From 094106519a3202c89594ebdff4235ae38bdc41df Mon Sep 17 00:00:00 2001 From: Maxim Devaev Date: Fri, 24 Jun 2022 17:55:38 +0300 Subject: fixed permissions --- configs/os/sysusers.conf | 4 ++++ scripts/kvmd-certbot | 2 ++ 2 files changed, 6 insertions(+) diff --git a/configs/os/sysusers.conf b/configs/os/sysusers.conf index b25179b8..74ab9069 100644 --- a/configs/os/sysusers.conf +++ b/configs/os/sysusers.conf @@ -21,8 +21,12 @@ m kvmd spi m kvmd systemd-journal m kvmd-pst kvmd + m kvmd-ipmi kvmd + m kvmd-vnc kvmd +m kvmd-vnc kvmd-certbot + m kvmd-janus kvmd m kvmd-janus audio diff --git a/scripts/kvmd-certbot b/scripts/kvmd-certbot index 937a6fb0..72adb8e2 100755 --- a/scripts/kvmd-certbot +++ b/scripts/kvmd-certbot @@ -62,6 +62,7 @@ if [ "$1" == "renew" ]; then rm -rf '$new' cp -a '$tmp' '$new' rm '$new/updated' + chmod 750 '$new/config/'{archive,live} chmod 640 '$new'/config/archive/*/privkey*.pem sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'* sync @@ -91,6 +92,7 @@ else --webroot-path="$web" \ --deploy-hook="/usr/bin/bash -c ' set -ex + chmod 750 '$cur/config/'{archive,live} cd \"\$RENEWED_LINEAGE\" chmod 640 privkey.pem ln -s fullchain.pem server.crt -- cgit v1.2.3