diff options
author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-03-22 14:50:35 +0100 |
---|---|---|
committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-04-07 22:08:28 +0200 |
commit | 7d339d18e14d4dbc65fbae6f4449e277072b56a3 (patch) | |
tree | 0697b4ee08f74a0a5f3e474417f106687053a8e0 | |
parent | ca15e16f3f1b5174dc7ee2efa531aa974d3e97db (diff) | |
download | vyos-1x-7d339d18e14d4dbc65fbae6f4449e277072b56a3.tar.gz vyos-1x-7d339d18e14d4dbc65fbae6f4449e277072b56a3.zip |
kea: T3316: Ensure correct permissions on lease files
-rwxr-xr-x | src/conf_mode/service_dhcp-server.py | 7 | ||||
-rwxr-xr-x | src/conf_mode/service_dhcpv6-server.py | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/src/conf_mode/service_dhcp-server.py b/src/conf_mode/service_dhcp-server.py index 3b9198ed0..e89448e2d 100755 --- a/src/conf_mode/service_dhcp-server.py +++ b/src/conf_mode/service_dhcp-server.py @@ -16,6 +16,7 @@ import os +from glob import glob from ipaddress import ip_address from ipaddress import ip_network from netaddr import IPRange @@ -28,6 +29,7 @@ from vyos.template import render from vyos.utils.dict import dict_search from vyos.utils.dict import dict_search_args from vyos.utils.file import chmod_775 +from vyos.utils.file import chown from vyos.utils.file import makedir from vyos.utils.file import write_file from vyos.utils.process import call @@ -42,6 +44,7 @@ ctrl_config_file = '/run/kea/kea-ctrl-agent.conf' ctrl_socket = '/run/kea/dhcp4-ctrl-socket' config_file = '/run/kea/kea-dhcp4.conf' lease_file = '/config/dhcp/dhcp4-leases.csv' +lease_file_glob = '/config/dhcp/dhcp4-leases*' systemd_override = r'/run/systemd/system/kea-ctrl-agent.service.d/10-override.conf' user_group = '_kea' @@ -354,6 +357,10 @@ def generate(dhcp): makedir(lease_dir, group='vyattacfg') chmod_775(lease_dir) + # Ensure correct permissions on lease files + backups + for file in glob(lease_file_glob): + chown(file, user=user_group, group='vyattacfg') + # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way if not os.path.exists(lease_file): write_file(lease_file, '', user=user_group, group=user_group, mode=0o644) diff --git a/src/conf_mode/service_dhcpv6-server.py b/src/conf_mode/service_dhcpv6-server.py index add83eb0d..c7333dd3a 100755 --- a/src/conf_mode/service_dhcpv6-server.py +++ b/src/conf_mode/service_dhcpv6-server.py @@ -16,6 +16,7 @@ import os +from glob import glob from ipaddress import ip_address from ipaddress import ip_network from sys import exit @@ -24,6 +25,7 @@ from vyos.config import Config from vyos.template import render from vyos.utils.process import call from vyos.utils.file import chmod_775 +from vyos.utils.file import chown from vyos.utils.file import makedir from vyos.utils.file import write_file from vyos.utils.dict import dict_search @@ -35,6 +37,7 @@ airbag.enable() config_file = '/run/kea/kea-dhcp6.conf' ctrl_socket = '/run/kea/dhcp6-ctrl-socket' lease_file = '/config/dhcp/dhcp6-leases.csv' +lease_file_glob = '/config/dhcp/dhcp6-leases*' user_group = '_kea' def get_config(config=None): @@ -224,6 +227,10 @@ def generate(dhcpv6): makedir(lease_dir, group='vyattacfg') chmod_775(lease_dir) + # Ensure correct permissions on lease files + backups + for file in glob(lease_file_glob): + chown(file, user=user_group, group='vyattacfg') + # Create lease file if necessary and let kea own it - 'kea-lfc' expects it that way if not os.path.exists(lease_file): write_file(lease_file, '', user=user_group, group=user_group, mode=0o644) |