From 368598819fc339cc1dbf788d092af9e4c5191f30 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Wed, 20 Nov 2024 16:12:18 +0300 Subject: [PATCH] home: add permcheck option --- internal/home/home.go | 16 ++++++++++++---- internal/home/options.go | 12 ++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/internal/home/home.go b/internal/home/home.go index 4c2771e4..e0c5cb28 100644 --- a/internal/home/home.go +++ b/internal/home/home.go @@ -686,18 +686,26 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) { } } - if permcheck.NeedsMigration(confPath) { - permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath) + if opts.checkPermissions { + permCheck(confPath, dataDir, statsDir, querylogDir) } - permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath) - Context.web.start() // Wait for other goroutines to complete their job. <-done } +// permCheck checks and migrates permissions of the files and directories used +// by AdGuard Home, if needed. +func permCheck(confPath, dataDir, statsDir, querylogDir string) { + if permcheck.NeedsMigration(confPath) { + permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath) + } + + permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath) +} + // initUsers initializes context auth module. Clears config users field. func initUsers() (auth *Auth, err error) { sessFilename := filepath.Join(Context.getDataDir(), "sessions.db") diff --git a/internal/home/options.go b/internal/home/options.go index 35f26303..6cb6d1db 100644 --- a/internal/home/options.go +++ b/internal/home/options.go @@ -78,6 +78,10 @@ type options struct { // localFrontend forces AdGuard Home to use the frontend files from disk // rather than the ones that have been compiled into the binary. localFrontend bool + + // checkPermissions enables the migration of permissions for the + // security-sensitive files, including the working directory itself. + checkPermissions bool } // initCmdLineOpts completes initialization of the global command-line option @@ -305,6 +309,14 @@ var cmdLineOpts = []cmdLineOpt{{ description: "Run in GL-Inet compatibility mode.", longName: "glinet", shortName: "", +}, { + updateWithValue: nil, + updateNoValue: func(o options) (options, error) { o.checkPermissions = true; return o, nil }, + effect: nil, + serialize: func(o options) (val string, ok bool) { return "", o.checkPermissions }, + description: "Check and migrate permissions of security-sensitive files.", + longName: "permcheck", + shortName: "", }, { updateWithValue: nil, updateNoValue: nil,