spacebar/macos-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix permission errors caused by umask

Browse Source
This commit is contained in:
Rezart Qelibari
2022-05-29 20:28:02 +02:00
parent 6551c7ee06
commit e69e92bdc1
3 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/03-install-brew.sh
View File

@@ -28,8 +28,10 @@ function ensureUserCannotRunSudo() {
local username=$1 local username=$1
local sudoersFile="/etc/sudoers.d/disallow-sudo-for-${username}" local sudoersFile="/etc/sudoers.d/disallow-sudo-for-${username}"
[[ -f ${sudoersFile} ]] && return [[ -f ${sudoersFile} ]] && return
print -- "Defaults:${username} !authenticate cat <<- SUDOERS > "${sudoersFile}"
${username} ALL=(ALL) !ALL" > "${sudoersFile}" Defaults:${username} !authenticate
${username} ALL=(ALL) !ALL
SUDOERS
chown root:wheel "${sudoersFile}" || return 10 chown root:wheel "${sudoersFile}" || return 10
chmod u=rw,g=r,o= "${sudoersFile}" || return 20 chmod u=rw,g=r,o= "${sudoersFile}" || return 20
} }
@@ -63,8 +65,8 @@ function ensureHomebrewOwnershipAndPermission() {
local itemPath=${1} local itemPath=${1}
local username=${homebrew_username} local username=${homebrew_username}
[[ -f ${itemPath} || -d ${itemPath} ]] || return 1 [[ -f ${itemPath} || -d ${itemPath} ]] || return 1
chown "${username}:admin" ${itemPath} chown -R "${username}:admin" ${itemPath}
chmod ug+rwx,o-w ${itemPath} chmod ug=rwx,o=rx ${itemPath}
} }
function ensureInstallPrefix() { function ensureInstallPrefix() {
@@ -76,7 +78,7 @@ function ensureInstallPrefix() {
function makeDirsGroupWritableIfExist() { function makeDirsGroupWritableIfExist() {
local dir= local dir=
local directories=(bin etc include sbin share opt var Frameworks etc/bash_completion.d lib/pkgconfig share/aclocal share/doc share/info share/locale share/man share/man/man1 share/man/man2 share/man/man3 share/man/man4 share/man/man5 share/man/man6 share/man/man7 share/man/man8 var/log var/homebrew var/homebrew/linked bin/brew) local directories=(bin etc include lib sbin share opt var Frameworks etc/bash_completion.d lib/pkgconfig share/aclocal share/doc share/info share/locale share/man share/man/man{1,2,3,4,5,6,7,8} var/log var/homebrew var/homebrew/linked bin/brew)
for dir in ${directories}; do for dir in ${directories}; do
[[ ! -d "${dir}" ]] && continue [[ ! -d "${dir}" ]] && continue
@@ -89,7 +91,7 @@ function ensureZSHDirectories() {
local directories=(share/zsh share/zsh/site-functions) local directories=(share/zsh share/zsh/site-functions)
for dir in ${directories}; do for dir in ${directories}; do
ensureDirectoryWithDefaultMod ${dir} ensureDirectoryWithDefaultMod ${dir}
chmod go-w ${dir} chmod go=rx ${dir}
done done
} }
@@ -126,6 +128,7 @@ function configureInstallPrefix() {
else else
lop -y body -- -d "Install prefix at ${dirPath} does not exist. Will create it." lop -y body -- -d "Install prefix at ${dirPath} does not exist. Will create it."
indicateActivity 'Creating install prefix' createInstallPrefix indicateActivity 'Creating install prefix' createInstallPrefix
indicateActivity 'Create neccessary folders' fixInstallPrefixPermissions
fi fi
} }
@@ -147,8 +150,8 @@ function downloadHomebrew() {
runAsHomebrewUser git config core.autocrlf false runAsHomebrewUser git config core.autocrlf false
runAsHomebrewUser git config --replace-all homebrew.analyticsmessage false runAsHomebrewUser git config --replace-all homebrew.analyticsmessage false
runAsHomebrewUser git config --replace-all homebrew.caskanalyticsmessage false runAsHomebrewUser git config --replace-all homebrew.caskanalyticsmessage false
runAsHomebrewUser git fetch --quiet --force --depth 1 origin > /dev/null runAsHomebrewUser git fetch --quiet --force origin > /dev/null
runAsHomebrewUser git fetch --quiet --force --tags --depth 1 origin > /dev/null runAsHomebrewUser git fetch --quiet --force --tags origin > /dev/null
runAsHomebrewUser git reset --hard origin/master runAsHomebrewUser git reset --hard origin/master
} }
@@ -168,9 +171,10 @@ function createBrewCallerScript() {
export HOMEBREW_NO_ANALYTICS=1 export HOMEBREW_NO_ANALYTICS=1
export HOMEBREW_NO_ANALYTICS_THIS_RUN=1 export HOMEBREW_NO_ANALYTICS_THIS_RUN=1
export HOMEBREW_NO_ANALYTICS_MESSAGE_OUTPUT=1 export HOMEBREW_NO_ANALYTICS_MESSAGE_OUTPUT=1
umask 002
\"${homebrew_prefix}/Homebrew/bin/brew\" \"\$@\"" > ${brewCallerPath} \"${homebrew_prefix}/Homebrew/bin/brew\" \"\$@\"" > ${brewCallerPath}
chown ${username}:admin ${brewCallerPath} chown ${username}:admin ${brewCallerPath}
chmod ug+x ${brewCallerPath} chmod ug+x,o-x ${brewCallerPath}
runAsHomebrewUser ln -sf ${homebrew_prefix}/Homebrew/bin/brew_caller "${homebrew_prefix}/bin/brew" runAsHomebrewUser ln -sf ${homebrew_prefix}/Homebrew/bin/brew_caller "${homebrew_prefix}/bin/brew"
} }
@@ -182,7 +186,7 @@ function installHomebrewCore() {
runAsHomebrewUser git config remote.origin.url "${git_homebrew_core_remote}" runAsHomebrewUser git config remote.origin.url "${git_homebrew_core_remote}"
runAsHomebrewUser git config remote.origin.fetch '+refs/heads/*:refs/remotes/origin/*' runAsHomebrewUser git config remote.origin.fetch '+refs/heads/*:refs/remotes/origin/*'
runAsHomebrewUser git config core.autocrlf false runAsHomebrewUser git config core.autocrlf false
runAsHomebrewUser git fetch --quiet --depth 1 --force origin 'refs/heads/master:refs/remotes/origin/master' > /dev/null runAsHomebrewUser git fetch --quiet --force origin 'refs/heads/master:refs/remotes/origin/master' > /dev/null
runAsHomebrewUser git remote set-head origin --auto > /dev/null runAsHomebrewUser git remote set-head origin --auto > /dev/null
runAsHomebrewUser git reset --hard origin/master runAsHomebrewUser git reset --hard origin/master
} }
@@ -211,6 +215,8 @@ function createLaunchDaemonsPlist() {
<string>${username}</string> <string>${username}</string>
<key>GroupName</key> <key>GroupName</key>
<string>admin</string> <string>admin</string>
<key>Umask</key>
<integer>2</integer>
</dict> </dict>
</plist>" > "${launcherPath}" </plist>" > "${launcherPath}"
chown root:wheel ${launcherPath} chown root:wheel ${launcherPath}
@@ -262,6 +268,7 @@ function getExecPrerequisites() {
[chmod]='' [chmod]=''
[sudo]='' [sudo]=''
[grep]='' [grep]=''
[git]=''
[sort]='' [sort]=''
[awk]='' [awk]=''
[launchctl]='' [launchctl]=''

