mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-28 05:29:48 +00:00
Improve default file permissions
Ensure unifi cannot write to itself in the event of an exploit Unifi only needs write access to: data, log, run, and work directories
This commit is contained in:
Mark Felder
parent
d720895db1
commit
6659d1c712
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=382102
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= unifi2
|
||||
PORTVERSION= 2.4.6
|
||||
PORTREVISION= 4
|
||||
PORTREVISION= 5
|
||||
CATEGORIES= net-mgmt java
|
||||
MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/
|
||||
DISTNAME= UniFi.unix
|
||||
@ -45,5 +45,9 @@ do-install:
|
||||
${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi
|
||||
(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
|
||||
${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
|
||||
# Create directories that will be writable by unifi
|
||||
.for i in data logs run work
|
||||
${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
|
||||
.endfor
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
||||
@ -220,52 +220,8 @@
|
||||
%%JAVASHAREDIR%%/unifi/webapps/ROOT/upnp.jsp
|
||||
%%JAVASHAREDIR%%/unifi/webapps/ROOT/waiting.jsp
|
||||
%%JAVASHAREDIR%%/unifi/webapps/ROOT/wizard.jsp
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/temp
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/pages
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/wizard
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/settings
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/global
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/p2N
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7P
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7O
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7E
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U5O
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2S48
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2O
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2M
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2L48
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2HSR
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/data-table
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/alerts
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/swf
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/js/flex
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/js
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/css
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/tabs
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/settings
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/panels
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/dialogs
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/WEB-INF
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/META-INF
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/webapps
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/lib
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7P/2.4.6.2178
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7P
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7E/2.4.6.2178
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7E
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U2S48/2.4.6.2178
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U2S48
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/BZ2/2.4.6.2178
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/BZ2
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/dl
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/data
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/conf
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi/bin
|
||||
@dirrmtry %%JAVASHAREDIR%%/unifi
|
||||
@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
|
||||
@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
PORTNAME= unifi3
|
||||
PORTVERSION= 3.2.10
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= net-mgmt java
|
||||
MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/
|
||||
DISTNAME= UniFi.unix
|
||||
@ -45,4 +46,9 @@ do-install:
|
||||
(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
|
||||
${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
|
||||
|
||||
# Create directories that will be writable by unifi
|
||||
.for i in data logs run work
|
||||
${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
|
||||
.endfor
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
||||
@ -243,4 +243,8 @@
|
||||
%%JAVASHAREDIR%%/unifi/webapps/ROOT/waiting.jsp
|
||||
%%JAVASHAREDIR%%/unifi/webapps/ROOT/wizard.jsp
|
||||
@dir %%JAVASHAREDIR%%/unifi/conf
|
||||
@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
|
||||
@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
PORTNAME= unifi4
|
||||
PORTVERSION= 4.6.0
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= net-mgmt java
|
||||
MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/
|
||||
DISTNAME= UniFi.unix
|
||||
@ -40,5 +41,9 @@ do-install:
|
||||
${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi
|
||||
(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
|
||||
${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
|
||||
# Create directories that will be writable by unifi
|
||||
.for i in data logs run work
|
||||
${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
|
||||
.endfor
|
||||
|
||||
.include <bsd.port.mk>
|
||||
|
||||
@ -431,4 +431,8 @@
|
||||
@dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/retina.js
|
||||
@dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/string_score
|
||||
@dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/underscore
|
||||
@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
|
||||
@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
|
||||
@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work
|
||||
|
||||
Loading…
Reference in New Issue
Block a user