From f0a4621cdad9f7b772453a6f50175e95bfe88546 Mon Sep 17 00:00:00 2001 From: onefang Date: Thu, 2 Sep 2021 12:27:41 +1000 Subject: Move Sort out directories, part 2 earlier. --- src/sledjchisl/sledjchisl.c | 217 ++++++++++++++++++++++---------------------- 1 file changed, 111 insertions(+), 106 deletions(-) diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 1709357..9637a85 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c @@ -8552,10 +8552,121 @@ Build the OpenSim. } + if ((!isWeb) && (START == currentMode) && (0 == toys.optc)) + { +//////////////////////////////////////////////////////////////////////////////////////////////////// +// Sort out directories, part 2 +//////////////////////////////////////////////////////////////////////////////////////////////////// + + // Doing this here coz at this point we should be the correct user, and we only want to do this during initial startup. + /* From man 7 inode - + S_ISUID 04000 set-user-ID bit + S_ISGID 02000 set-group-ID bit (see below) + S_ISVTX 01000 sticky bit (see below) + + S_IRWXU 00700 owner has read, write, and execute permission + S_IRUSR 00400 owner has read permission + S_IWUSR 00200 owner has write permission + S_IXUSR 00100 owner has execute permission + + S_IRWXG 00070 group has read, write, and execute permission + S_IRGRP 00040 group has read permission + S_IWGRP 00020 group has write permission + S_IXGRP 00010 group has execute permission + + S_IRWXO 00007 others (not in group) have read, write, and execute permission + S_IROTH 00004 others have read permission + S_IWOTH 00002 others have write permission + S_IXOTH 00001 others have execute permission + + The set-group-ID bit (S_ISGID) has several special uses. For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group + ID from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the + group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking. + + The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory, + and by a privileged process + */ + V("Making directories in %s.", scRoot); + if ((! qfile_exist(scBin)) && (! qfile_mkdir(scBin, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBin); + if ((! qfile_exist(scEtc)) && (! qfile_mkdir(scEtc, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scEtc); + if ((! qfile_exist(scLib)) && (! qfile_mkdir(scLib, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLib); + if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBackup); + if ((! qfile_exist(scCache)) && (! qfile_mkdir(scCache, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scCache); + if ((! qfile_exist(scData)) && (! qfile_mkdir(scData, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scData); + if ((! qfile_exist(scLog)) && (! qfile_mkdir(scLog, S_IRWXU, true))) C("Unable to create path %s", scLog); + if ((! qfile_exist(scTemp)) && (! qfile_mkdir(scTemp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scTemp); + tmp = xmprintf("%s/sessions", scCache); + if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); + free(tmp); + tmp = xmprintf("%s/users", scData); + if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); + free(tmp); + tmp = xmprintf("%s/db", scData); + if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); + free(tmp); + +/* TODO - tighten up security. +Make sure correct permissions are set everywhere. + sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH} + +Create the /opt/opensim-SC directory structure. + AssetFiles/data Think OpenSim creates all the sub directories itself? + AssetFiles/tmp/spool Think OpenSim creates all the sub directories itself? + config/config.ini (move that etc/config.ini later) +. var/backups Copy examples/var/backups/*.IAR files, which are the newbie starter inventories. +. var/cache Think OpenSim creates all the sub directories itself? +. var/run HAS to be setup correctly BEFORE we try to start up tmux. + web // Fill it with default web stuff from current -> example.. +*/ + I("Securing directories and files in %s. This might take awhile.", scRoot); + if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config*.ini", scRoot); + if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/config/ROBUST/*.ini", scRoot); + if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); + if (shellMeFail("chmod ug+rw %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); + if (shellMeFail("chmod g+s %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); + if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config/*.ini", scRoot); + if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/configROBUST/*.ini", scRoot); + + if (shellMeFail("chmod ug=rwx,o= %s/AssetFiles", scRoot)) C("Can't set proper permissions for %s/AssetFiles", scRoot); + if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scBackup)) C("Can't set proper permissions for %s", scBackup); + if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scBin)) C("Can't