Skip to content

Commit

Permalink
Merge pull request #1575 from timopollmeier/feed-sync-chmod
Browse files Browse the repository at this point in the history
Set file permissions in greenbone-feed-sync
  • Loading branch information
bjoernricks authored Jun 22, 2021
2 parents 7265079 + ad93ec4 commit ab8f971
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Clean up log config, add gvm-libs log domains [#1502](https://github.com/greenbone/gvmd/pull/1502)
- Sort missing severity as lowest value in GMP get [#1508](https://github.com/greenbone/gvmd/pull/1508)
- Use passwordbasedauthentication of gvm-libs instead of auth_utils [#1505](https://github.com/greenbone/gvmd/pull/1505)
- Set file permissions in greenbone-feed-sync [#1575](https://github.com/greenbone/gvmd/pull/1575)

### Fixed
- Also create owner WITH clause for single resources [#1406](https://github.com/greenbone/gvmd/pull/1406)
Expand Down
11 changes: 7 additions & 4 deletions tools/greenbone-feed-sync.in
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ RSYNC_SSH_OPTS="-o \"UserKnownHostsFile=/dev/null\" -o \"StrictHostKeyChecking=n
# RSYNC_COMPRESS specifies the compression level to use for the rsync connection.
RSYNC_COMPRESS="--compress-level=9"

# RSYNC_CHMOD specifies the permissions to chmod the files to.
RSYNC_CHMOD="--perms --chmod=Fugo+r,Fug+w,Dugo-s,Dugo+rx,Dug+w"

# PORT controls the outgoing TCP port for updates. If PAT/Port-Translation is
# not used, this should be "24". For some application layer firewalls or gates
# the value 22 (Standard SSH) is useful. Only change if you know what you are
Expand Down Expand Up @@ -367,7 +370,7 @@ is_feed_current () {
fi
fi
create_tmp_key
rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TMPACCESSKEY" -ltvrP --chmod=D+x $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/timestamp "$FEED_INFO_TEMP_DIR"
rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $TMPACCESSKEY" -ltvrP $RSYNC_CHMOD $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/timestamp "$FEED_INFO_TEMP_DIR"
if [ $? -ne 0 ]
then
log_err "rsync failed, aborting synchronization."
Expand All @@ -381,7 +384,7 @@ is_feed_current () {
# IP blocking due to network equipment in between keeping the previous connection too long open.
sleep 5
log_notice "No Greenbone Security Feed access key found, falling back to Greenbone Community Feed"
eval "$RSYNC -ltvrP \"$COMMUNITY_RSYNC_FEED/timestamp\" \"$FEED_INFO_TEMP_DIR\""
eval "$RSYNC -ltvrP $RSYNC_CHMOD \"$COMMUNITY_RSYNC_FEED/timestamp\" \"$FEED_INFO_TEMP_DIR\""
if [ $? -ne 0 ]
then
log_err "rsync failed, aborting synchronization."
Expand Down Expand Up @@ -443,7 +446,7 @@ do_rsync_community_feed () {
log_notice "Using rsync: $RSYNC"
log_notice "Configured $FEED_TYPE_LONG rsync feed: $COMMUNITY_RSYNC_FEED"
mkdir -p "$FEED_DIR"
eval "$RSYNC -ltvrP $RSYNC_DELETE \"$COMMUNITY_RSYNC_FEED\" \"$FEED_DIR\""
eval "$RSYNC -ltvrP $RSYNC_CHMOD $RSYNC_DELETE \"$COMMUNITY_RSYNC_FEED\" \"$FEED_DIR\""
if [ $? -ne 0 ]; then
log_err "rsync failed. Your $FEED_TYPE_LONG might be broken now."
exit 1
Expand Down Expand Up @@ -499,7 +502,7 @@ sync_feed_data(){
fi
fi
create_tmp_key
rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $ACCESSKEY" -ltvrP --chmod=D+x $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/ $FEED_DIR
rsync -e "ssh $RSYNC_SSH_OPTS $RSYNC_SSH_PROXY_CMD -p $PORT -i $ACCESSKEY" -ltvrP $RSYNC_CHMOD $RSYNC_DELETE $RSYNC_COMPRESS $custid_at_host:$GSF_RSYNC_PATH/ $FEED_DIR
if [ 0 -ne "$?" ]; then
log_err "rsync failed, aborting synchronization."
remove_tmp_key
Expand Down

0 comments on commit ab8f971

Please sign in to comment.