FreeBSD Mail Archives

Date:      Tue, 24 Mar 2015 14:15:44 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r382102 - in head/net-mgmt: unifi2 unifi3 unifi4
Message-ID:  <201503241415.t2OEFiLt094061@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: feld
Date: Tue Mar 24 14:15:43 2015
New Revision: 382102
URL: https://svnweb.freebsd.org/changeset/ports/382102
QAT: https://qat.redports.org/buildarchive/r382102/

Log:
  Improve default file permissions
  
  Ensure unifi cannot write to itself in the event of an exploit
  
  Unifi only needs write access to: data, log, run, and work directories

Modified:
  head/net-mgmt/unifi2/Makefile
  head/net-mgmt/unifi2/pkg-plist
  head/net-mgmt/unifi3/Makefile
  head/net-mgmt/unifi3/pkg-plist
  head/net-mgmt/unifi4/Makefile
  head/net-mgmt/unifi4/pkg-plist

Modified: head/net-mgmt/unifi2/Makefile
==============================================================================
--- head/net-mgmt/unifi2/Makefile	Tue Mar 24 14:08:21 2015	(r382101)
+++ head/net-mgmt/unifi2/Makefile	Tue Mar 24 14:15:43 2015	(r382102)
@@ -3,7 +3,7 @@
 
 PORTNAME=	unifi2
 PORTVERSION=	2.4.6
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	net-mgmt java
 MASTER_SITES=	http://dl.ubnt.com/unifi/${PORTVERSION}/
 DISTNAME=	UniFi.unix
@@ -45,5 +45,9 @@ do-install:
 	${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
 	${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
+# Create directories that will be writable by unifi
+.for i in data logs run work
+	${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
+.endfor
 
 .include <bsd.port.mk>

Modified: head/net-mgmt/unifi2/pkg-plist
==============================================================================
--- head/net-mgmt/unifi2/pkg-plist	Tue Mar 24 14:08:21 2015	(r382101)
+++ head/net-mgmt/unifi2/pkg-plist	Tue Mar 24 14:15:43 2015	(r382102)
@@ -220,52 +220,8 @@
 %%JAVASHAREDIR%%/unifi/webapps/ROOT/upnp.jsp
 %%JAVASHAREDIR%%/unifi/webapps/ROOT/waiting.jsp
 %%JAVASHAREDIR%%/unifi/webapps/ROOT/wizard.jsp
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/temp
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/pages
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/wizard
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/settings
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/global
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/p2N
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7P
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7O
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U7E
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U5O
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2S48
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2O
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2M
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2L48
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog/U2HSR
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/dialog
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/data-table
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media/alerts
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/media
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/swf
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/js/flex
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/js
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library/css
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/library
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/tabs
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/settings
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/panels
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes/dialogs
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/includes
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/WEB-INF
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT/META-INF
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps/ROOT
-@dirrmtry %%JAVASHAREDIR%%/unifi/webapps
-@dirrmtry %%JAVASHAREDIR%%/unifi/lib
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7P/2.4.6.2178
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7P
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7E/2.4.6.2178
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U7E
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U2S48/2.4.6.2178
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/U2S48
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/BZ2/2.4.6.2178
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware/BZ2
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl/firmware
-@dirrmtry %%JAVASHAREDIR%%/unifi/dl
-@dirrmtry %%JAVASHAREDIR%%/unifi/data
-@dirrmtry %%JAVASHAREDIR%%/unifi/conf
-@dirrmtry %%JAVASHAREDIR%%/unifi/bin
-@dirrmtry %%JAVASHAREDIR%%/unifi
-@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
+@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work

Modified: head/net-mgmt/unifi3/Makefile
==============================================================================
--- head/net-mgmt/unifi3/Makefile	Tue Mar 24 14:08:21 2015	(r382101)
+++ head/net-mgmt/unifi3/Makefile	Tue Mar 24 14:15:43 2015	(r382102)
@@ -3,6 +3,7 @@
 
 PORTNAME=	unifi3
 PORTVERSION=	3.2.10
+PORTREVISION=	1
 CATEGORIES=	net-mgmt java
 MASTER_SITES=	http://dl.ubnt.com/unifi/${PORTVERSION}/
 DISTNAME=	UniFi.unix
@@ -45,4 +46,9 @@ do-install:
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
 	${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
 
+# Create directories that will be writable by unifi
+.for i in data logs run work
+	${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
+.endfor
+
 .include <bsd.port.mk>

Modified: head/net-mgmt/unifi3/pkg-plist
==============================================================================
--- head/net-mgmt/unifi3/pkg-plist	Tue Mar 24 14:08:21 2015	(r382101)
+++ head/net-mgmt/unifi3/pkg-plist	Tue Mar 24 14:15:43 2015	(r382102)
@@ -243,4 +243,8 @@
 %%JAVASHAREDIR%%/unifi/webapps/ROOT/waiting.jsp
 %%JAVASHAREDIR%%/unifi/webapps/ROOT/wizard.jsp
 @dir %%JAVASHAREDIR%%/unifi/conf
-@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
+@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work

Modified: head/net-mgmt/unifi4/Makefile
==============================================================================
--- head/net-mgmt/unifi4/Makefile	Tue Mar 24 14:08:21 2015	(r382101)
+++ head/net-mgmt/unifi4/Makefile	Tue Mar 24 14:15:43 2015	(r382102)
@@ -3,6 +3,7 @@
 
 PORTNAME=	unifi4
 PORTVERSION=	4.6.0
+PORTREVISION=	1
 CATEGORIES=	net-mgmt java
 MASTER_SITES=	http://dl.ubnt.com/unifi/${PORTVERSION}/
 DISTNAME=	UniFi.unix
@@ -40,5 +41,9 @@ do-install:
 	${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/)
 	${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod
+# Create directories that will be writable by unifi
+.for i in data logs run work
+	${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i}
+.endfor
 
 .include <bsd.port.mk>

Modified: head/net-mgmt/unifi4/pkg-plist
==============================================================================
--- head/net-mgmt/unifi4/pkg-plist	Tue Mar 24 14:08:21 2015	(r382101)
+++ head/net-mgmt/unifi4/pkg-plist	Tue Mar 24 14:15:43 2015	(r382102)
@@ -431,4 +431,8 @@
 @dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/retina.js
 @dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/string_score
 @dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/underscore
-@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi
+@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run
+@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503241415.t2OEFiLt094061>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation