starlingx/config-files
Code Issues Proposed changes

Merge "Setting a secure umask value"

Browse Source
This commit is contained in:
Zuul 2025-02-04 14:19:01 +00:00 committed by Gerrit Code Review
commit 58ed3164cc
3 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
base-files-config/debian/deb_folder/base-files-config.install
View File

@ -1,5 +1,6 @@
etc/profile.d/custom.sh etc/profile.d/custom.sh
etc/profile.d/prompt.sh etc/profile.d/prompt.sh
etc/profile.d/umask.sh
etc/systemd/system/cron.service.d/cron-cpu-shares.conf etc/systemd/system/cron.service.d/cron-cpu-shares.conf
etc/systemd/system/rsync.service.d/rsync-cpu-shares.conf etc/systemd/system/rsync.service.d/rsync-cpu-shares.conf
etc/vim/vimrc.local etc/vim/vimrc.local

1
base-files-config/debian/deb_folder/rules
View File

@ -11,6 +11,7 @@ ROOT := $(CURDIR)/debian/tmp
override_dh_install: override_dh_install:
install -p -D -m 644 custom.sh ${ROOT}/etc/profile.d/custom.sh install -p -D -m 644 custom.sh ${ROOT}/etc/profile.d/custom.sh
install -p -D -m 644 prompt.sh ${ROOT}/etc/profile.d/prompt.sh install -p -D -m 644 prompt.sh ${ROOT}/etc/profile.d/prompt.sh
install -p -D -m 644 umask.sh ${ROOT}/etc/profile.d/umask.sh
install -p -D -m 644 cron-cpu-shares.conf ${ROOT}/etc/systemd/system/cron.service.d/cron-cpu-shares.conf install -p -D -m 644 cron-cpu-shares.conf ${ROOT}/etc/systemd/system/cron.service.d/cron-cpu-shares.conf
install -p -D -m 644 rsync-cpu-shares.conf ${ROOT}/etc/systemd/system/rsync.service.d/rsync-cpu-shares.conf install -p -D -m 644 rsync-cpu-shares.conf ${ROOT}/etc/systemd/system/rsync.service.d/rsync-cpu-shares.conf
install -p -D -m 644 vimrc.local ${ROOT}/etc/vim/vimrc.local install -p -D -m 644 vimrc.local ${ROOT}/etc/vim/vimrc.local

34
base-files-config/source/umask.sh Normal file
View File

@ -0,0 +1,34 @@
#
# Copyright (c) 2024 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
#!/bin/bash
# Check if running as root and configure umask for root
if [ "$(id -u)" -eq 0 ]; then
# Ensure /root/.bashrc exists and contains the umask setting
if [ ! -f /root/.bashrc ]; then
echo "umask 027" > /root/.bashrc
chmod 600 /root/.bashrc
elif ! grep -q "umask 027" /root/.bashrc; then
echo "umask 027" >> /root/.bashrc
fi
# Ensure /root/.bash_profile exists and contains the umask setting
if [ ! -f /root/.bash_profile ]; then
echo "umask 027" > /root/.bash_profile
chmod 600 /root/.bash_profile
elif ! grep -q "umask 027" /root/.bash_profile; then
echo "umask 027" >> /root/.bash_profile
fi
# Set permissions for both files
chmod 600 /root/.bashrc 2>/dev/null || {
logger -p user.err "ERROR: Failed to set permissions to 600 for /root/.bashrc"
}
chmod 600 /root/.bash_profile 2>/dev/null || {
logger -p user.err "ERROR: Failed to set permissions to 600 for /root/.bash_profile"
}
fi