4
modules/07-install-binaries.sh
View File

@@ -18,14 +18,14 @@ function installDocopts() {
local destPath='/usr/local/bin/docopts' local destPath='/usr/local/bin/docopts'
[[ -x ${destPath} ]] && return [[ -x ${destPath} ]] && return
indicateActivity -- 'Downloading docpts' curl --output ${destPath} -fsSL ${docopts_url} || return indicateActivity -- 'Downloading docpts' curl --output ${destPath} -fsSL ${docopts_url} || return
chown root:admin ${destPath} ensureRightAccess ${destPath}
chmod 755 ${destPath}
} }
function configure_system() { function configure_system() {
lop -y h1 -- -i 'Install Utility Binaries' lop -y h1 -- -i 'Install Utility Binaries'
local dstDir='/usr/local/bin' local dstDir='/usr/local/bin'
ensurePathOrLogError ${dstDir} 'Could not install binaries.' || return 10 ensurePathOrLogError ${dstDir} 'Could not install binaries.' || return 10
indicateActivity -- "Set sticky bit to ${dstDir} folder" chmod +t ${dstDir}
installDocopts installDocopts
copyUtilityBinaries copyUtilityBinaries
} }

1
modules/08-install-zsh-libraries.sh
View File

@@ -9,6 +9,7 @@ function installZshlib() {
pushd -q ${ASTZWEIG_ZSHLIB} pushd -q ${ASTZWEIG_ZSHLIB}
zcompile -z -U ${zshlibPath} $(find . -type f -perm +u=x -maxdepth 1) zcompile -z -U ${zshlibPath} $(find . -type f -perm +u=x -maxdepth 1)
libs+=(${zshlibPath}.zwc) libs+=(${zshlibPath}.zwc)
chmod ugo=r ${zshlibPath}.zwc
popd -q popd -q
} }