) C("Can't set proper permissions for %s/current/scripts/start-sim", scRoot); | ||
8422 | |||
8423 | char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot); | ||
8424 | tmp = xmprintf("%s/sledjchisl", scBin); | ||
8425 | V("Symlinking %s to %s", newPath, tmp); | ||
8426 | if (qfile_exist(tmp)) | ||
8427 | { | ||
8428 | if (shellMeFail("rm %s", tmp)) | ||
8429 | E("rm command failed!"); | ||
8430 | } | ||
8431 | if (0 != symlink(newPath, tmp)) | ||
8432 | perror_msg("Symlinking %s to %s", newPath, tmp); | ||
8433 | free(tmp); | ||
8434 | free(newPath); | ||
8435 | |||
8436 | 8327 | ||
8437 | //////////////////////////////////////////////////////////////////////////////////////////////////// | 8328 | //////////////////////////////////////////////////////////////////////////////////////////////////// |
8438 | // Other start up stuff. | 8329 | // Other start up stuff. |
@@ -8584,8 +8475,113 @@ Create the /opt/opensim-SC directory structure. | |||
8584 | // Start ROBUST or join the tmux session, or just figure out where the sims are running in tmux. | 8475 | // Start ROBUST or join the tmux session, or just figure out where the sims are running in tmux. |
8585 | if ((START == currentMode) && !checkSimIsRunning("ROBUST")) | 8476 | if ((START == currentMode) && !checkSimIsRunning("ROBUST")) |
8586 | { | 8477 | { |
8587 | char *c = xmprintf("cd %s/current/bin", scRoot); | 8478 | //////////////////////////////////////////////////////////////////////////////////////////////////// |
8479 | // Sort out directories, part 2 | ||
8480 | //////////////////////////////////////////////////////////////////////////////////////////////////// | ||
8481 | |||
8482 | // Doing this here coz at this point we should be the correct user, and we only want to do this during initial startup. | ||
8483 | /* From man 7 inode - | ||
8484 | S_ISUID 04000 set-user-ID bit | ||
8485 | S_ISGID 02000 set-group-ID bit (see below) | ||
8486 | S_ISVTX 01000 sticky bit (see below) | ||
8487 | |||
8488 | S_IRWXU 00700 owner has read, write, and execute permission | ||
8489 | S_IRUSR 00400 owner has read permission | ||
8490 | S_IWUSR 00200 owner has write permission | ||
8491 | S_IXUSR 00100 owner has execute permission | ||
8492 | |||
8493 | S_IRWXG 00070 group has read, write, and execute permission | ||
8494 | S_IRGRP 00040 group has read permission | ||
8495 | S_IWGRP 00020 group has write permission | ||
8496 | S_IXGRP 00010 group has execute permission | ||
8497 | |||
8498 | S_IRWXO 00007 others (not in group) have read, write, and execute permission | ||
8499 | S_IROTH 00004 others have read permission | ||
8500 | S_IWOTH 00002 others have write permission | ||
8501 | S_IXOTH 00001 others have execute permission | ||
8502 | |||
8503 | The set-group-ID bit (S_ISGID) has several special uses. For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group | ||
8504 | ID from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the | ||
8505 | group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking. | ||
8506 | |||
8507 | The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory, | ||
8508 | and by a privileged process | ||
8509 | */ | ||
8510 | V("Making directories in %s.", scRoot); | ||
8511 | if ((! qfile_exist(scBin)) && (! qfile_mkdir(scBin, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBin); | ||
8512 | if ((! qfile_exist(scEtc)) && (! qfile_mkdir(scEtc, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scEtc); | ||
8513 | if ((! qfile_exist(scLib)) && (! qfile_mkdir(scLib, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLib); | ||
8514 | if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBackup); | ||
8515 | if ((! qfile_exist(scCache)) && (! qfile_mkdir(scCache, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scCache); | ||
8516 | if ((! qfile_exist(scData)) && (! qfile_mkdir(scData, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scData); | ||
8517 | if ((! qfile_exist(scLog)) && (! qfile_mkdir(scLog, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLog); | ||
8518 | if ((! qfile_exist(scTemp)) && (! qfile_mkdir(scTemp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scTemp); | ||
8519 | tmp = xmprintf("%s/sessions", scCache); | ||
8520 | if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); | ||
8521 | free(tmp); | ||
8522 | tmp = xmprintf("%s/users", scData); | ||
8523 | if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); | ||
8524 | free(tmp); | ||
8525 | tmp = xmprintf("%s/db", scData); | ||
8526 | if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); | ||
8527 | free(tmp); | ||
