diff options
| author | Christian König <ckoenig@posteo.de> | 2022-06-20 00:09:05 +0300 |
|---|---|---|
| committer | Christian König <ckoenig@posteo.de> | 2022-06-20 00:09:05 +0300 |
| commit | 954a0c2a14fd4b1a80f41bfcc333f7b6c39fe078 (patch) | |
| tree | 41790c8f90728a4b5c6e08f3fd93a081e41a36bd /advanced | |
| parent | b20aa865b91440c34c52b2c51060661cd3b77ae9 (diff) | |
Remove read permission for others on senible log fileshands_off
Signed-off-by: Christian König <ckoenig@posteo.de>
Diffstat (limited to 'advanced')
| -rwxr-xr-x | advanced/Scripts/piholeDebug.sh | 2 | ||||
| -rwxr-xr-x | advanced/Scripts/piholeLogFlush.sh | 4 | ||||
| -rw-r--r-- | advanced/Templates/pihole-FTL.service | 5 |
3 files changed, 6 insertions, 5 deletions
diff --git a/advanced/Scripts/piholeDebug.sh b/advanced/Scripts/piholeDebug.sh index 1f12e868..ebab375a 100755 --- a/advanced/Scripts/piholeDebug.sh +++ b/advanced/Scripts/piholeDebug.sh @@ -1394,7 +1394,7 @@ curl_to_tricorder() { upload_to_tricorder() { local username="pihole" # Set the permissions and owner - chmod 644 ${PIHOLE_DEBUG_LOG} + chmod 640 ${PIHOLE_DEBUG_LOG} chown "$USER":"${username}" ${PIHOLE_DEBUG_LOG} # Let the user know debugging is complete with something strikingly visual diff --git a/advanced/Scripts/piholeLogFlush.sh b/advanced/Scripts/piholeLogFlush.sh index 60d5856b..3473fad5 100755 --- a/advanced/Scripts/piholeLogFlush.sh +++ b/advanced/Scripts/piholeLogFlush.sh @@ -46,7 +46,7 @@ if [[ "$@" == *"once"* ]]; then # moved file (it will have the same file handler) cp -p /var/log/pihole/pihole.log /var/log/pihole/pihole.log.1 echo " " > /var/log/pihole/pihole.log - chmod 644 /var/log/pihole/pihole.log + chmod 640 /var/log/pihole/pihole.log fi else # Manual flushing @@ -59,7 +59,7 @@ else echo " " > /var/log/pihole/pihole.log if [ -f /var/log/pihole/pihole.log.1 ]; then echo " " > /var/log/pihole/pihole.log.1 - chmod 644 /var/log/pihole/pihole.log.1 + chmod 640 /var/log/pihole/pihole.log.1 fi fi # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) diff --git a/advanced/Templates/pihole-FTL.service b/advanced/Templates/pihole-FTL.service index 11bbe1c9..941f1ee0 100644 --- a/advanced/Templates/pihole-FTL.service +++ b/advanced/Templates/pihole-FTL.service @@ -71,12 +71,13 @@ start() { [ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}" [ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}" [ ! -f /var/log/pihole/pihole-FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole-FTL.log - [ ! -f /var/log/pihole/pihole.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log + [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit all necessary files chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist - chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log /var/log/pihole/pihole.log + chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/pihole-FTL.log + chmod -f 0640 /var/log/pihole/pihole.log # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist |