From 72d99850e24aa0c25ce3d3f819b1a128addcdffb Mon Sep 17 00:00:00 2001 From: Matt Ezell Date: Wed, 6 Sep 2017 21:18:35 -0400 Subject: [PATCH] Ensure mypostscript has permission 700 (#3847) Only root needs to run this script --- xCAT-server/share/xcat/install/scripts/post.debian | 2 +- xCAT-server/share/xcat/install/scripts/post.rhel5.s390x | 2 +- xCAT-server/share/xcat/install/scripts/post.rhel6.s390x | 2 +- xCAT-server/share/xcat/install/scripts/post.sles10.s390x | 2 +- xCAT-server/share/xcat/install/scripts/post.sles11.s390x | 2 +- xCAT-server/share/xcat/install/scripts/post.xcat | 4 ++-- xCAT/postscripts/cumulusztp | 2 +- xCAT/postscripts/getmypostscript.cumulus | 1 + xCAT/postscripts/xcatdsklspost | 2 +- 9 files changed, 10 insertions(+), 9 deletions(-) diff --git a/xCAT-server/share/xcat/install/scripts/post.debian b/xCAT-server/share/xcat/install/scripts/post.debian index 3f8aa5aa0..42ae2388e 100644 --- a/xCAT-server/share/xcat/install/scripts/post.debian +++ b/xCAT-server/share/xcat/install/scripts/post.debian @@ -77,7 +77,7 @@ do done - chmod +x /xcatpost/mypostscript + chmod 700 /xcatpost/mypostscript GOTIT=1 break fi diff --git a/xCAT-server/share/xcat/install/scripts/post.rhel5.s390x b/xCAT-server/share/xcat/install/scripts/post.rhel5.s390x index 63bfc4e1a..117f483a9 100644 --- a/xCAT-server/share/xcat/install/scripts/post.rhel5.s390x +++ b/xCAT-server/share/xcat/install/scripts/post.rhel5.s390x @@ -68,7 +68,7 @@ do done # Make executable - chmod +x /xcatpost/mypostscript + chmod 700 /xcatpost/mypostscript GOTIT=1 break fi diff --git a/xCAT-server/share/xcat/install/scripts/post.rhel6.s390x b/xCAT-server/share/xcat/install/scripts/post.rhel6.s390x index 72e441781..7c6fb8a78 100644 --- a/xCAT-server/share/xcat/install/scripts/post.rhel6.s390x +++ b/xCAT-server/share/xcat/install/scripts/post.rhel6.s390x @@ -68,7 +68,7 @@ do done # Make executable - chmod +x /xcatpost/mypostscript + chmod 700 /xcatpost/mypostscript GOTIT=1 break fi diff --git a/xCAT-server/share/xcat/install/scripts/post.sles10.s390x b/xCAT-server/share/xcat/install/scripts/post.sles10.s390x index f6d0947a3..68d5934f6 100644 --- a/xCAT-server/share/xcat/install/scripts/post.sles10.s390x +++ b/xCAT-server/share/xcat/install/scripts/post.sles10.s390x @@ -72,7 +72,7 @@ do done # Make executable - chmod +x /tmp/mypostscript + chmod 700 /tmp/mypostscript GOTIT=1 break fi diff --git a/xCAT-server/share/xcat/install/scripts/post.sles11.s390x b/xCAT-server/share/xcat/install/scripts/post.sles11.s390x index e213ee557..c59eb1df5 100644 --- a/xCAT-server/share/xcat/install/scripts/post.sles11.s390x +++ b/xCAT-server/share/xcat/install/scripts/post.sles11.s390x @@ -73,7 +73,7 @@ do done # Make executable - chmod +x /tmp/mypostscript + chmod 700 /tmp/mypostscript GOTIT=1 break fi diff --git a/xCAT-server/share/xcat/install/scripts/post.xcat b/xCAT-server/share/xcat/install/scripts/post.xcat index 388badb7b..bb8b8caee 100755 --- a/xCAT-server/share/xcat/install/scripts/post.xcat +++ b/xCAT-server/share/xcat/install/scripts/post.xcat @@ -116,7 +116,7 @@ if [ "$?" = "0" ]; then msgutil_r "$MASTER_IP" "debug" "precreated mypostscript downloaded successfully" "/var/log/xcat/xcat.log" fi mv /xcatpost/mypostscript.$NODE /xcatpost/mypostscript - chmod +x /xcatpost/mypostscript + chmod 700 /xcatpost/mypostscript fi USEOPENSSLFORXCAT=1 #Though this is the only method going forward, flag to allow backward compatibility with 2.2 generated netboot images @@ -404,7 +404,7 @@ if [ \"\$return_value\" -ne \"0\" ]; then fi " >> /xcatpost/mypostscript -chmod 755 /xcatpost/mypostscript +chmod 700 /xcatpost/mypostscript export ARCH=#TABLE:nodetype:THISNODE:arch# export CONSOLEPORT=#TABLEBLANKOKAY:nodehm:THISNODE:serialport# diff --git a/xCAT/postscripts/cumulusztp b/xCAT/postscripts/cumulusztp index 6fdc7a537..563016689 100755 --- a/xCAT/postscripts/cumulusztp +++ b/xCAT/postscripts/cumulusztp @@ -149,7 +149,7 @@ fi #config static ip address for mgt interface echo './confignics -s' >> ./mypostscript -chmod +x ./mypostscript +chmod 700 ./mypostscript ./mypostscript rc=$? if [ "$rc" != "0" ]; then diff --git a/xCAT/postscripts/getmypostscript.cumulus b/xCAT/postscripts/getmypostscript.cumulus index 54a54d1d0..b51181d9b 100755 --- a/xCAT/postscripts/getmypostscript.cumulus +++ b/xCAT/postscripts/getmypostscript.cumulus @@ -52,6 +52,7 @@ cat /tmp/resp.xml | egrep '' | sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed #will be supported if there is requrement on this sed -i -e "/# postscripts-start-here/,$ d" /xcatpost/mypostscript +chmod 700 /xcatpost/mypostscript rm -f /tmp/req.xml rm -f /tmp/resp.xml exit 0 diff --git a/xCAT/postscripts/xcatdsklspost b/xCAT/postscripts/xcatdsklspost index 989b35548..107c05f9f 100755 --- a/xCAT/postscripts/xcatdsklspost +++ b/xCAT/postscripts/xcatdsklspost @@ -963,7 +963,7 @@ if [ "$MODE" = "1" ] || [ "$MODE" = "2" ] || [ "$MODE" = "5" ]; then echo "exit \$return_value" >> /$xcatpost/mypostscript fi -chmod +x /$xcatpost/mypostscript +chmod 700 /$xcatpost/mypostscript if [ -x /$xcatpost/mypostscript ];then echolog "debug" "running /$xcatpost/mypostscript" /$xcatpost/mypostscript