aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2012-06-05 18:02:00 +0000
committerJo-Philipp Wich <jow@openwrt.org>2012-06-05 18:02:00 +0000
commit15c52a84fba09deed2cdcbbe54d448eb222c0c6a (patch)
tree4cf4bc5f8db1f76c8acb427be26060712f05fd28
parent8ac33e5cdf0f7fece847d7912adb46889b0bb713 (diff)
downloadmaster-187ad058-15c52a84fba09deed2cdcbbe54d448eb222c0c6a.tar.gz
master-187ad058-15c52a84fba09deed2cdcbbe54d448eb222c0c6a.tar.bz2
master-187ad058-15c52a84fba09deed2cdcbbe54d448eb222c0c6a.zip
[package] base-files: add permission exceptions, do not clobber shadow permissions - based on patch by Mark Mentovai <mark@moxienet.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32073 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--include/image.mk2
-rw-r--r--package/base-files/Makefile4
2 files changed, 5 insertions, 1 deletions
diff --git a/include/image.mk b/include/image.mk
index 473e391ae4..b0d6dfae61 100644
--- a/include/image.mk
+++ b/include/image.mk
@@ -142,7 +142,7 @@ endif
define Image/mkfs/prepare/default
# Use symbolic permissions to avoid clobbering SUID/SGID/sticky bits
- - $(FIND) $(TARGET_DIR) -type f -not -perm +0100 -not -name 'ssh_host*' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r
+ - $(FIND) $(TARGET_DIR) -type f -not -perm +0100 -not -name 'ssh_host*' -not -name 'shadow' -print0 | $(XARGS) -0 chmod u+rw,g+r,o+r
- $(FIND) $(TARGET_DIR) -type f -perm +0100 -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
- $(FIND) $(TARGET_DIR) -type d -print0 | $(XARGS) -0 chmod u+rwx,g+rx,o+rx
$(INSTALL_DIR) $(TARGET_DIR)/tmp
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
index 68c8e0233b..88167b788b 100644
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -470,6 +470,10 @@ define Package/base-files/install
ln -sf /tmp $(1)/var
mkdir -p $(1)/etc
ln -sf /tmp/resolv.conf /tmp/fstab /tmp/TZ $(1)/etc/
+
+ chmod 0600 $(1)/etc/shadow
+ chmod 1777 $(1)/tmp
+
$(call ImageConfigOptions,$(1))
$(call Package/base-files/install-target,$(1))
for conffile in $(1)/etc/config/*; do \