From aa2183033a4ff4f4b6136bb5ac9d146917c6ebbe Mon Sep 17 00:00:00 2001 From: Chris Aumann Date: Tue, 15 Feb 2022 22:37:32 +0100 Subject: [PATCH 1/4] Changes file mode for log and config files from 777 to ugo=rwX. Logfiles should never be executable. I don't think this should have any impact, as they are hopefully never executed. --- openwb-install.sh | 4 ++-- runs/atreboot.sh | 32 ++++++++++++++++---------------- runs/initRamdisk.sh | 2 +- runs/reboot.sh | 2 +- runs/restore.sh | 2 +- runs/shutdown.sh | 2 +- runs/transferladelog.sh | 2 +- runs/update.sh | 8 ++++---- zielladen.sh | 2 +- 9 files changed, 28 insertions(+), 28 deletions(-) diff --git a/openwb-install.sh b/openwb-install.sh index 40feeeffc..d40bafa85 100755 --- a/openwb-install.sh +++ b/openwb-install.sh @@ -118,10 +118,10 @@ fi echo "www-data ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/010_pi-nopasswd -chmod 777 /var/www/html/openWB/openwb.conf +chmod ugo=rwX /var/www/html/openWB/openwb.conf chmod +x /var/www/html/openWB/modules/* chmod +x /var/www/html/openWB/runs/* chmod +x /var/www/html/openWB/*.sh touch /var/log/openWB.log -chmod 777 /var/log/openWB.log +chmod ugo=rwX /var/log/openWB.log /var/www/html/openWB/runs/atreboot.sh diff --git a/runs/atreboot.sh b/runs/atreboot.sh index 2409ca254..97a9e260b 100755 --- a/runs/atreboot.sh +++ b/runs/atreboot.sh @@ -18,25 +18,25 @@ mkdir -p /var/www/html/openWB/web/backup touch /var/www/html/openWB/web/backup/.donotdelete sudo chown -R www-data:www-data /var/www/html/openWB/web/backup sudo chown -R www-data:www-data /var/www/html/openWB/web/tools/upload -sudo chmod 777 /var/www/html/openWB/openwb.conf -sudo chmod 777 /var/www/html/openWB/smarthome.ini -sudo chmod 777 /var/www/html/openWB/ramdisk -sudo chmod 777 /var/www/html/openWB/ramdisk/ -sudo chmod 777 /var/www/html/openWB/web/files/* +sudo chmod ugo=rwX /var/www/html/openWB/openwb.conf +sudo chmod ugo=rwX /var/www/html/openWB/smarthome.ini +sudo chmod ugo=rwX /var/www/html/openWB/ramdisk +sudo chmod ugo=rwX /var/www/html/openWB/ramdisk/ +sudo chmod ugo=rwX /var/www/html/openWB/web/files/* sudo chmod -R +x /var/www/html/openWB/modules/* -sudo chmod -R 777 /var/www/html/openWB/modules/soc_i3 -sudo chmod -R 777 /var/www/html/openWB/modules/soc_eq -sudo chmod -R 777 /var/www/html/openWB/modules/soc_tesla +sudo chmod -R ugo=rwX /var/www/html/openWB/modules/soc_i3 +sudo chmod -R ugo=rwX /var/www/html/openWB/modules/soc_eq +sudo chmod -R ugo=rwX /var/www/html/openWB/modules/soc_tesla -sudo chmod 777 /var/www/html/openWB/web/files/* +sudo chmod ugo=rwX /var/www/html/openWB/web/files/* sudo chmod -R +x /var/www/html/openWB/modules/* mkdir -p /var/www/html/openWB/web/logging/data/daily mkdir -p /var/www/html/openWB/web/logging/data/monthly mkdir -p /var/www/html/openWB/web/logging/data/ladelog mkdir -p /var/www/html/openWB/web/logging/data/v001 -sudo chmod -R 777 /var/www/html/openWB/web/logging/data/ +sudo chmod -R ugo=rwX /var/www/html/openWB/web/logging/data/ sudo chmod +x /var/www/html/openWB/packages/*.sh # update openwb.conf @@ -349,7 +349,7 @@ curl --connect-timeout 10 -d "update="$releasetrain$uuid"vers"$owbv"" -H "Conten echo "clear warning..." echo "" > /var/www/html/openWB/ramdisk/lastregelungaktiv echo "" > /var/www/html/openWB/ramdisk/mqttlastregelungaktiv -chmod 777 /var/www/html/openWB/ramdisk/mqttlastregelungaktiv +chmod ugo=rwX /var/www/html/openWB/ramdisk/mqttlastregelungaktiv # check for slave config and start handler if (( isss == 1 )); then @@ -415,8 +415,8 @@ sudo git -C /var/www/html/openWB show --pretty='format:%ci [%h]' | head -n1 > /v commitId=`git -C /var/www/html/openWB log --format="%h" -n 1` echo $commitId > /var/www/html/openWB/ramdisk/currentCommitHash echo `git -C /var/www/html/openWB branch -a --contains $commitId | perl -nle 'm|.*origin/(.+).*|; print $1' | uniq | xargs` > /var/www/html/openWB/ramdisk/currentCommitBranches -sudo chmod 777 /var/www/html/openWB/ramdisk/currentCommitHash -sudo chmod 777 /var/www/html/openWB/ramdisk/currentCommitBranches +sudo chmod ugo=rwX /var/www/html/openWB/ramdisk/currentCommitHash +sudo chmod ugo=rwX /var/www/html/openWB/ramdisk/currentCommitBranches # update broker echo "update broker..." @@ -443,9 +443,9 @@ rm -rf /var/www/html/openWB/web/themes/dark19_01 (sleep 10; mosquitto_pub -t openWB/set/ChargeMode -r -m "$bootmodus") & (sleep 10; mosquitto_pub -t openWB/global/ChargeMode -r -m "$bootmodus") & echo " " > /var/www/html/openWB/ramdisk/lastregelungaktiv -chmod 777 /var/www/html/openWB/ramdisk/lastregelungaktiv -chmod 777 /var/www/html/openWB/ramdisk/smarthome.log -chmod 777 /var/www/html/openWB/ramdisk/smarthomehandlerloglevel +chmod ugo=rwX /var/www/html/openWB/ramdisk/lastregelungaktiv +chmod ugo=rwX /var/www/html/openWB/ramdisk/smarthome.log +chmod ugo=rwX /var/www/html/openWB/ramdisk/smarthomehandlerloglevel # update etprovider pricelist echo "etprovider..." diff --git a/runs/initRamdisk.sh b/runs/initRamdisk.sh index adbcd2a62..9f6513e41 100644 --- a/runs/initRamdisk.sh +++ b/runs/initRamdisk.sh @@ -609,7 +609,7 @@ initRamdisk(){ fi echo $importtemp > $RamdiskPath/smarthomehandlermaxbatterypower - sudo chmod 777 $RamdiskPath/* + sudo chmod ugo=rwX $RamdiskPath/* echo "Trigger update of logfiles..." python3 /var/www/html/openWB/runs/csvcalc.py --input /var/www/html/openWB/web/logging/data/daily/ --output /var/www/html/openWB/web/logging/data/v001/ --partial /var/www/html/openWB/ramdisk/ --mode M >> /var/www/html/openWB/ramdisk/csvcalc.log 2>&1 & diff --git a/runs/reboot.sh b/runs/reboot.sh index fad02d527..56f567729 100755 --- a/runs/reboot.sh +++ b/runs/reboot.sh @@ -2,5 +2,5 @@ sudo rm /var/log/openWB.log sudo touch /var/log/openWB.log -sudo chmod 777 /var/log/openWB.log +sudo chmod ugo=rwX /var/log/openWB.log $(sleep 5 && sudo reboot now)& diff --git a/runs/restore.sh b/runs/restore.sh index f594781ed..aa20c1b7f 100755 --- a/runs/restore.sh +++ b/runs/restore.sh @@ -9,7 +9,7 @@ sudo tar -vxf backup.tar.gz echo "****************************************" echo "Step 3: replacing old files..." sudo cp -v -R /home/pi/var/www/html/openWB/* /var/www/html/openWB/ -sudo chmod 777 /var/www/html/openWB/openwb.conf +sudo chmod ugo=rwX /var/www/html/openWB/openwb.conf echo "****************************************" echo "Step 4: cleanup after restore..." sudo rm /var/www/html/openWB/web/tools/upload/backup.tar.gz diff --git a/runs/shutdown.sh b/runs/shutdown.sh index e8bb68592..52e7716e0 100644 --- a/runs/shutdown.sh +++ b/runs/shutdown.sh @@ -2,5 +2,5 @@ sudo rm /var/log/openWB.log sudo touch /var/log/openWB.log -sudo chmod 777 /var/log/openWB.log +sudo chmod ugo=rwX /var/log/openWB.log $(sleep 5 && sudo shutdown now)& diff --git a/runs/transferladelog.sh b/runs/transferladelog.sh index eb2ae9503..ec7dae767 100755 --- a/runs/transferladelog.sh +++ b/runs/transferladelog.sh @@ -13,6 +13,6 @@ if [ -e /var/www/html/openWB/web/ladelog ]; then done < "$oldlog" rm /var/www/html/openWB/web/ladelog chown -R pi:pi /var/www/html/openWB/web/logging/data/ladelog/ - chmod 777 /var/www/html/openWB/web/logging/data/ladelog/* + chmod ugo=rwX /var/www/html/openWB/web/logging/data/ladelog/* fi diff --git a/runs/update.sh b/runs/update.sh index 7f0a661a5..5a68a6950 100755 --- a/runs/update.sh +++ b/runs/update.sh @@ -11,7 +11,7 @@ echo 1 > /var/www/html/openWB/ramdisk/bootinprogress echo "Update im Gange, bitte warten bis die Meldung nicht mehr sichtbar ist" > /var/www/html/openWB/ramdisk/lastregelungaktiv mosquitto_pub -t "openWB/global/strLastmanagementActive" -r -m "Update im Gange, bitte warten bis die Meldung nicht mehr sichtbar ist" echo "Update im Gange, bitte warten bis die Meldung nicht mehr sichtbar ist" > /var/www/html/openWB/ramdisk/mqttlastregelungaktiv -chmod 777 /var/www/html/openWB/ramdisk/mqttlastregelungaktiv +chmod ugo=rwX /var/www/html/openWB/ramdisk/mqttlastregelungaktiv # The update might replace a number of files which might currently be in use by the continuously running legacy-run # server. If we replace the source files while the process is running, funny things might happen. @@ -83,12 +83,12 @@ sudo cp /tmp/soc_eq_acc_lp1 /var/www/html/openWB/modules/soc_eq/soc_eq_acc_lp1 sudo cp /tmp/soc_eq_acc_lp2 /var/www/html/openWB/modules/soc_eq/soc_eq_acc_lp2 # set permissions -sudo chmod 777 /var/www/html/openWB/openwb.conf +sudo chmod ugo=rwX /var/www/html/openWB/openwb.conf sudo chmod +x /var/www/html/openWB/modules/* sudo chmod +x /var/www/html/openWB/runs/* sudo chmod +x /var/www/html/openWB/*.sh -sudo chmod 777 /var/www/html/openWB/ramdisk/* -sudo chmod 777 /var/www/html/openWB/web/lade.log +sudo chmod ugo=rwX /var/www/html/openWB/ramdisk/* +sudo chmod ugo=rwX /var/www/html/openWB/web/lade.log sleep 2 # now treat system as in booting state diff --git a/zielladen.sh b/zielladen.sh index 4d6cd0f08..c1f046a46 100755 --- a/zielladen.sh +++ b/zielladen.sh @@ -36,7 +36,7 @@ ziellademodus(){ if (( ladestatus == 1 )); then echo 0 > ramdisk/ladungdurchziel echo 0 > ramdisk/zielladenkorrektura - sed -e "s/zielladenaktivlp1=.*/zielladenaktivlp1=0/" openwb.conf > ramdisk/openwb.conf && mv ramdisk/openwb.conf openwb.conf && chmod 777 openwb.conf + sed -e "s/zielladenaktivlp1=.