Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity
1c7441ddf1
security-misc/debian/security-misc.postinst
Patrick Schleizer 3f031a297d
Removes read, write and execute access for others for all users who have home 
folders under folder /home by running for example "chmod o-rwx /home/user"
 during package installation or upgrade. This will be done only once per folder
 in folder /home so users who wish to relax file permissions are free to do so.
 This is to protect previously created files in user home folder which were
 previously created with lax file permissions prior installation of this
 package.
2019-07-13 16:20:14 +00:00

76 lines
1.9 KiB
Bash
Raw Blame History

#!/bin/bash
## Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
if [ -f /usr/lib/helper-scripts/pre.bsh ]; then
source /usr/lib/helper-scripts/pre.bsh
fi
set -e
true "
#####################################################################
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
#####################################################################
"
home_folder_access_rights_lockdown() {
mkdir -p /var/cache/security-misc/state-files
shopt -s nullglob
## Not using dotglob.
## touch /var/cache/security-misc/state-files//home/.Trash
## touch: cannot touch '/var/cache/security-misc/state-files//home/.Trash': No such file or directory
local folder_name base_name
for folder_name in /home/* ; do
base_name="$(basename "$folder_name")"
if [ -f "/var/cache/security-misc/state-files/$base_name" ]; then
continue
fi
chmod o-rwx "$folder_name"
## Create a state-file so we do this only once.
## Therefore a user who will manually undo this, will not get
## annoyed by this being done over and over again.
touch "/var/cache/security-misc/state-files/$base_name"
done
shopt -u nullglob
}
case "$1" in
configure)
glib-compile-schemas /usr/share/glib-2.0/schemas || true
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "$DPKG_MAINTSCRIPT_NAME called with unknown argument \`$1'" >&2
exit 1
;;
esac
pam-auth-update --package
home_folder_access_rights_lockdown
true "INFO: debhelper beginning here."
#DEBHELPER#
true "INFO: Done with debhelper."
true "
#####################################################################
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
#####################################################################
"
## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0
Reference in New Issue View Git Blame Copy Permalink