[Dev] Funny file permissions on repo
Luke Shumaker
lukeshu at lukeshu.com
Sat May 12 03:37:14 GMT 2018
Hi all,
I'm trying to set up real privilege-separation on repo.parabola.nu, so
I'm auditing repo for files with funny permissions.
After resolving a few files that I know what needs to be done, and how
they got that way, there are still a few files that my script catches
as having funny permissions:
==> Files with funny ownership: (expecting repo:users or lukeshu:users)
1 -rw-r--r-- 1 root root 5922 Oct 18 2017 /srv/repo/main/iso-beta/systemd-cli-2017.10.17/pkglist.i686.txt
2 -rw-r--r-- 1 root root 5948 Oct 18 2017 /srv/repo/main/iso-beta/systemd-cli-2017.10.17/pkglist.x86_64.txt
3 -rw-r--r-- 1 root root 6833 Nov 15 00:00 /srv/repo/main/iso-beta/systemd-cli-2017.11.15/pkglist.i686.txt
4 -rw-r--r-- 1 root root 19214 Nov 1 2017 /srv/repo/main/iso-beta/systemd-lxde-2017.10.30/pkglist.x86_64.txt
5 -rw-r--r-- 1 root root 19181 Nov 6 2017 /srv/repo/main/iso-beta/systemd-lxde-2017.11.05/pkglist.i686.txt
6 -rw-r--r-- 1 root root 19245 Nov 6 2017 /srv/repo/main/iso-beta/systemd-lxde-2017.11.05/pkglist.x86_64.txt
7 -rw-r--r-- 1 root root 19264 Nov 15 00:00 /srv/repo/main/iso-beta/systemd-lxde-2017.11.15/pkglist.i686.txt
8 lrwxrwxrwx 1 root users 51 May 1 11:08 /srv/repo/main/iso/arm/LATEST/pkglist.armv7.txt -> /srv/repo/main/iso/arm/2018-02-06/pkglist.armv7.txt
9 -rw-r--r-- 1 root users 0 May 1 08:41 /srv/repo/main/iso/openrc-cli-2017.09.30/pkglist.armv7.txt
10 -rw-r--r-- 1 root root 7247 Sep 30 2017 /srv/repo/main/iso/openrc-cli-2017.09.30/pkglist.i686.txt
11 -rw-r--r-- 1 root root 7310 Sep 30 2017 /srv/repo/main/iso/openrc-cli-2017.09.30/pkglist.x86_64.txt
12 -rw-r--r-- 1 root root 19757 Nov 5 2017 /srv/repo/main/iso/openrc-lxde-2017.11.05/pkglist.i686.txt
13 -rw-r--r-- 1 root root 19821 Nov 5 2017 /srv/repo/main/iso/openrc-lxde-2017.11.05/pkglist.x86_64.txt
==> Non-DB Files with funny perms: (expecting 0644)
1 -rw------- 1 repo users 31948 Nov 6 2017 /srv/repo/main/iso/openrc-cli-2017.09.30/parabola-openrc-2017.09.30-dual.iso.torrent
2 -rw------- 1 repo users 39165 Nov 6 2017 /srv/repo/main/iso/openrc-lxde-2017.11.05/parabola-openrc-lxde-2017.11.05-dual.iso.torrent
3 -rw------- 1 repo users 14417920 Mar 19 20:14 /srv/repo/main/other/kodi-libre/.kodi-libre-17.6-Krypton.tar.gz.9zxQwS
4 -rwxr-xr-x 1 repo users 175 Oct 1 2017 /srv/repo/main/other/kodi-libre/addons/krypton/makesums.sh
I obviously know what I expect the permissions to be, but I don't want
to go ahead and change them without knowing why they are the way they
are (Chesterton's fence and all; I don't want to break anyone's
workflows).
So, major topics:
- What's up with ISOs? What's up with them being owned by root? Why
are a few .torrent files unreadable? It causes the URLs to return
403 Forbidden, like
https://repo.parabola.nu/iso/openrc-cli-2017.09.30/parabola-openrc-2017.09.30-dual.iso.torrent
- What's up with kodi-libre? Why does it look like we're running a
plugin server? Can we move that to a different domain?
--
Happy hacking,
~ Luke Shumaker
More information about the Dev
mailing list