diff options
| -rw-r--r-- | python/vyos/util.py | 8 | ||||
| -rwxr-xr-x | src/conf_mode/interfaces-wireguard.py | 5 |
2 files changed, 10 insertions, 3 deletions
diff --git a/python/vyos/util.py b/python/vyos/util.py index f1fb5ce27..385dc73df 100644 --- a/python/vyos/util.py +++ b/python/vyos/util.py @@ -103,6 +103,14 @@ def chown(path, user, group): gid = getgrnam(group).gr_gid os.chown(path, uid, gid) +def chmod_750(path): + """ make file/directory only executable to user and group """ + from stat import S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IXGRP + + if os.path.exists(path): + bitmask = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP + os.chmod(path, bitmask) + def chmod_x(path): """ make file executable """ diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index e9d9ad459..8e80a85a2 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -24,7 +24,7 @@ from netifaces import interfaces from vyos.config import Config from vyos.configdict import list_diff from vyos.ifconfig import WireGuardIf -from vyos.util import chown, run, is_bridge_member +from vyos.util import chown, run, is_bridge_member, chmod_750 from vyos import ConfigError kdir = r'/config/auth/wireguard' @@ -60,8 +60,7 @@ def _migrate_default_keys(): os.makedirs(location) chown(location, 'root', 'vyattacfg') - run(f'sudo chmod 750 {location}') - + chmod_750(location) os.rename(f'{kdir}/private.key', f'{location}/private.key') os.rename(f'{kdir}/public.key', f'{location}/public.key') |