summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2023-04-10 14:04:00 -0500
committerJohn Estabrook <jestabro@vyos.io>2023-12-16 20:37:10 -0600
commit077c66613494cc7a4e8a30b6420e757ae62330e6 (patch)
tree354061ef3082d457fad4a2db4713801803a5fc5b
parentc1d02ab5a2594d945e3f7aed18a1c18f296d65e2 (diff)
downloadvyos-1x-077c66613494cc7a4e8a30b6420e757ae62330e6.tar.gz
vyos-1x-077c66613494cc7a4e8a30b6420e757ae62330e6.zip
image: T4516: correct permissions on creation of config directory
(cherry picked from commit 74b00c1f6961d1bd3a59768021f154bdb64c154e)
-rw-r--r--python/vyos/utils/file.py6
-rw-r--r--src/op_mode/image_installer.py17
2 files changed, 20 insertions, 3 deletions
diff --git a/python/vyos/utils/file.py b/python/vyos/utils/file.py
index 667a2464b..9f27a7fb9 100644
--- a/python/vyos/utils/file.py
+++ b/python/vyos/utils/file.py
@@ -134,6 +134,12 @@ def chmod_755(path):
S_IROTH | S_IXOTH
chmod(path, bitmask)
+def chmod_2775(path):
+ """ user/group permissions with set-group-id bit set """
+ from stat import S_ISGID, S_IRWXU, S_IRWXG, S_IROTH, S_IXOTH
+
+ bitmask = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH
+ chmod(path, bitmask)
def makedir(path, user=None, group=None):
if os.path.exists(path):
diff --git a/src/op_mode/image_installer.py b/src/op_mode/image_installer.py
index 6ebb38e46..77bb6460f 100644
--- a/src/op_mode/image_installer.py
+++ b/src/op_mode/image_installer.py
@@ -19,7 +19,7 @@
from argparse import ArgumentParser, Namespace
from pathlib import Path
-from shutil import copy, rmtree, copytree
+from shutil import copy, chown, rmtree, copytree
from sys import exit
from urllib.parse import urlparse
@@ -29,7 +29,9 @@ from vyos.configtree import ConfigTree
from vyos.remote import download
from vyos.system import disk, grub, image
from vyos.template import render
-from vyos.util import ask_input, ask_yes_no, run
+from vyos.utils.io import ask_input, ask_yes_no
+from vyos.utils.file import chmod_2775
+from vyos.util import run
# define text messages
MSG_ERR_NOT_LIVE: str = 'The system is already installed. Please use "add system image" instead.'
@@ -391,6 +393,8 @@ def install_image() -> None:
print('Creating a configuration file')
target_config_dir: str = f'{DIR_DST_ROOT}/boot/{image_name}/rw/opt/vyatta/etc/config/'
Path(target_config_dir).mkdir(parents=True)
+ chown(target_config_dir, group='vyattacfg')
+ chmod_2775(target_config_dir)
# copy config
if migrate_config():
copy('/opt/vyatta/etc/config/config.boot', target_config_dir)
@@ -485,9 +489,16 @@ def add_image(image_path: str) -> None:
# copy config
if migrate_config():
print('Copying configuration directory')
- copytree('/opt/vyatta/etc/config/', target_config_dir)
+ # copytree preserves perms but not ownership:
+ Path(target_config_dir).mkdir(parents=True)
+ chown(target_config_dir, group='vyattacfg')
+ chmod_2775(target_config_dir)
+ copytree('/opt/vyatta/etc/config/', target_config_dir,
+ dirs_exist_ok=True)
else:
Path(target_config_dir).mkdir(parents=True)
+ chown(target_config_dir, group='vyattacfg')
+ chmod_2775(target_config_dir)
Path(f'{target_config_dir}/.vyatta_config').touch()
# copy system image and kernel files