mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-22 04:55:33 +03:00
home: add permcheck option
This commit is contained in:
parent
1d6d85cff4
commit
368598819f
2 changed files with 24 additions and 4 deletions
|
@ -686,18 +686,26 @@ func run(opts options, clientBuildFS fs.FS, done chan struct{}) {
|
|||
}
|
||||
}
|
||||
|
||||
if permcheck.NeedsMigration(confPath) {
|
||||
permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath)
|
||||
if opts.checkPermissions {
|
||||
permCheck(confPath, dataDir, statsDir, querylogDir)
|
||||
}
|
||||
|
||||
permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath)
|
||||
|
||||
Context.web.start()
|
||||
|
||||
// Wait for other goroutines to complete their job.
|
||||
<-done
|
||||
}
|
||||
|
||||
// permCheck checks and migrates permissions of the files and directories used
|
||||
// by AdGuard Home, if needed.
|
||||
func permCheck(confPath, dataDir, statsDir, querylogDir string) {
|
||||
if permcheck.NeedsMigration(confPath) {
|
||||
permcheck.Migrate(Context.workDir, dataDir, statsDir, querylogDir, confPath)
|
||||
}
|
||||
|
||||
permcheck.Check(Context.workDir, dataDir, statsDir, querylogDir, confPath)
|
||||
}
|
||||
|
||||
// initUsers initializes context auth module. Clears config users field.
|
||||
func initUsers() (auth *Auth, err error) {
|
||||
sessFilename := filepath.Join(Context.getDataDir(), "sessions.db")
|
||||
|
|
|
@ -78,6 +78,10 @@ type options struct {
|
|||
// localFrontend forces AdGuard Home to use the frontend files from disk
|
||||
// rather than the ones that have been compiled into the binary.
|
||||
localFrontend bool
|
||||
|
||||
// checkPermissions enables the migration of permissions for the
|
||||
// security-sensitive files, including the working directory itself.
|
||||
checkPermissions bool
|
||||
}
|
||||
|
||||
// initCmdLineOpts completes initialization of the global command-line option
|
||||
|
@ -305,6 +309,14 @@ var cmdLineOpts = []cmdLineOpt{{
|
|||
description: "Run in GL-Inet compatibility mode.",
|
||||
longName: "glinet",
|
||||
shortName: "",
|
||||
}, {
|
||||
updateWithValue: nil,
|
||||
updateNoValue: func(o options) (options, error) { o.checkPermissions = true; return o, nil },
|
||||
effect: nil,
|
||||
serialize: func(o options) (val string, ok bool) { return "", o.checkPermissions },
|
||||
description: "Check and migrate permissions of security-sensitive files.",
|
||||
longName: "permcheck",
|
||||
shortName: "",
|
||||
}, {
|
||||
updateWithValue: nil,
|
||||
updateNoValue: nil,
|
||||
|
|
Loading…
Reference in a new issue