From ae636232334dd2015500614526dfd104e88f96b0 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Tue, 29 Jul 2025 12:24:58 +0200 Subject: [PATCH] system: better wwwonly bootstrap This also has an issue with the post-update rc.syshook if the wwwonly is not found. But: after a boot it is ensured and should not be missing thereafter. The package post-install would ensure it previously, but we don't want to also chain the php bootstrap through this just to get the call stack in the right order. May need further adjusting but also no need to rush this into a stable release at the moment. --- +POST_INSTALL | 26 -------------------- +PRE_DEINSTALL | 4 ---- Makefile | 2 -- src/etc/rc.subr.d/php | 29 +++++++++++++++++++---- src/etc/rc.subr.d/{recover.in => recover} | 4 ---- src/sbin/opnsense-version | 2 +- 6 files changed, 25 insertions(+), 42 deletions(-) rename src/etc/rc.subr.d/{recover.in => recover} (98%) diff --git a/+POST_INSTALL b/+POST_INSTALL index 4edcfb526a..d5ee43f9c4 100644 --- a/+POST_INSTALL +++ b/+POST_INSTALL @@ -1,29 +1,3 @@ -PW=/usr/sbin/pw -USER=%%CORE_USER%% -GROUP=%%CORE_GROUP%% -UID=%%CORE_UID%% -GID=%%CORE_GID%% - -PW_ARG=add -if ${PW} groupshow ${GROUP} >/dev/null 2>&1; then - PW_ARG=mod -fi - -echo "Creating group '${GROUP}' with gid '${GID}'" -${PW} group${PW_ARG} ${GROUP} -g ${GID} - -PW_ARG=add -if ${PW} usershow ${USER} >/dev/null 2>&1; then - PW_ARG=mod -fi - -echo "Creating user '${USER}' with uid '${UID}'" -${PW} user${PW_ARG} ${USER} -u ${UID} -g ${GID} -c "World Wide Web Only" -d /nonexistent -s /usr/sbin/nologin - -if [ -n "${CORE_USER_GROUP_ONLY}" ]; then - exit 0 -fi - echo "Updating /etc/shells" cp /etc/shells /etc/shells.bak (grep -v /usr/local/sbin/opnsense-shell /etc/shells.bak; \ diff --git a/+PRE_DEINSTALL b/+PRE_DEINSTALL index 7fb7536aaa..71483468a4 100644 --- a/+PRE_DEINSTALL +++ b/+PRE_DEINSTALL @@ -1,7 +1,3 @@ -if [ -n "${CORE_USER_GROUP_ONLY}" ]; then - exit 0 -fi - /usr/local/etc/rc.d/configd stop echo "Resetting root shell" diff --git a/Makefile b/Makefile index 3fcfb57edc..58f6cd2f90 100644 --- a/Makefile +++ b/Makefile @@ -253,8 +253,6 @@ manifest: @echo "comment: \"${CORE_COMMENT}\"" @echo "desc: \"${CORE_HASH}\"" @echo "maintainer: \"${CORE_MAINTAINER}\"" - @echo "users: [ \"${CORE_USER}\" ]" - @echo "groups: [ \"${CORE_GROUP}\" ]" @echo "www: \"${CORE_WWW}\"" @echo "message: \"${CORE_MESSAGE}\"" @echo "categories: [ \"sysutils\", \"www\" ]" diff --git a/src/etc/rc.subr.d/php b/src/etc/rc.subr.d/php index cda47d14e4..2af2e45a93 100755 --- a/src/etc/rc.subr.d/php +++ b/src/etc/rc.subr.d/php @@ -25,11 +25,30 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. -# XXX Eventually we could try to ensure the user from here as it would -# avoid our bootstrap worries regarding using a predefined non-root user -# that does not even exist on the system which can prevent the GUI from -# starting or changing ownership staying root. -OWNER="$(opnsense-version -R CORE_USER):wheel" +OWNERSHIP=$(opnsense-version -R 'CORE_GROUP=CORE_GID:CORE_USER=CORE_UID') +OWNERGRP=${OWNERSHIP%:*} +OWNERUSR=${OWNERSHIP##*:} + +PW=/usr/sbin/pw +GROUP=${OWNERGRP%=*} +GID=${OWNERGRP##*=} +USER=${OWNERUSR%=*} +UID=${OWNERUSR##*=} +OWNER="${USER}:wheel" + +PW_ARG=add +if ${PW} groupshow ${GROUP} >/dev/null 2>&1; then + PW_ARG=mod +fi + +${PW} group${PW_ARG} ${GROUP} -g ${GID} + +PW_ARG=add +if ${PW} usershow ${USER} >/dev/null 2>&1; then + PW_ARG=mod +fi + +${PW} user${PW_ARG} ${USER} -u ${UID} -g ${GID} -c "World Wide Web Only" -d /nonexistent -s /usr/sbin/nologin # set up required output directories for various PHP components for PHPDIR in cache sessions tmp; do diff --git a/src/etc/rc.subr.d/recover.in b/src/etc/rc.subr.d/recover similarity index 98% rename from src/etc/rc.subr.d/recover.in rename to src/etc/rc.subr.d/recover index 906ac26609..561c4233be 100755 --- a/src/etc/rc.subr.d/recover.in +++ b/src/etc/rc.subr.d/recover @@ -63,7 +63,6 @@ www:*:80: u2f:*:116: ntpd:*:123: _ypldap:*:160: -%%CORE_GROUP%%:*:%%CORE_GID%%: hast:*:845: tests:*:977: nogroup:*:65533: @@ -97,7 +96,6 @@ auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologi www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin ntpd:*:123:123::0:0:NTP Daemon:/var/db/ntp:/usr/sbin/nologin _ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin -%%CORE_USER%%:*:%%CORE_UID%%:%%CORE_GID%%::0:0:World Wide Web Only:/nonexistent:/usr/sbin/nologin hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin tests:*:977:977::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin @@ -234,8 +232,6 @@ function recover_ports() $tempfile = fopen($tempname, 'w'); $luacount = 0; - putenv('CORE_USER_GROUP_ONLY=yes'); - foreach ($pkgs as $pkg) { $raw = exec('/usr/local/sbin/pkg-static info --raw --raw-format json-compact ' . $pkg); $info = json_decode($raw, true); diff --git a/src/sbin/opnsense-version b/src/sbin/opnsense-version index e4e09c3ff9..3ef306aecd 100755 --- a/src/sbin/opnsense-version +++ b/src/sbin/opnsense-version @@ -143,7 +143,7 @@ if [ -n "${DO_RAW}" ]; then exit 0 fi - OUTPUT=$(echo "${FILE}" | sed -e 's=\([A-Z][A-Z_]*\)=$\1=g') + OUTPUT=$(echo "${FILE}" | sed -e 's=\(CORE_[A-Z_]*\)=${\1}=g' -e 's=\(PLUGIN_[A-Z_]*\)=${\1}=g') TARGET=nop fi