diff options
author | Jan Dittberner <jandd@cacert.org> | 2019-08-02 08:00:26 +0200 |
---|---|---|
committer | Jan Dittberner <jandd@cacert.org> | 2019-08-02 08:00:26 +0200 |
commit | ce4561d2b85f3604faf665410ce50e5ac6f6f71b (patch) | |
tree | c5f5b4f38bc4075aaefa8a0b59c68a93063a9039 /sitemodules | |
parent | ab9be6b7b534a7cea7cc479df823cd216dc03ca5 (diff) | |
download | cacert-puppet-ce4561d2b85f3604faf665410ce50e5ac6f6f71b.tar.gz cacert-puppet-ce4561d2b85f3604faf665410ce50e5ac6f6f71b.tar.xz cacert-puppet-ce4561d2b85f3604faf665410ce50e5ac6f6f71b.zip |
Manage chroot for debarchive uploads
Diffstat (limited to 'sitemodules')
-rw-r--r-- | sitemodules/profiles/manifests/debarchive.pp | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp index d684379..0442962 100644 --- a/sitemodules/profiles/manifests/debarchive.pp +++ b/sitemodules/profiles/manifests/debarchive.pp @@ -51,6 +51,13 @@ class profiles::debarchive ( package{ ['rssh', 'reprepro']: ensure => latest, + } -> + file { 'ensure that suid bit on rssh_chroot_helper is set': + path => '/usr/lib/rssh/rssh_chroot_helper', + ensure => present, + owner => 'root', + group => 'root', + mode => '4755', } # setup user, groups and directories @@ -85,6 +92,10 @@ class profiles::debarchive ( group => 'nogroup', mode => '0700', } + exec { '/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh /srv/upload': + creates => '/srv/upload/usr/bin/rssh', + require => [Package['rssh'], File['/srv/upload']], + } $rssh_conf = '/etc/rssh.conf' @@ -104,7 +115,7 @@ class profiles::debarchive ( concat::fragment { 'rssh-debarchive': target => $rssh_conf, order => '10', - content => "user = \"debarchive:022:0001100:/srv/upload\"\n", + content => "user = \"debarchive:022:000110:/srv/upload\"\n", } # setup ssh keys |