mifr/ceph-ops
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Make sure that /root in overlay is owned by root

Browse source 
as well as that /root/.ssh and its content is
only owned and readable by root. This is redundant
if the previous permissions were properly applied
and no other changes have been made by the user
or something else, but is added for good measure
as a layered defense.
This commit is contained in:
John Van de Meulebrouck Brendgard 2023-11-17 14:58:51 +01:00 committed by Mikael Frykholm
parent 5dd6ac57e2
commit c26e2c2cd5
Signed by: mifr
GPG key ID: 1467F9D69135C236
1 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
global/pre-tasks.d/015set-overlay-permissions
View file

@ -14,10 +14,17 @@ if ! test -d "$MODEL_OVERLAY"; then
exit 0
fi
if [ -d "$MODEL_OVERLAY/root" ]; then
args=""
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
args=""
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
args="-v"
fi
fi
if [ -d "$MODEL_OVERLAY/root" ]; then
chown ${args} root:root "$MODEL_OVERLAY"/root
chmod ${args} 0700 "$MODEL_OVERLAY"/root
fi
if [ -d "$MODEL_OVERLAY/root/.ssh" ]; then
chown ${args} -R root:root "$MODEL_OVERLAY"/root/.ssh
chmod ${args} 0700 "$MODEL_OVERLAY"/root/.ssh
fi