summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-02 08:00:26 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-02 08:00:26 +0200
commitce4561d2b85f3604faf665410ce50e5ac6f6f71b (patch)
treec5f5b4f38bc4075aaefa8a0b59c68a93063a9039
parentab9be6b7b534a7cea7cc479df823cd216dc03ca5 (diff)
downloadcacert-puppet-ce4561d2b85f3604faf665410ce50e5ac6f6f71b.tar.gz
cacert-puppet-ce4561d2b85f3604faf665410ce50e5ac6f6f71b.tar.xz
cacert-puppet-ce4561d2b85f3604faf665410ce50e5ac6f6f71b.zip
Manage chroot for debarchive uploads
-rw-r--r--sitemodules/profiles/manifests/debarchive.pp13
1 files changed, 12 insertions, 1 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index d684379..0442962 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -51,6 +51,13 @@ class profiles::debarchive (
package{ ['rssh', 'reprepro']:
ensure => latest,
+ } ->
+ file { 'ensure that suid bit on rssh_chroot_helper is set':
+ path => '/usr/lib/rssh/rssh_chroot_helper',
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '4755',
}
# setup user, groups and directories
@@ -85,6 +92,10 @@ class profiles::debarchive (
group => 'nogroup',
mode => '0700',
}
+ exec { '/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh /srv/upload':
+ creates => '/srv/upload/usr/bin/rssh',
+ require => [Package['rssh'], File['/srv/upload']],
+ }
$rssh_conf = '/etc/rssh.conf'
@@ -104,7 +115,7 @@ class profiles::debarchive (
concat::fragment { 'rssh-debarchive':
target => $rssh_conf,
order => '10',
- content => "user = \"debarchive:022:0001100:/srv/upload\"\n",
+ content => "user = \"debarchive:022:000110:/srv/upload\"\n",
}
# setup ssh keys