X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=conflink;h=e5cf3fbfda0d599f60c24435b8de356203831d8e;hb=563cc41a1f3ddb95bedf595cc249f53aea6629c1;hp=b44c4c324f787d5dcb4bbf6399d2a3423a386995;hpb=d6def754cd241538c61456536b52ee51cbd85b42;p=distro-setup diff --git a/conflink b/conflink index b44c4c3..e5cf3fb 100755 --- a/conflink +++ b/conflink @@ -56,6 +56,7 @@ readonly fast verbose ##### end command line parsing ######## +tmpf=$(mktemp) if $fast; then lnf() { ln -sf "$@"; } fi @@ -106,18 +107,21 @@ common-file-setup() { local -a reload_services local -a restart_services reload_systemd=false + # note, i ran chmod -R g-s on the filesystem dirs + # so i could keep permissions of secret files for dir in "$@"; do fs=$dir/filesystem if [[ -e $fs && $user =~ ^iank?$ ]]; then # we dont want t, instead c for checksum. # That way we dont set times on directories. # -a = -rlptgoD - cmd=( s rsync -rclpgoDiSAX --chown=root:root --chmod=g-s + cmd=( s rsync -rclpgoDiSAX --chown=root:root --exclude=/etc/dovecot/users --exclude='/etc/exim4/passwd*' --exclude='/etc/exim4/*.pem' $fs/ / ) echo "${cmd[@]@Q}" + "${cmd[@]}" | tee $tmpf while read -r line; do file="${line:12}" case $file in @@ -147,7 +151,7 @@ common-file-setup() { # A = preserve acls # X = preserve extended attributes # i = itemize - done < <("${cmd[@]}") + done <$tmpf fi if ! $fast && [[ -e $dir/subdir_files ]]; then @@ -232,6 +236,7 @@ case $user in fi for f in /etc/prometheus-{,export-}htpasswd; do if [[ -e $f ]]; then + # note: this is duplicative of the file's own permissions s chmod 640 $f if getent passwd www-data &>/dev/null; then s chown root:www-data $f @@ -254,6 +259,12 @@ case $user in s chown nagios:www-data $f fi fi + f=/var/lib/bitcoind/settings.json + if [[ -e $f ]]; then + if getent passwd bitcoin &>/dev/null; then + s chown bitcoin:bitcoin $f + fi + fi ##### end special extra stuff ##### if ! $fast; then