IMP(5.1.8): allow more restrictive permissions (#59)

fix #52

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
This commit is contained in:
Thibault Ayanides 2021-02-17 11:40:31 +01:00 committed by GitHub
parent 1a7dd5893a
commit 6ab1cab3ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -20,6 +20,7 @@ DESCRIPTION="Restrict at/cron to authorized users."
FILES_ABSENT='/etc/cron.deny /etc/at.deny' FILES_ABSENT='/etc/cron.deny /etc/at.deny'
FILES_PRESENT='/etc/cron.allow /etc/at.allow' FILES_PRESENT='/etc/cron.allow /etc/at.allow'
PERMISSIONS='644' PERMISSIONS='644'
PERMISSIONSOK='644 640 600 440 400'
USER='root' USER='root'
GROUP='root' GROUP='root'
@ -44,7 +45,7 @@ audit() {
else else
crit "$FILE ownership was not set to $USER:$GROUP" crit "$FILE ownership was not set to $USER:$GROUP"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else
@ -78,7 +79,7 @@ apply() {
warn "fixing $FILE ownership to $USER:$GROUP" warn "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE" chown "$USER":"$GROUP" "$FILE"
fi fi
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
else else