free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

No permissions on shadow most of the time

This commit is contained in:
Bob Mottram 2016-11-29 15:00:40 +00:00
parent 4b81fde030
commit e1a352919f
11 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/freedombone-addsipuser
View File

@ -105,7 +105,11 @@ function add_sip_user {
echo $line >> $NEW_CONFIG_FILE
done < $CONFIG_FILE
mv $NEW_CONFIG_FILE $CONFIG_FILE
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $MY_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
}
while [[ $# > 1 ]]

4
src/freedombone-adduser
View File

@ -75,8 +75,8 @@ fi
MINIMUM_PASSWORD_LENGTH=$(cat /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-passwords | grep 'MINIMUM_PASSWORD_LENGTH=' | head -n 1 | awk -F '=' '{print $2}')
NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-${MINIMUM_PASSWORD_LENGTH})"
chmod 700 /etc/shadow
chmod 700 /etc/gshadow
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -p "$NEW_USER_PASSWORD" -s /bin/bash $ADD_USERNAME
adduser $ADD_USERNAME sasl
chmod 0000 /etc/shadow

4
src/freedombone-app-pihole
View File

@ -346,7 +346,11 @@ function remove_pihole {
function install_pihole {
apt-get -yq install dnsmasq curl
adduser --disabled-login --gecos 'pi-hole' pihole
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -a -G www-data pihole
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
systemctl enable dnsmasq

8
src/freedombone-app-sip
View File

@ -77,7 +77,11 @@ function add_user_sip {
# add user to the sipwitch group
if [ -f /etc/sipwitch.conf ]; then
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $new_username
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
fi
# add user for SIP STUN/TURN
@ -300,7 +304,11 @@ function install_sip_main {
sed -i 's|#PLUGINS=|PLUGINS=|g' /etc/default/sipwitch
sed -i 's|PLUGINS=.*|PLUGINS="zeroconf subscriber forward"|g' /etc/default/sipwitch
groupadd sipwitch
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -aG sipwitch $MY_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
SIP_ONION_HOSTNAME=$(add_onion_service sip ${SIP_PORT} ${SIP_PORT})

4
src/freedombone-app-tox
View File

@ -506,7 +506,11 @@ EOF
chroot ${rootdir} /usr/sbin/useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chroot ${rootdir} /bin/chmod 700 /var/lib/tox-bootstrapd
else
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
chmod 700 /var/lib/tox-bootstrapd
fi

4
src/freedombone-app-xmpp
View File

@ -363,7 +363,11 @@ function install_xmpp_main {
fi
groupadd default
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
usermod -g default prosody
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
chown root:default /etc/ssl/private/xmpp.*
chown root:default /etc/ssl/certs/xmpp.*

8
src/freedombone-base-email
View File

@ -594,9 +594,13 @@ function create_private_mailing_list {
update-exim4.conf.template -r
update-exim4.conf
systemctl restart exim4
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -d /var/schleuderlists -s /bin/false schleuder
adduser Debian-exim schleuder
usermod -a -G mail schleuder
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
#exim -d -bt $PRIVATE_MAILING_LIST@$DEFAULT_DOMAIN_NAME
mark_completed $FUNCNAME
}
@ -1277,8 +1281,12 @@ function configure_imap {
fi
fi
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
groupadd default
usermod -g default dovecot
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
chown root:default /etc/ssl/certs/dovecot.*
chown root:default /etc/ssl/private/dovecot.*

4
src/freedombone-config
View File

@ -636,7 +636,11 @@ function choose_username {
if [ ${#possible_username} -gt 1 ]; then
if [[ $possible_username != $GENERIC_IMAGE_USERNAME ]]; then
MY_USERNAME=$(cat $data)
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -s /bin/bash $MY_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
if [ -d /home/$MY_USERNAME ]; then
echo "${MY_USERNAME}:$(printf `cat $IMAGE_PASSWORD_FILE`)" | chpasswd
# Add the user as a sudoer - they will be the new admin user

4
src/freedombone-mirrors
View File

@ -100,7 +100,11 @@ function create_mirrors_user {
MY_MIRRORS_PASSWORD="$(openssl rand -base64 20 | cut -c1-18)"
fi
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
useradd -m -p "$MY_MIRRORS_PASSWORD" -s /bin/bash mirrors
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow
# remove any existing user files
rm -rf /home/mirrors/*

4
src/freedombone-rmuser
View File

@ -136,8 +136,8 @@ do
fi
done
chmod 700 /etc/shadow
chmod 700 /etc/gshadow
chmod 600 /etc/shadow
chmod 600 /etc/gshadow
userdel -r $REMOVE_USERNAME
chmod 0000 /etc/shadow
chmod 0000 /etc/gshadow

4
src/freedombone-utils-web
View File

@ -436,7 +436,11 @@ function install_dynamicdns {
fi
# create an unprivileged user
#chmod 600 /etc/shadow
#chmod 600 /etc/gshadow
#useradd -r -s /bin/false debian-inadyn
#chmod 0000 /etc/shadow
#chmod 0000 /etc/gshadow
# create a configuration file
echo 'background' > /etc/inadyn.conf