Manage chroot for debarchive uploads
authorJan Dittberner <jandd@cacert.org>
Fri, 2 Aug 2019 06:00:26 +0000 (08:00 +0200)
committerJan Dittberner <jandd@cacert.org>
Fri, 2 Aug 2019 06:00:26 +0000 (08:00 +0200)
sitemodules/profiles/manifests/debarchive.pp

index d684379..0442962 100644 (file)
@@ -51,6 +51,13 @@ class profiles::debarchive (
 
   package{ ['rssh', 'reprepro']:
     ensure => latest,
+  } ->
+  file { 'ensure that suid bit on rssh_chroot_helper is set':
+    path   => '/usr/lib/rssh/rssh_chroot_helper',
+    ensure => present,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '4755',
   }
 
   # setup user, groups and directories
@@ -85,6 +92,10 @@ class profiles::debarchive (
     group  => 'nogroup',
     mode   => '0700',
   }
+  exec { '/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh /srv/upload':
+    creates => '/srv/upload/usr/bin/rssh',
+    require => [Package['rssh'], File['/srv/upload']],
+  }
 
   $rssh_conf = '/etc/rssh.conf'
 
@@ -104,7 +115,7 @@ class profiles::debarchive (
   concat::fragment { 'rssh-debarchive':
     target  => $rssh_conf,
     order   => '10',
-    content => "user = \"debarchive:022:0001100:/srv/upload\"\n",
+    content => "user = \"debarchive:022:000110:/srv/upload\"\n",
   }
 
   # setup ssh keys