From 782e9ed682863197d1da0e2354488537cdd1257d Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 1 Dec 2022 15:38:26 -0700 Subject: [PATCH] ensure missing paths get assigned correct ownership if install.py is run by root --- malcolm-iso/build.sh | 3 ++- scripts/install.py | 7 +++++++ scripts/malcolm_appliance_packager.sh | 3 ++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/malcolm-iso/build.sh b/malcolm-iso/build.sh index c7e933c98..b51a17082 100755 --- a/malcolm-iso/build.sh +++ b/malcolm-iso/build.sh @@ -117,7 +117,8 @@ if [ -d "$WORKDIR" ]; then mkdir -p "$MALCOLM_DEST_DIR/suricata/rules/" mkdir -p "$MALCOLM_DEST_DIR/yara/rules/" mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/current/" - mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/extract_files/" + mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/extract_files/preserved" + mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/extract_files/quarantine" mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/live/" mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/processed/" mkdir -p "$MALCOLM_DEST_DIR/zeek-logs/upload/" diff --git a/scripts/install.py b/scripts/install.py index 9f138df29..50da6db33 100755 --- a/scripts/install.py +++ b/scripts/install.py @@ -666,6 +666,13 @@ def tweak_malcolm_runtime( os.path.join(zeekLogDirFull, os.path.join('extract_files', 'quarantine')), ): pathlib.Path(pathToCreate).mkdir(parents=True, exist_ok=True) + if ( + ((self.platform == PLATFORM_LINUX) or (self.platform == PLATFORM_MAC)) + and (self.scriptUser == "root") + and (getpwuid(os.stat(pathToCreate).st_uid).pw_name == self.scriptUser) + ): + # change ownership of newly-created directory to match puid/pgid + os.chown(pathToCreate, int(puid), int(pgid)) indexSnapshotCompressed = InstallerYesOrNo('Compress OpenSearch index snapshots?', default=False) diff --git a/scripts/malcolm_appliance_packager.sh b/scripts/malcolm_appliance_packager.sh index ca822a86a..fdc488a24 100755 --- a/scripts/malcolm_appliance_packager.sh +++ b/scripts/malcolm_appliance_packager.sh @@ -82,7 +82,8 @@ if mkdir "$DESTDIR"; then mkdir $VERBOSE -p "$DESTDIR/suricata/rules/" mkdir $VERBOSE -p "$DESTDIR/yara/rules/" mkdir $VERBOSE -p "$DESTDIR/zeek-logs/current/" - mkdir $VERBOSE -p "$DESTDIR/zeek-logs/extract_files/" + mkdir $VERBOSE -p "$DESTDIR/zeek-logs/extract_files/preserved" + mkdir $VERBOSE -p "$DESTDIR/zeek-logs/extract_files/quarantine" mkdir $VERBOSE -p "$DESTDIR/zeek-logs/live/" mkdir $VERBOSE -p "$DESTDIR/zeek-logs/processed/" mkdir $VERBOSE -p "$DESTDIR/zeek-logs/upload/"