mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

home: add permcheck option

This commit is contained in:
Eugene Burkov 2024-11-20 16:12:18 +03:00
parent 1d6d85cff4
commit 368598819f
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
internal/home/home.go
View File

@ -686,18 +686,26 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
} }
} }
if permcheck.NeedsMigration(confPath) { if opts.checkPermissions {
permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath) permCheck(confPath, dataDir, statsDir, querylogDir)
} }
permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath)
Context.web.start() Context.web.start()
// Wait for other goroutines to complete their job. // Wait for other goroutines to complete their job.
<-done <-done
} }
// permCheck checks and migrates permissions of the files and directories used
// by AdGuard Home, if needed.
func permCheck(confPath, dataDir, statsDir, querylogDir string) {
if permcheck.NeedsMigration(confPath) {
permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath)
}
permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath)
}
// initUsers initializes context auth module. Clears config users field. // initUsers initializes context auth module. Clears config users field.
func initUsers() (auth *Auth, err error) { func initUsers() (auth *Auth, err error) {
sessFilename := filepath.Join(Context.getDataDir(), "sessions.db") sessFilename := filepath.Join(Context.getDataDir(), "sessions.db")

12
internal/home/options.go
View File

@ -78,6 +78,10 @@ type options struct {
// localFrontend forces AdGuard Home to use the frontend files from disk // localFrontend forces AdGuard Home to use the frontend files from disk
// rather than the ones that have been compiled into the binary. // rather than the ones that have been compiled into the binary.
localFrontend bool localFrontend bool
// checkPermissions enables the migration of permissions for the
// security-sensitive files, including the working directory itself.
checkPermissions bool
} }
// initCmdLineOpts completes initialization of the global command-line option // initCmdLineOpts completes initialization of the global command-line option
@ -305,6 +309,14 @@ var cmdLineOpts = []cmdLineOpt{{
description: "Run in GL-Inet compatibility mode.", description: "Run in GL-Inet compatibility mode.",
longName: "glinet", longName: "glinet",
shortName: "", shortName: "",
}, {
updateWithValue: nil,
updateNoValue: func(o options) (options, error) { o.checkPermissions = true; return o, nil },
effect: nil,
serialize: func(o options) (val string, ok bool) { return "", o.checkPermissions },
description: "Check and migrate permissions of security-sensitive files.",
longName: "permcheck",
shortName: "",
}, { }, {
updateWithValue: nil, updateWithValue: nil,
updateNoValue: nil, updateNoValue: nil,