8588 | 8528 | ||
8529 | /* TODO - tighten up security. | ||
8530 | Make sure correct permissions are set everywhere. | ||
8531 | sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH} | ||
8532 | |||
8533 | Create the /opt/opensim-SC directory structure. | ||
8534 | AssetFiles/data Think OpenSim creates all the sub directories itself? | ||
8535 | AssetFiles/tmp/spool Think OpenSim creates all the sub directories itself? | ||
8536 | config/config.ini (move that etc/config.ini later) | ||
8537 | . var/backups Copy examples/var/backups/*.IAR files, which are the newbie starter inventories. | ||
8538 | . var/cache Think OpenSim creates all the sub directories itself? | ||
8539 | . var/run HAS to be setup correctly BEFORE we try to start up tmux. | ||
8540 | web // Fill it with default web stuff from current -> example.. | ||
8541 | */ | ||
8542 | I("Securing directories and files in %s. This might take awhile.", scRoot); | ||
8543 | if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config*.ini", scRoot); | ||
8544 | if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/config/ROBUST/*.ini", scRoot); | ||
8545 | if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); | ||
8546 | if (shellMeFail("chmod ug+rw %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); | ||
8547 | if (shellMeFail("chmod g+s %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); | ||
8548 | if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config/*.ini", scRoot); | ||
8549 | if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/configROBUST/*.ini", scRoot); | ||
8550 | |||
8551 | if (shellMeFail("chmod ug=rwx,o= %s/AssetFiles", scRoot)) C("Can't set proper permissions for %s/AssetFiles", scRoot); | ||
8552 | if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scBackup)) C("Can't set proper permissions for %s", scBackup); | ||
8553 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scBin)) C("Can't set proper permissions for %s", scBin); | ||
8554 | if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scCache)) C("Can't set proper permissions for %s", scCache); | ||
8555 | if (shellMeFail("chmod ug=rwx,o= %s", scCache)) C("Can't set proper permissions for %s", scCache); | ||
8556 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scData)) C("Can't set proper permissions for %s", scData); | ||
8557 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scEtc)) C("Can't set proper permissions for %s", scEtc); | ||
8558 | if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); | ||
8559 | if (shellMeFail("chmod g+s %s", scEtc)) C("Can't set proper permissions for %s", scEtc); | ||
8560 | if (shellMeFail("chmod a+x %s/*.shini", scEtc)) C("Can't set proper permissions for %s/*.shini", scEtc); | ||
8561 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLib)) C("Can't set proper permissions for %s", scLib); | ||
8562 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLog)) C("Can't set proper permissions for %s", scLog); | ||
8563 | if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scTemp)) C("Can't set proper permissions for %s", scTemp); | ||
8564 | |||
8565 | // if (shellMeFail("chmod -R a+x %s/current/*.sh", scRoot)) C("Can't set proper permissions for %s/current/*.sh", scRoot); | ||
8566 | // if (shellMeFail("chmod -R a+x %s/current/scripts/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/*.sh", scRoot); | ||
8567 | // if (shellMeFail("chmod -R a+x %s/current/scripts/install/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/install/*.sh", scRoot); | ||
8568 | // if (shellMeFail("chmod a+x %s/current/scripts/show-console", scRoot)) C("Can't set proper permissions for %s/current/scripts/show-console", scRoot); | ||
8569 | // if (shellMeFail("chmod a+x %s/current/scripts/start-sim", scRoot)) C("Can't set proper permissions for %s/current/scripts/start-sim", scRoot); | ||
8570 | |||
8571 | char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot); | ||
8572 | tmp = xmprintf("%s/sledjchisl", scBin); | ||
8573 | V("Symlinking %s to %s", newPath, tmp); | ||
8574 | if (qfile_exist(tmp)) | ||
8575 | { | ||
8576 | if (shellMeFail("rm %s", tmp)) | ||
8577 | E("rm command failed!"); | ||
8578 | } | ||
8579 | if (0 != symlink(newPath, tmp)) | ||
8580 | perror_msg("Symlinking %s to %s", newPath, tmp); | ||
8581 | free(tmp); | ||
8582 | free(newPath); | ||
8583 | |||
8584 | char *c = xmprintf("cd %s/current/bin", scRoot); | ||
8589 | I("ROBUST is starting up."); | 8585 | I("ROBUST is starting up."); |
8590 | sendTmuxCmd("@0.%1", c); | 8586 | sendTmuxCmd("@0.%1", c); |
8591 | free(c); | 8587 | free(c); |