Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set owner of gravity output files to pihole #5419

Merged
merged 4 commits into from
Oct 14, 2023
Merged

Set owner of gravity output files to pihole #5419

merged 4 commits into from
Oct 14, 2023

Conversation

yubiuser
Copy link
Member

@yubiuser yubiuser commented Oct 8, 2023
edited
Loading

What does this PR aim to accomplish?:

Fixes permission issues with downloaded list and *.sha files that occurs on v6. All files in /etc/pihole should belong to pihole (See #5356). However, during pihole -up (which runs as root), the install script is called, which in turn runs gravity from /opt/pihole. All touched files will be owned by root afterwards.

In contrast, pihole -g runs gravity as pihole which causes issues at

pi-hole/gravity.sh

Line 635 in 96640ea

tr '[:upper:]' '[:lower:]' < "${src}" > "${destination}" 

rw-rw----  1 pihole pihole  408  8. Okt 22:20 install.log
-rw-r--r--  1 root   root   2,9M  8. Okt 22:20 list.1.raw.githubusercontent.com.domains
-rw-r--r--  1 root   root     95  8. Okt 22:20 list.1.raw.githubusercontent.com.domains.sha1
-rw-r--r--  1 root   root   403K  8. Okt 22:20 list.2.sysctl.org.domains
-rw-r--r--  1 root   root     80  8. Okt 22:20 list.2.sysctl.org.domains.sha1
-rw-r--r--  1 root   root   913K  8. Okt 22:20 list.3.raw.githubusercontent.com.domains
-rw-r--r--  1 root   root     95  8. Okt 22:20 list.3.raw.githubusercontent.com.domains.sha1
-rw-r--r--  1 root   root   842K  8. Okt 22:20 list.4.small.oisd.nl.domains
-rw-r--r--  1 root   root     83  8. Okt 22:20 list.4.small.oisd.nl.domains.sha1
-rw-r--r--  1 pihole pihole   65  8. Okt 22:20 local.list
-rw-rw----  1 pihole pihole  241  1. Aug 23:15 logrotate
-rw-rw----  1 pihole pihole 3,0M  8. Okt 21:41 macvendor.db
drw-rw----  2 pihole pihole 4,0K  1. Aug 23:16 migration_backup
-rw-rw----  1 pihole pihole  127  1. Aug 23:15 pihole-FTL.conf.bck
-rw-rw-r--  1 pihole pihole  18M  8. Okt 22:22 pihole-FTL.db
-rw-rw----  1 pihole pihole  39K  8. Okt 22:20 pihole.toml
-rw-rw----  1 pihole pihole  347  1. Aug 23:16 setupVars.conf
-rw-rw----  1 pihole pihole  648  1. Aug 23:18 tls.crt
-rw-rw----  1 pihole pihole  936  1. Aug 23:18 tls.pem
-rw-r--r--  1 pihole pihole  385  8. Okt 22:20 versions
nanopi@nanopi:~$ pihole -g
[sudo] Passwort für nanopi: 
  [i] Neutrino emissions detected...
  [i] Storing gravity database in /etc/pihole/gravity.db
  [✓] Pulling blocklist source list into range

  [✓] Preparing new gravity database
  [✓] Creating new gravity databases
  [i] Using libz compression

  [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: Retrieval successful
/opt/pihole/gravity.sh: line 635: /etc/pihole/list.1.raw.githubusercontent.com.domains: Permission denied

How does this PR accomplish the above?:

Explicitly set the invoking user to pihole in basic-install.sh when running gravity. As the gravity run is one of the last things we do, pihole should already be available.
Additionally, this requires that that /etc/pihole is writable by pihole already at that stage.

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)
  6. I have checked that another pull request for this purpose does not exist.
  7. I have considered, and confirmed that this submission will be valuable to others.
  8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  9. I give this submission freely, and claim no ownership to its content.
  • I have read the above and my PR is ready for review. Check this box to confirm

@yubiuser
Set owner of gravity output files to pihole
6001fe3 
Signed-off-by: Christian König <ckoenig@posteo.de>
@yubiuser yubiuser requested a review from a team October 8, 2023 21:18
@yubiuser
Run gravity as user pihole
679aab1 
Signed-off-by: Christian König <ckoenig@posteo.de>
@yubiuser yubiuser requested a review from DL6ER October 9, 2023 19:56
@yubiuser
Set owner/group of /etc/pihole to pihole
2286384 
Signed-off-by: Christian König <ckoenig@posteo.de>
@pralor-bot
Copy link

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/webinterface-bug/65460/5

@yubiuser
Set owner/permissions at the right place
2061f3a 
Signed-off-by: Christian König <ckoenig@posteo.de>
@yubiuser yubiuser added the PR: Approval Required Open Pull Request, needs approval label Oct 11, 2023
@pralor-bot
Copy link

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/docker-v6-dev-gives-weird-log-errors/65464/2

@yubiuser yubiuser merged commit 2841a33 into development-v6 Oct 14, 2023
15 checks passed
@yubiuser yubiuser deleted the fix/gravity_permission branch October 14, 2023 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DL6ER DL6ER DL6ER approved these changes

Assignees
No one assigned
Labels
Pi-hole v6.0 PR: Approval Required Open Pull Request, needs approval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@yubiuser @pralor-bot @DL6ER @rdwebdesign