62 lines
1.6 KiB
Diff
62 lines
1.6 KiB
Diff
--- a/src/pesign-authorize 2023-02-14 16:34:30.937317398 +0800
|
|
+++ b/src/pesign-authorize 2023-02-14 16:36:55.343001392 +0800
|
|
@@ -2,55 +2,11 @@
|
|
set -e
|
|
set -u
|
|
|
|
-#
|
|
-# With /run/pesign/socket on tmpfs, a simple way of restoring the
|
|
-# acls for specific users is useful
|
|
-#
|
|
-# Compare to: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6
|
|
-#
|
|
-
|
|
# License: GPLv2
|
|
-declare -a fileusers=()
|
|
-declare -a dirusers=()
|
|
-for user in $(cat /etc/pesign/users); do
|
|
- dirusers[${#dirusers[@]}]=-m
|
|
- dirusers[${#dirusers[@]}]="u:$user:rwx"
|
|
- fileusers[${#fileusers[@]}]=-m
|
|
- fileusers[${#fileusers[@]}]="u:$user:rw"
|
|
-done
|
|
-
|
|
-declare -a filegroups=()
|
|
-declare -a dirgroups=()
|
|
-for group in $(cat /etc/pesign/groups); do
|
|
- dirgroups[${#dirgroups[@]}]=-m
|
|
- dirgroups[${#dirgroups[@]}]="g:$group:rwx"
|
|
- filegroups[${#filegroups[@]}]=-m
|
|
- filegroups[${#filegroups[@]}]="g:$group:rw"
|
|
-done
|
|
-
|
|
-update_subdir() {
|
|
- subdir=$1 && shift
|
|
|
|
- setfacl -bk "${subdir}"
|
|
- setfacl "${dirusers[@]}" "${dirgroups[@]}" "${subdir}"
|
|
- for x in "${subdir}"* ; do
|
|
- if [ -d "${x}" ]; then
|
|
- setfacl -bk ${x}
|
|
- setfacl "${dirusers[@]}" "${dirgroups[@]}" ${x}
|
|
- update_subdir "${x}/"
|
|
- elif [ -e "${x}" ]; then
|
|
- setfacl -bk ${x}
|
|
- setfacl "${fileusers[@]}" "${filegroups[@]}" ${x}
|
|
- else
|
|
- :;
|
|
- fi
|
|
- done
|
|
-}
|
|
+# This script is deprecated and will be removed in a future release.
|
|
|
|
for x in /var/run/pesign/ /etc/pki/pesign*/ ; do
|
|
- if [ -d "${x}" ]; then
|
|
- update_subdir "${x}"
|
|
- else
|
|
- :;
|
|
- fi
|
|
+ chown -R pesign:pesign "${x}" || true
|
|
+ chmod -R ug+rwX "${x}" || true
|
|
done
|