set proper permissions for %s", scBin); + if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scCache)) C("Can't set proper permissions for %s", scCache); + if (shellMeFail("chmod ug=rwx,o= %s", scCache)) C("Can't set proper permissions for %s", scCache); + if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scData)) C("Can't set proper permissions for %s", scData); + if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scEtc)) C("Can't set proper permissions for %s", scEtc); + if (shellMeFail("chmod u=rw,g=r,o= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); + if (shellMeFail("chmod g+s %s", scEtc)) C("Can't set proper permissions for %s", scEtc); + if (shellMeFail("chmod a+x %s/*.shini", scEtc)) C("Can't set proper permissions for %s/*.shini", scEtc); + if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLib)) C("Can't set proper permissions for %s", scLib); + if (shellMeFail("chmod -fR u=rw,u+X,go= %s", scLog)) C("Can't set proper permissions for %s", scLog); + if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scTemp)) C("Can't set proper permissions for %s", scTemp); + +// if (shellMeFail("chmod -R a+x %s/current/*.sh", scRoot)) C("Can't set proper permissions for %s/current/*.sh", scRoot); +// if (shellMeFail("chmod -R a+x %s/current/scripts/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/*.sh", scRoot); +// if (shellMeFail("chmod -R a+x %s/current/scripts/install/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/install/*.sh", scRoot); +// if (shellMeFail("chmod a+x %s/current/scripts/show-console", scRoot)) C("Can't set proper permissions for %s/current/scripts/show-console", scRoot); +// if (shellMeFail("chmod a+x %s/current/scripts/start-sim", scRoot)) C("Can't set proper permissions for %s/current/scripts/start-sim", scRoot); + + char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot); + tmp = xmprintf("%s/sledjchisl", scBin); + V("Symlinking %s to %s", newPath, tmp); + if (qfile_exist(tmp)) + { + if (shellMeFail("rm %s", tmp)) + E("rm command failed!"); + } + if (0 != symlink(newPath, tmp)) + perror_msg("Symlinking %s to %s", newPath, tmp); + free(tmp); + free(newPath); + } + + //////////////////////////////////////////////////////////////////////////////////////////////////// // Other start up stuff. //////////////////////////////////////////////////////////////////////////////////////////////////// getSims(); + if (isTmux || isWeb) { char *d; @@ -8687,112 +8798,6 @@ Build the OpenSim. // Start ROBUST or join the tmux session, or just figure out where the sims are running in tmux. if ((START == currentMode) && !checkSimIsRunning("ROBUST")) { -//////////////////////////////////////////////////////////////////////////////////////////////////// -// Sort out directories, part 2 -//////////////////////////////////////////////////////////////////////////////////////////////////// - - // Doing this here coz at this point we should be the correct user, and we only want to do this during initial startup. - /* From man 7 inode - - S_ISUID 04000 set-user-ID bit - S_ISGID 02000 set-group-ID bit (see below) - S_ISVTX 01000 sticky bit (see below) - - S_IRWXU 00700 owner has read, write, and execute permission - S_IRUSR 00400 owner has read permission - S_IWUSR 00200 owner has write permission - S_IXUSR 00100 owner has execute permission - - S_IRWXG 00070 group has read, write, and execute permission - S_IRGRP 00040 group has read permission - S_IWGRP 00020 group has write permission - S_IXGRP 00010 group has execute permission - - S_IRWXO 00007 others (not in group) have read, write, and execute permission - S_IROTH 00004 others have read permission - S_IWOTH 00002 others have write permission - S_IXOTH 00001 others have execute permission - - The set-group-ID bit (S_ISGID) has several special uses. For a directory, it indicates that BSD semantics is to be used for that directory: files created there inherit their group - ID from the directory, not from the effective group ID of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the - group execution bit (S_IXGRP) set, the set-group-ID bit indicates mandatory file/record locking. - - The sticky bit (S_ISVTX) on a directory means that a file in that directory can be renamed or deleted only by the owner of the file, by the owner of the directory, - and by a privileged process - */ - V("Making directories in %s.", scRoot); - if ((! qfile_exist(scBin)) && (! qfile_mkdir(scBin, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBin); - if ((! qfile_exist(scEtc)) && (! qfile_mkdir(scEtc, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scEtc); - if ((! qfile_exist(scLib)) && (! qfile_mkdir(scLib, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scLib); - if ((! qfile_exist(scBackup)) && (! qfile_mkdir(scBackup, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scBackup); - if ((! qfile_exist(scCache)) && (! qfile_mkdir(scCache, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scCache); - if ((! qfile_exist(scData)) && (! qfile_mkdir(scData, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scData); - if ((! qfile_exist(scLog)) && (! qfile_mkdir(scLog, S_IRWXU, true))) C("Unable to create path %s", scLog); - if ((! qfile_exist(scTemp)) && (! qfile_mkdir(scTemp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", scTemp); - tmp = xmprintf("%s/sessions", scCache); - if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); - free(tmp); - tmp = xmprintf("%s/users", scData); - if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); - free(tmp); - tmp = xmprintf("%s/db", scData); - if ((! qfile_exist(tmp)) && (! qfile_mkdir(tmp, S_IRWXU | S_IRGRP | S_IXGRP, true))) C("Unable to create path %s", tmp); - free(tmp); - -/* TODO - tighten up security. -Make sure correct permissions are set everywhere. - sudo chown -R ${OS_USER}:${OS_USER} ${OS_PATH} - -Create the /opt/opensim-SC directory structure. - AssetFiles/data Think OpenSim creates all the sub directories itself? - AssetFiles/tmp/spool Think OpenSim creates all the sub directories itself? - config/config.ini (move that etc/config.ini later) -. var/backups Copy examples/var/backups/*.IAR files, which are the newbie starter inventories. -. var/cache Think OpenSim creates all the sub directories itself? -. var/run HAS to be setup correctly BEFORE we try to start up tmux. - web // Fill it with default web stuff from current -> example.. -*/ - I("Securing directories and files in %s. This might take awhile.", scRoot); - if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config*.ini", scRoot); - if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/config/ROBUST/*.ini", scRoot); - if (shellMeFail("chmod u=rw,go= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); - if (shellMeFail("chmod ug+rw %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); - if (shellMeFail("chmod g+s %s/config", scRoot)) C("Can't set proper permissions for %s/config", scRoot); - if (shellMeFail("chmod u=rw,go= %s/config/*.ini", scRoot)) C("Can't set proper permissions for %s/config/*.ini", scRoot); - if (shellMeFail("chmod u=rw,go= %s/config/ROBUST/*.ini", scRoot)) C("Can't set proper permissions for %s/configROBUST/*.ini", scRoot); - - if (shellMeFail("chmod ug=rwx,o= %s/AssetFiles", scRoot)) C("Can't set proper permissions for %s/AssetFiles", scRoot); - if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scBackup)) C("Can't set proper permissions for %s", scBackup); - if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scBin)) C("Can't set proper permissions for %s", scBin); - if (shellMeFail("chmod -fR ug=rw,o=,a+X %s", scCache)) C("Can't set proper permissions for %s", scCache); - if (shellMeFail("chmod ug=rwx,o= %s", scCache)) C("Can't set proper permissions for %s", scCache); - if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scData)) C("Can't set proper permissions for %s", scData); - if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scEtc)) C("Can't set proper permissions for %s", scEtc); - if (shellMeFail("chmod u=rw,g=r,o= %s/.sledjChisl.conf.lua", scEtc)) C("Can't set proper permissions for %s/.sledjChisl.conf.lua", scEtc); - if (shellMeFail("chmod g+s %s", scEtc)) C("Can't set proper permissions for %s", scEtc); - if (shellMeFail("chmod a+x %s/*.shini", scEtc)) C("Can't set proper permissions for %s/*.shini", scEtc); - if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scLib)) C("Can't set proper permissions for %s", scLib); - if (shellMeFail("chmod -fR u=rw,u+X,go= %s", scLog)) C("Can't set proper permissions for %s", scLog); - if (shellMeFail("chmod -fR a=r,ug=rw,a+X %s", scTemp)) C("Can't set proper permissions for %s", scTemp); - -// if (shellMeFail("chmod -R a+x %s/current/*.sh", scRoot)) C("Can't set proper permissions for %s/current/*.sh", scRoot); -// if (shellMeFail("chmod -R a+x %s/current/scripts/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/*.sh", scRoot); -// if (shellMeFail("chmod -R a+x %s/current/scripts/install/*.sh", scRoot)) C("Can't set proper permissions for %s/current/scripts/install/*.sh", scRoot); -// if (shellMeFail("chmod a+x %s/current/scripts/show-console", scRoot)) C("Can't set proper permissions for %s/current/scripts/show-console", scRoot); -// if (shellMeFail("chmod a+x %s/current/scripts/start-sim", scRoot)) C("Can't set proper permissions for %s/current/scripts/start-sim", scRoot); - - char *newPath = xmprintf("%s/current/bin/sledjchisl", scRoot); - tmp = xmprintf("%s/sledjchisl", scBin); - V("Symlinking %s to %s", newPath, tmp); - if (qfile_exist(tmp)) - { - if (shellMeFail("rm %s", tmp)) - E("rm command failed!"); - } - if (0 != symlink(newPath, tmp)) - perror_msg("Symlinking %s to %s", newPath, tmp); - free(tmp); - free(newPath); - char *c = xmprintf("cd %s", scRoot); I("ROBUST is starting up."); sendTmuxCmd("@0.%1", c); -- cgit v1.1