From c7112d1ec01c0488dfb01196611ccb445b1e266b Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 1 Jan 2016 11:42:37 +0000 Subject: [PATCH] Restore ownership of certs --- src/freedombone | 6 +++++- src/freedombone-restore-local | 24 ++++++++++++++++++++++++ src/freedombone-restore-remote | 24 ++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 1 deletion(-) diff --git a/src/freedombone b/src/freedombone index 11ba7768..eb7e164e 100755 --- a/src/freedombone +++ b/src/freedombone @@ -3289,7 +3289,11 @@ function search_for_attached_usb_drive { chown root:dovecot /etc/ssl/private/dovecot.* fi if [ -f /etc/ssl/private/exim.key ]; then - chown root:Debian-exim /etc/ssl/private/exim.key /etc/ssl/certs/exim.crt /etc/ssl/certs/exim.dhparam + cp /etc/ssl/private/exim.key /etc/exim4 + cp /etc/ssl/certs/exim.crt /etc/exim4 + cp /etc/ssl/certs/exim.dhparam /etc/exim4 + chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam fi fi if [ -d $USB_MOUNT/personal ]; then diff --git a/src/freedombone-restore-local b/src/freedombone-restore-local index 1a8b97dc..7b184833 100755 --- a/src/freedombone-restore-local +++ b/src/freedombone-restore-local @@ -586,6 +586,30 @@ function restore_certs { exit 276 fi rm -rf /root/tempssl + + # restore ownership + if [ -f /etc/ssl/private/xmpp.key ]; then + chown prosody:prosody /etc/ssl/private/xmpp.key + chown prosody:prosody /etc/ssl/certs/xmpp.* + fi + if [ -d /etc/dovecot ]; then + chown root:dovecot /etc/ssl/private/dovecot.* + chown root:dovecot /etc/ssl/certs/dovecot.* + fi + if [ -f /etc/ssl/private/exim.key ]; then + cp /etc/ssl/private/exim.key /etc/exim4 + cp /etc/ssl/certs/exim.crt /etc/exim4 + cp /etc/ssl/certs/exim.dhparam /etc/exim4 + chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + fi + if [ -f /etc/ssl/private/mumble.key ]; then + if [ -d /var/lib/mumble-server ]; then + cp /etc/ssl/certs/mumble.* /var/lib/mumble-server + cp /etc/ssl/private/mumble.key /var/lib/mumble-server + chown -R mumble-server:mumble-server /var/lib/mumble-server + fi + fi fi } diff --git a/src/freedombone-restore-remote b/src/freedombone-restore-remote index 26080e0c..2c0c485f 100755 --- a/src/freedombone-restore-remote +++ b/src/freedombone-restore-remote @@ -469,6 +469,30 @@ function restore_certs { exit 276 fi rm -rf /root/tempssl + + # restore ownership + if [ -f /etc/ssl/private/xmpp.key ]; then + chown prosody:prosody /etc/ssl/private/xmpp.key + chown prosody:prosody /etc/ssl/certs/xmpp.* + fi + if [ -d /etc/dovecot ]; then + chown root:dovecot /etc/ssl/private/dovecot.* + chown root:dovecot /etc/ssl/certs/dovecot.* + fi + if [ -f /etc/ssl/private/exim.key ]; then + cp /etc/ssl/private/exim.key /etc/exim4 + cp /etc/ssl/certs/exim.crt /etc/exim4 + cp /etc/ssl/certs/exim.dhparam /etc/exim4 + chown root:Debian-exim /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + chmod 640 /etc/exim4/exim.key /etc/exim4/exim.crt /etc/exim4/exim.dhparam + fi + if [ -f /etc/ssl/private/mumble.key ]; then + if [ -d /var/lib/mumble-server ]; then + cp /etc/ssl/certs/mumble.* /var/lib/mumble-server + cp /etc/ssl/private/mumble.key /var/lib/mumble-server + chown -R mumble-server:mumble-server /var/lib/mumble-server + fi + fi fi }