*/zielladenaktivlp1=0/" openwb.conf > ramdisk/openwb.conf && mv ramdisk/openwb.conf openwb.conf && chmod ugo=rwX openwb.conf runs/set-current.sh 0 m fi else From 8a4d5fb99265f985c60aaa6f7ef873f88cbd1106 Mon Sep 17 00:00:00 2001 From: Chris Aumann Date: Tue, 15 Feb 2022 22:44:32 +0100 Subject: [PATCH 2/4] Use filemode 666 instead of 777 for output files in python scripts --- runs/csvcalc.py | 8 ++++---- runs/csvselmonth.py | 14 +++++++------- runs/csvselyear.py | 6 +++--- runs/smarthomehandler.py | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/runs/csvcalc.py b/runs/csvcalc.py index eee50880b..ee07ee169 100644 --- a/runs/csvcalc.py +++ b/runs/csvcalc.py @@ -284,7 +284,7 @@ def fillcount(row, datestring, file_stringo, firstfile): f1 = open(file_stringo, 'w') f1.write(str(headerst)) f1.close() - os.chmod(file_stringo, 0o777) + os.chmod(file_stringo, 0o666) else: f1 = open(file_stringo, 'a') excelstring = exceldate(countercsv[0]) @@ -329,7 +329,7 @@ def fillcounts(monhtrow, file_stringos, lastdate, lastzeit): line = line + str(0) + '\n' f1.write(str(line)) f1.close() - os.chmod(file_stringos, 0o777) + os.chmod(file_stringos, 0o666) print('%s %s written' % (getTime(), file_stringos)) for i in range(1, SUMCOLUMNSTART): if (i < len(monhtrow)): @@ -396,13 +396,13 @@ def reyeardet(calcyear): print('%s Yearerror %s inhalt %s' % (getTime(), file_stringis, str(e))) if (validdata == 1): f1.close() - os.chmod(file_stringo, 0o777) + os.chmod(file_stringo, 0o666) f1 = open(file_stringos, 'w') line = 'Anzahl Spalten,' + str(startspalten) + ',Letzes Datum,' + complastdate + ',Letzte Zeit,' + complastzeit + ', \n' f1.write(str(line)) f1.write(str(headerline)) f1.close() - os.chmod(file_stringos, 0o777) + os.chmod(file_stringos, 0o666) print('%s %s written' % (getTime(), file_stringos)) return diff --git a/runs/csvselmonth.py b/runs/csvselmonth.py index 0f74e93ce..ce67cbe5f 100644 --- a/runs/csvselmonth.py +++ b/runs/csvselmonth.py @@ -101,9 +101,9 @@ def selmonth(jjjjmm): f1 = open( outputfile + 'a_onl3', 'w') f1.write(str(sumlineb)) f1.close() - os.chmod(outputfile + 'a_onl1', 0o777) - os.chmod(outputfile + 'a_onl2', 0o777) - os.chmod(outputfile + 'a_onl3', 0o777) + os.chmod(outputfile + 'a_onl1', 0o666) + os.chmod(outputfile + 'a_onl2', 0o666) + os.chmod(outputfile + 'a_onl3', 0o666) #lesen gesamtes monatsfile ifile=0 try: @@ -141,10 +141,10 @@ def selmonth(jjjjmm): f2.close() f3.close() f4.close() - os.chmod(outputfile + 'a_onl4', 0o777) - os.chmod(outputfile + 'a_onl5', 0o777) - os.chmod(outputfile + 'a_onl6', 0o777) - os.chmod(outputfile + 'a_onl7', 0o777) + os.chmod(outputfile + 'a_onl4', 0o666) + os.chmod(outputfile + 'a_onl5', 0o666) + os.chmod(outputfile + 'a_onl6', 0o666) + os.chmod(outputfile + 'a_onl7', 0o666) except Exception as e: print ('%s error1 %s inhalt %s' % (getTime(),datestring, str(e) )) if (ifile == 0): diff --git a/runs/csvselyear.py b/runs/csvselyear.py index 92908bc7d..be05700d0 100644 --- a/runs/csvselyear.py +++ b/runs/csvselyear.py @@ -86,7 +86,7 @@ def selyear(jjjjmm): f1 = open( outputfile + 'b_onl1', 