diff options
| author | feld <feld@FreeBSD.org> | 2015-03-24 22:15:43 +0800 |
|---|---|---|
| committer | feld <feld@FreeBSD.org> | 2015-03-24 22:15:43 +0800 |
| commit | 8a049dbfccd3c00fc870b5ca81113bcc47e86117 (patch) | |
| tree | c264d72b50c8b809d38b4ee3c723874234d3d9e4 /net-mgmt/unifi4 | |
| parent | 0473a8468e8edba33dc7860c36a348e8d13b11c9 (diff) | |
| download | freebsd-ports-gnome-8a049dbfccd3c00fc870b5ca81113bcc47e86117.tar.gz freebsd-ports-gnome-8a049dbfccd3c00fc870b5ca81113bcc47e86117.tar.zst freebsd-ports-gnome-8a049dbfccd3c00fc870b5ca81113bcc47e86117.zip | |
Improve default file permissions
Ensure unifi cannot write to itself in the event of an exploit
Unifi only needs write access to: data, log, run, and work directories
Diffstat (limited to 'net-mgmt/unifi4')
| -rw-r--r-- | net-mgmt/unifi4/Makefile | 5 | ||||
| -rw-r--r-- | net-mgmt/unifi4/pkg-plist | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/net-mgmt/unifi4/Makefile b/net-mgmt/unifi4/Makefile index 9cb20aa108b2..ba39633306aa 100644 --- a/net-mgmt/unifi4/Makefile +++ b/net-mgmt/unifi4/Makefile @@ -3,6 +3,7 @@ PORTNAME= unifi4 PORTVERSION= 4.6.0 +PORTREVISION= 1 CATEGORIES= net-mgmt java MASTER_SITES= http://dl.ubnt.com/unifi/${PORTVERSION}/ DISTNAME= UniFi.unix @@ -40,5 +41,9 @@ do-install: ${MKDIR} ${STAGEDIR}${JAVASHAREDIR}/unifi (cd ${WRKSRC} && ${COPYTREE_SHARE} \* ${STAGEDIR}${JAVASHAREDIR}/unifi/) ${LN} -sf ${PREFIX}/bin/mongod ${STAGEDIR}${JAVASHAREDIR}/unifi/bin/mongod +# Create directories that will be writable by unifi +.for i in data logs run work + ${MKDIR} ${STAGEDIR}/${JAVASHAREDIR}/unifi/${i} +.endfor .include <bsd.port.mk> diff --git a/net-mgmt/unifi4/pkg-plist b/net-mgmt/unifi4/pkg-plist index 80df65c3345f..49c60d5e846c 100644 --- a/net-mgmt/unifi4/pkg-plist +++ b/net-mgmt/unifi4/pkg-plist @@ -431,4 +431,8 @@ @dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/retina.js @dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/string_score @dir %%JAVASHAREDIR%%/unifi/webapps/ROOT/lib/4.6.0/js/libs/bower-components/underscore -@exec chown -R unifi:unifi %D/%%JAVASHAREDIR%%/unifi +@dir(root,wheel,755) %%JAVASHAREDIR%%/unifi +@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/data +@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/logs +@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/run +@dir(unifi,wheel,755) %%JAVASHAREDIR%%/unifi/work |