From b0b2bd331316f69572f78cbf5827961a3670ec1d Mon Sep 17 00:00:00 2001
From: onefang
Date: Wed, 11 Aug 2021 19:31:19 +1000
Subject: Work a bit on directory creation and tear down, as well as
 permissions.

---
 src/sledjchisl/sledjchisl.c | 75 +++++++++++++++++++++++++++++++++------------
 1 file changed, 55 insertions(+), 20 deletions(-)

diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 850a0c7..05e35a9 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -7652,24 +7652,57 @@ jit library is loaded or the JIT compiler will not be activated.
 // Sort out directories, part 2
 ////////////////////////////////////////////////////////////////////////////////////////////////////
   // Doing this here coz at this point we should be the correct user.
-  I("Making directories in %s.", scRoot);
-  if ((! qfile_exist(scBin))	  && (! qfile_mkdir(scBin,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scBin);
-  if ((! qfile_exist(scEtc))	  && (! qfile_mkdir(scEtc,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scEtc);
-  if ((! qfile_exist(scLib))	  && (! qfile_mkdir(scLib,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scLib);
-  if ((! qfile_exist(scRun))	  && (! qfile_mkdir(scRun,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_ISGID, true)))  C("Unable to create path %s", scRun);
-  if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scBackup);
-// TODO - the path to scCache/sledjchisl.socket needs to be readable by the www-data group.	So the FCGI socket will work.
-//	    AND it needs to be group sticky on opensimsc group.					So the tmux socket will work.
+  /* From man 7 inode -
+    S_ISUID     04000   set-user-ID bit
+    S_ISGID     02000   set-group-ID bit (see below)
+    S_ISVTX     01000   sticky bit (see below)
+
+    S_IRWXU     00700   owner has read, write, and execute permission
+    S_IRUSR     00400   owner has read permission
+    S_IWUSR     00200   owner has write permission
+    S_IXUSR     00100   owner has execute permission
+
+    S_IRWXG     00070   group has read, write, and execute permission
+    S_IRGRP     00040   group has read permission
+    S_IWGRP     00020   group has write permission
+    S_IXGRP     00010   group has execute permission
+
+    S_IRWXO     00007   others (not in group) have read, write, and execute permission
+    S_IROTH     00004   others have read permission
+    S_IWOTH     00002   others have write permission
+    S_IXOTH     00001   others have execute permission
+
+    The set-group-ID bit (S_ISGID) has several special uses.  For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group
+    ID  from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set.  For a file that does not have the
+    group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking.
+
+    The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory,
+    and by a  privileged process
+  */
+  V("Making directories in %s.", scRoot);
+  if ((! qfile_exist(scBin))	  && (! qfile_mkdir(scBin,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scBin);
+  if ((! qfile_exist(scEtc))	  && (! qfile_mkdir(scEtc,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scEtc);
+  if ((! qfile_exist(scLib))	  && (! qfile_mkdir(scLib,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scLib);
+  if ((! qfile_exist(scBackup))   && (! qfile_mkdir(scBackup,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scBackup);
+// TODO - the path to sledjchisl.socket needs to be readable by the www-data group.	So the FCGI socket will work.
+//	    AND it needs to be group sticky on opensimsc group.				So the tmux socket will work.
 //	    So currently scCache is www-data readable, and scRun is group sticky.
-  if ((! qfile_exist(scCache))  && (! qfile_mkdir(scCache,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scCache);
-  if ((! qfile_exist(scData))	  && (! qfile_mkdir(scData,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scData);
-  if ((! qfile_exist(scLog))	  && (! qfile_mkdir(scLog,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scLog);
-  if ((! qfile_exist(scTemp))	  && (! qfile_mkdir(scTemp,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scTemp);
+//	    Our big problem here is that opensimsc can't set group on it's own directories to www-data if it's not in that group.
+//	      And that's the only reason we need access to that group.
+//	    Put both in scRun, and make it other readable?
+//	      No idea of the SECURITY HOLE that might cause.
+//		DAMMIT!  chicken and egg, scRun has to exist before tmux runs, so it can create the socket in there,
+//			    but we can't create it until tmux runs.
+  if ((! qfile_exist(scCache))	  && (! qfile_mkdir(scCache,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scCache);
+//  if ((! qfile_exist(scRun))	  && (! qfile_mkdir(scRun,	S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH | S_ISGID, true)))  C("Unable to create path %s", scRun);
+  if ((! qfile_exist(scData))	  && (! qfile_mkdir(scData,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scData);
+  if ((! qfile_exist(scLog))	  && (! qfile_mkdir(scLog,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scLog);
+  if ((! qfile_exist(scTemp))	  && (! qfile_mkdir(scTemp,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", scTemp);
   tmp = xmprintf("%s/sessions", scCache);
-  if ((! qfile_exist(tmp))	  && (! qfile_mkdir(tmp,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", tmp);
+  if ((! qfile_exist(tmp))	  && (! qfile_mkdir(tmp,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", tmp);
   free(tmp);
   tmp = xmprintf("%s/users", scData);
-  if ((! qfile_exist(tmp))	  && (! qfile_mkdir(tmp,	S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", tmp);
+  if ((! qfile_exist(tmp))	  && (! qfile_mkdir(tmp,	S_IRWXU | S_IRGRP | S_IXGRP, true)))  C("Unable to create path %s", tmp);
   free(tmp);
 
   char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot);
@@ -7901,12 +7934,14 @@ jit library is loaded or the JIT compiler will not be activated.
     {
       if (checkSimIsRunning("ROBUST") && (NULL == ourSims->target))
       {
-        // TODO - remove this once we handle the fcgi stuff ourselves.
-        I("Starting the web stuff.");
-        char *c = xmprintf("spawn-fcgi -n -u %s -s %s/sledjchisl.socket -M 0660 -G www-data  -- /usr/bin/valgrind --leak-check=full sledjchisl",
-        scUser, scCache, scRoot);
-        sendTmuxCmd(Ttab, c);
-        free(c);
+	// TODO - remove this once we handle the fcgi stuff ourselves.
+	I("Starting the web stuff.");
+	// Make the FCGI socket world read / write, coz we can't set it to group www-data, since -G only works for root, and we ain't root.
+	// TODO - BIG SECURITY HOLE???
+	char *c = xmprintf("spawn-fcgi -n -u %s -s %s/sledjchisl.socket -M 0666 -G www-data  -- /usr/bin/valgrind --leak-check=full sledjchisl",
+	scUser, scRun, scRoot);
+	sendTmuxCmd(Ttab, c);
+	free(c);
       }
       else
         I("NOT Starting the web stuff.");
-- 
cgit v1.1