25a9982c by Adam Heath

Some uid/gid protections against 0.

1 parent 7c10c413
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 15
......
...@@ -6,17 +6,13 @@ _mysql() { ...@@ -6,17 +6,13 @@ _mysql() {
6 mysqld_safe "$@" 6 mysqld_safe "$@"
7 } 7 }
8 8
9 if [[ $GID ]]; then 9 if [[ $GID && $GID -ne 0 ]]; then
10 old_gid=$(getent group mysql | cut -f 3 -d :) 10 old_gid=$(getent group mysql | cut -f 3 -d :)
11 groupmod -g $GID mysql 11 groupmod -g $GID mysql
12 else
13 found_errors+=("gid not set")
14 fi 12 fi
15 13
16 if [[ $UID ]]; then 14 if [[ $UID && $UID -ne 0 ]]; then
17 usermod -u $UID mysql 15 usermod -u $UID mysql
18 else
19 found_errors+=("uid not set")
20 fi 16 fi
21 17
22 if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then 18 if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
...@@ -24,13 +20,6 @@ if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then ...@@ -24,13 +20,6 @@ if [[ $(find /var/lib/mysql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
24 zcat /var/lib/container/var_lib_mysql.tar.gz | tar -C /var/lib/mysql -xf - 20 zcat /var/lib/container/var_lib_mysql.tar.gz | tar -C /var/lib/mysql -xf -
25 fi 21 fi
26 22
27 if [[ ${#found_errors[*]} -gt 0 ]]; then
28 for error in "${found_errors[@]}"; do
29 echo "$error"
30 done
31 exit 1
32 fi
33
34 declare -i i=0 23 declare -i i=0
35 mysqld_safe --skip-networking & 24 mysqld_safe --skip-networking &
36 while eval [[ \$DB_INFO_$i ]]; do 25 while eval [[ \$DB_INFO_$i ]]; do
......
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 node_home="$(getent passwd node | cut -f 6 -d :)" 5 node_home="$(getent passwd node | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group node | cut -f 3 -d :) 8 old_gid=$(getent group node | cut -f 3 -d :)
9 groupmod -g $GID node 9 groupmod -g $GID node
10 find "$node_home" -gid $old_gid -print0 | xargs -0r chgrp node 10 find "$node_home" -gid $old_gid -print0 | xargs -0r chgrp node
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID node 13 usermod -u $UID node
14 fi 14 fi
15 if [[ -e package.json ]]; then 15 if [[ -e package.json ]]; then
......
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $GID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 mkdir -p /run/php 15 mkdir -p /run/php
......
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 15
......
1 #!/bin/bash 1 #!/bin/bash
2 2
3 declare -a found_errors
4
5 set -ex 3 set -ex
6 4
7 if [[ $(find /var/lib/postgresql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then 5 if [[ $(find /var/lib/postgresql -maxdepth 1 -mindepth 1|wc -l) = 0 ]]; then
...@@ -10,13 +8,13 @@ fi ...@@ -10,13 +8,13 @@ fi
10 8
11 postgres_home="$(getent passwd postgres | cut -f 6 -d :)" 9 postgres_home="$(getent passwd postgres | cut -f 6 -d :)"
12 10
13 if [[ $GID ]]; then 11 if [[ $GID && $GID -ne 0 ]]; then
14 old_gid=$(getent group postgres | cut -f 3 -d :) 12 old_gid=$(getent group postgres | cut -f 3 -d :)
15 groupmod -g $GID postgres 13 groupmod -g $GID postgres
16 find "$postgres_home" /etc/postgresql /var/run/postgresql -gid $old_gid -print0 | xargs -0r chgrp postgres 14 find "$postgres_home" /etc/postgresql /var/run/postgresql -gid $old_gid -print0 | xargs -0r chgrp postgres
17 fi 15 fi
18 16
19 if [[ $UID ]]; then 17 if [[ $UID && $UID -ne 0 ]]; then
20 old_uid=$(getent passwd postgres | cut -f 3 -d :) 18 old_uid=$(getent passwd postgres | cut -f 3 -d :)
21 usermod -u $UID postgres 19 usermod -u $UID postgres
22 find /etc/postgresql /var/run/postgresql -uid $old_uid -print0 | xargs -0r chown postgres 20 find /etc/postgresql /var/run/postgresql -uid $old_uid -print0 | xargs -0r chown postgres
......
...@@ -4,12 +4,12 @@ set -ex ...@@ -4,12 +4,12 @@ set -ex
4 4
5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)" 5 hostuser_home="$(getent passwd hostuser | cut -f 6 -d :)"
6 6
7 if [[ $GID ]]; then 7 if [[ $GID && $GID -ne 0 ]]; then
8 old_gid=$(getent group hostgroup | cut -f 3 -d :) 8 old_gid=$(getent group hostgroup | cut -f 3 -d :)
9 groupmod -g $GID hostgroup 9 groupmod -g $GID hostgroup
10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup 10 find "$hostuser_home" -gid $old_gid -print0 | xargs -0r chgrp hostgroup
11 fi 11 fi
12 if [[ $UID ]]; then 12 if [[ $UID && $UID -ne 0 ]]; then
13 usermod -u $UID hostuser 13 usermod -u $UID hostuser
14 fi 14 fi
15 15
......