Skip to content

Commit ee5b197

Browse files
vmcjvmcj
committed
Allow www-data to store the files from import-contest
We set the mask explicit to the most loose configuration to prevent the ACL effectively allowing less than configured.
1 parent ea17d1d commit ee5b197

File tree

1 file changed

+20
-2
lines changed

1 file changed

+20
-2
lines changed

Makefile

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -256,8 +256,17 @@ inplace-install-l:
256256
@echo " setfacl -R -m u:$(WEBSERVER_GROUP):rx $(CURDIR)/webapp"
257257
@echo " setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/var"
258258
@echo " setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/var"
259-
@echo " setfacl -R -m d:m::rwx $(CURDIR)/webapp/var"
260-
@echo " setfacl -R -m m::rwx $(CURDIR)/webapp/var"
259+
@echo " setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/countries"
260+
@echo " setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/countries"
261+
@echo " setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/teams"
262+
@echo " setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/teams"
263+
@echo " setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/banners"
264+
@echo " setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/banners"
265+
@echo " setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/affiliations"
266+
@echo " setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/affiliations"
267+
@echo " setfacl -R -m d:m::rwx $(CURDIR)/webapp/var"
268+
@echo " setfacl -R -m m::rwx $(CURDIR)/webapp/var"
269+
@echo " setfacl -R -m mask::rwx $(CURDIR)"
261270
@echo " # Also make sure you keep access"
262271
@echo " setfacl -R -m d:u:$(DOMJUDGE_USER):rwx $(CURDIR)/webapp/var"
263272
@echo " setfacl -R -m u:$(DOMJUDGE_USER):rwx $(CURDIR)/webapp/var"
@@ -285,10 +294,19 @@ inplace-postinstall-permissions:
285294
setfacl -R -m u:$(WEBSERVER_GROUP):rx $(CURDIR)/webapp
286295
setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/var
287296
setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/var
297+
setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/countries
298+
setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/countries
299+
setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/teams
300+
setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/teams
301+
setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/banners
302+
setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/banners
303+
setfacl -R -m d:u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/affiliations
304+
setfacl -R -m u:$(WEBSERVER_GROUP):rwx $(CURDIR)/webapp/public/images/affiliations
288305
setfacl -R -m d:u:$(DOMJUDGE_USER):rwx $(CURDIR)/webapp/var
289306
setfacl -R -m u:$(DOMJUDGE_USER):rwx $(CURDIR)/webapp/var
290307
setfacl -R -m d:m::rwx $(CURDIR)/webapp/var
291308
setfacl -R -m m::rwx $(CURDIR)/webapp/var
309+
setfacl -R -m mask::rwx $(CURDIR)
292310
if command -v sestatus >/dev/null 2>&1; then \
293311
chcon -R -t httpd_sys_content_t $(CURDIR)/webapp; \
294312
chcon -R -t httpd_config_t $(CURDIR)/etc; \

0 commit comments

Comments
 (0)