do not allow gid write access by default, the gid user can still write for now, see #1629

2014-11-21 17:16:53 +00:00 · 2014-11-21 17:16:53 +00:00 · a9ebd14882
parent afd2746bcc
commit a9ebd14882
1 changed files with 3 additions and 3 deletions
--- a/src/fixperms.sh
+++ b/src/fixperms.sh
@ -126,15 +126,15 @@ doone() {
      # Set the file readable only for the AlternC User
      mkdir -p "$REP"
      chown -R $GID:$GID "$REP"
-      chmod 2770 -R "$REP"
+      chmod 2750 -R "$REP"

 #      # Delete existings ACL
 #      # Set the defaults acl on all the files
 #      setfacl -b -k -n -R -m d:g:alterncpanel:rwx -m d:u::rwx -m d:g::rwx -m d:u:$GID:rwx -m d:g:$GID:rwx -m d:o::--- -m d:mask:rwx\
 #                    -Rm   g:alterncpanel:rwx -m u:$GID:rwx -m g:$GID:rwx -m mask:rwx\
 #               "$REP"
-      setfacl -bknR -m d:u:alterncpanel:rwx -m d:g:alterncpanel:rwx -m u:alterncpanel:rwx -m g:alterncpanel:rwx -m d:o::--- -m o::---\
-                    -m d:u:$GID:rwx -m d:g:$GID:rwx -m u:$GID:rwx -m g:$GID:rwx -m d:mask:rwx -m mask:rwx "$REP"
+      setfacl -bknR -m d:u:alterncpanel:rwx -m d:g:alterncpanel:r-x -m u:alterncpanel:rwx -m g:alterncpanel:r-x -m d:o::--- -m o::---\
+                    -m d:u:$GID:rwx -m d:g:$GID:r-x -m u:$GID:rwx -m g:$GID:r-x -m d:mask:rwx -m mask:rwx "$REP"

      fixtmp $GID
      read GID LOGIN || true