Make sure that /root in overlay is owned by root

as well as that /root/.ssh and its content is
only owned and readable by root. This is redundant
if the previous permissions were properly applied
and no other changes have been made by the user
or something else, but is added for good measure
as a layered defense.
This commit is contained in:
John Van de Meulebrouck Brendgard 2023-11-17 14:58:51 +01:00
parent ca353ed406
commit 75e566ab61
No known key found for this signature in database
GPG key ID: 807A5FD4B3337B77

View file

@ -14,10 +14,17 @@ if ! test -d "$MODEL_OVERLAY"; then
exit 0
fi
if [ -d "$MODEL_OVERLAY/root" ]; then
args=""
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
args="-v"
fi
if [ -d "$MODEL_OVERLAY/root" ]; then
chown ${args} root:root "$MODEL_OVERLAY"/root
chmod ${args} 0700 "$MODEL_OVERLAY"/root
fi
if [ -d "$MODEL_OVERLAY/root/.ssh" ]; then
chown ${args} -R root:root "$MODEL_OVERLAY"/root/.ssh
chmod ${args} 0700 "$MODEL_OVERLAY"/root/.ssh
fi