'w') f1.write(str(headerline)) f1.close() - os.chmod(outputfile + 'b_onl1', 0o777) + os.chmod(outputfile + 'b_onl1', 0o666) #lesen gesamtes Jahresfile ifile=0 try: @@ -116,8 +116,8 @@ def selyear(jjjjmm): f.close() f1.close() f2.close() - os.chmod(outputfile + 'b_onl4', 0o777) - os.chmod(outputfile + 'b_onl5', 0o777) + os.chmod(outputfile + 'b_onl4', 0o666) + os.chmod(outputfile + 'b_onl5', 0o666) except Exception as e: print ('%s error1 %s inhalt %s' % (getTime(),file_cvsfinp, str(e) )) if (ifile == 0): diff --git a/runs/smarthomehandler.py b/runs/smarthomehandler.py index 7f9fa1c33..566fb2d54 100644 --- a/runs/smarthomehandler.py +++ b/runs/smarthomehandler.py @@ -61,7 +61,7 @@ f = open(filename, 'w') f.write(str("0")) f.close() - os.chmod(filename, 0o777) + os.chmod(filename, 0o666) global numberOfDevices def cleardef(nummer): From 11541d50308a1130a8332dba0154c0620d3dd671 Mon Sep 17 00:00:00 2001 From: Chris Aumann Date: Tue, 15 Feb 2022 22:50:56 +0100 Subject: [PATCH 3/4] Remove duplicate ramdisk chmod --- runs/atreboot.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/runs/atreboot.sh b/runs/atreboot.sh index 97a9e260b..94ac167d9 100755 --- a/runs/atreboot.sh +++ b/runs/atreboot.sh @@ -21,7 +21,6 @@ sudo chown -R www-data:www-data /var/www/html/openWB/web/tools/upload sudo chmod ugo=rwX /var/www/html/openWB/openwb.conf sudo chmod ugo=rwX /var/www/html/openWB/smarthome.ini sudo chmod ugo=rwX /var/www/html/openWB/ramdisk -sudo chmod ugo=rwX /var/www/html/openWB/ramdisk/ sudo chmod ugo=rwX /var/www/html/openWB/web/files/* sudo chmod -R +x /var/www/html/openWB/modules/* From 1aa6835d0c8bbeff0a98a2348a927f3ed9f8019d Mon Sep 17 00:00:00 2001 From: Chris Aumann Date: Wed, 16 Feb 2022 08:05:52 +0100 Subject: [PATCH 4/4] Remove duplicate chown commands, use -R for modules/ files/ ramdisk instead of globs --- runs/atreboot.sh | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/runs/atreboot.sh b/runs/atreboot.sh index 94ac167d9..075424bbb 100755 --- a/runs/atreboot.sh +++ b/runs/atreboot.sh @@ -18,18 +18,12 @@ mkdir -p /var/www/html/openWB/web/backup touch /var/www/html/openWB/web/backup/.donotdelete sudo chown -R www-data:www-data /var/www/html/openWB/web/backup sudo chown -R www-data:www-data /var/www/html/openWB/web/tools/upload + sudo chmod ugo=rwX /var/www/html/openWB/openwb.conf sudo chmod ugo=rwX /var/www/html/openWB/smarthome.ini -sudo chmod ugo=rwX /var/www/html/openWB/ramdisk -sudo chmod ugo=rwX /var/www/html/openWB/web/files/* -sudo chmod -R +x /var/www/html/openWB/modules/* - -sudo chmod -R ugo=rwX /var/www/html/openWB/modules/soc_i3 -sudo chmod -R ugo=rwX /var/www/html/openWB/modules/soc_eq -sudo chmod -R ugo=rwX /var/www/html/openWB/modules/soc_tesla - -sudo chmod ugo=rwX /var/www/html/openWB/web/files/* -sudo chmod -R +x /var/www/html/openWB/modules/* +sudo chmod -R ugo=rwX /var/www/html/openWB/ramdisk/ +sudo chmod -R ugo=rwX /var/www/html/openWB/web/files/ +sudo chmod -R ugo=rwx /var/www/html/openWB/modules/ mkdir -p /var/www/html/openWB/web/logging/data/daily mkdir -p /var/www/html/openWB/web/logging/data/monthly