From ae08adfabeed8fec9093e759a40f156d589defa9 Mon Sep 17 00:00:00 2001
From: An-Cheng Huang <ancheng@vyatta.com>
Date: Wed, 24 Oct 2007 09:09:29 -0700
Subject: make sure config directories have correct permissions.

---
 etc/bash_completion.d/vyatta-cfg | 22 ++++++++++++++++------
 etc/init.d/vyatta-ofr            | 10 +++++++++-
 scripts/vyatta-config-loader.pl  |  2 ++
 scripts/xorp_tmpl_tool           |  6 ++++--
 4 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/etc/bash_completion.d/vyatta-cfg b/etc/bash_completion.d/vyatta-cfg
index f740c54..f76437e 100644
--- a/etc/bash_completion.d/vyatta-cfg
+++ b/etc/bash_completion.d/vyatta-cfg
@@ -26,6 +26,8 @@ if [ "$_OFR_CONFIGURE" != "ok" ]; then
   return 0
 fi
 
+umask 0002
+
 if [ -r /etc/default/vyatta ]; then
   source /etc/default/vyatta
 fi
@@ -143,8 +145,9 @@ edit ()
 
 really_exit()
 {
-  umount $VYATTA_TEMP_CONFIG_DIR
-  rm -rf $VYATTA_TEMP_CONFIG_DIR $VYATTA_CHANGES_ONLY_DIR $VYATTA_CONFIG_TMP
+  sudo umount $VYATTA_TEMP_CONFIG_DIR
+  sudo rm -rf $VYATTA_TEMP_CONFIG_DIR $VYATTA_CHANGES_ONLY_DIR \
+              $VYATTA_CONFIG_TMP
   unset _OFR_CONFIGURE
   builtin exit 0
 }
@@ -764,11 +767,18 @@ vyatta_config_complete ()
   fi
 }
 
-mkdir -p $VYATTA_ACTIVE_CONFIGURATION_DIR
-mkdir -p $VYATTA_CHANGES_ONLY_DIR
-mkdir -p $VYATTA_CONFIG_TMP
+DEF_GROUP=quaggavty
+make_vyatta_config_dir ()
+{
+  sudo mkdir -m 0775 -p $1
+  sudo chgrp ${DEF_GROUP} $1
+}
+
+make_vyatta_config_dir $VYATTA_ACTIVE_CONFIGURATION_DIR
+make_vyatta_config_dir $VYATTA_CHANGES_ONLY_DIR
+make_vyatta_config_dir $VYATTA_CONFIG_TMP
 if [ ! -d $VYATTA_TEMP_CONFIG_DIR ]; then
-  mkdir -p $VYATTA_TEMP_CONFIG_DIR
+  make_vyatta_config_dir $VYATTA_TEMP_CONFIG_DIR
   sudo mount -t unionfs -o dirs=${VYATTA_CHANGES_ONLY_DIR}=rw:/opt/vyatta/config/active=ro unionfs ${VYATTA_TEMP_CONFIG_DIR}
 fi
 
diff --git a/etc/init.d/vyatta-ofr b/etc/init.d/vyatta-ofr
index f0d9695..0c71b20 100755
--- a/etc/init.d/vyatta-ofr
+++ b/etc/init.d/vyatta-ofr
@@ -150,13 +150,21 @@ load_bootfile ()
 {
   if [ -x $vyatta_sbindir/vyatta-config-loader.pl ]; then
     log_progress_msg configure
-    $vyatta_sbindir/vyatta-config-loader.pl $BOOTFILE
+    sg ${GROUP} -c "$vyatta_sbindir/vyatta-config-loader.pl $BOOTFILE"
   fi
 }
 
+setup_config_dir ()
+{
+  [ -d ${vyatta_configdir} ] || mkdir -p ${vyatta_configdir}
+  chgrp ${GROUP} ${vyatta_configdir}
+  chmod 0775 ${vyatta_configdir}
+}
+
 start ()
 {
     log_daemon_msg "Starting Vyatta Router"
+    setup_config_dir
     if ! get_config; then
       try_floppy
     fi
diff --git a/scripts/vyatta-config-loader.pl b/scripts/vyatta-config-loader.pl
index a3dfc44..4c05b80 100755
--- a/scripts/vyatta-config-loader.pl
+++ b/scripts/vyatta-config-loader.pl
@@ -6,6 +6,8 @@ use strict;
 use lib "/opt/vyatta/share/perl5/";
 use VyattaConfigLoad;
 
+umask 0002;
+
 # get a list of all config statement in the startup config file
 # (sorted by rank).
 my @all_nodes = VyattaConfigLoad::getStartupConfigStatements($ARGV[0]);
diff --git a/scripts/xorp_tmpl_tool b/scripts/xorp_tmpl_tool
index ab25fa9..db5589a 100755
--- a/scripts/xorp_tmpl_tool
+++ b/scripts/xorp_tmpl_tool
@@ -1,10 +1,11 @@
 #!/bin/bash
 
-UMASK_SAVE=`umask`
+UMASK_SAVE_G=`umask`
 umask 0111
 XORPLOGFILE=/tmp/xorp_tmpl_tool.log
 touch ${XORPLOGFILE}
-umask ${UMASK_SAVE}
+
+umask 0002
 
 #need to pass in value to change... as part of set command...
 ## cli ENV_EDIT_LEVEL
@@ -146,5 +147,6 @@ fi
 #echo "<=========ConfigDirectories AFTER" >> ${XORPLOGFILE}
 
 echo "ret=${RET_STATUS}" >> ${XORPLOGFILE}
+umask ${UMASK_SAVE_G}
 exit $RET_STATUS
 
-- 
cgit v1.2.3