From 531490397da3e23695de41b59dd918dc404520b0 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 25 Nov 2024 12:33:26 +0100 Subject: [PATCH] When new domains are added to gravity and users run the first time gravity in the terminal (not via web), the list.123.abc.com file is created as root and stays like that. This causes issues down the line when users later try to run gravity from the web interface where we do not have root capabilities. This commit checks for write permissions and suggests what to do on error. It always ensures ownership and permissions are correct Signed-off-by: DL6ER --- gravity.sh | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/gravity.sh b/gravity.sh index 40023381..aebc58cb 100755 --- a/gravity.sh +++ b/gravity.sh @@ -59,14 +59,24 @@ gravityTEMPfile="${GRAVITYDB}_temp" gravityDIR="$(dirname -- "${gravityDBfile}")" gravityOLDfile="${gravityDIR}/gravity_old.db" +fix_owner_permissions() { + # Fix ownership and permissions for the specified file + # User and group are set to pihole:pihole + # Permissions are set to 664 (rw-rw-r--) + chown pihole:pihole "${1}" + chmod 664 "${1}" + + # Ensure the containing directory is group writable + chmod g+w "$(dirname -- "${1}")" +} + # Generate new SQLite3 file from schema template generate_gravity_database() { if ! pihole-FTL sqlite3 -ni "${gravityDBfile}" <"${gravityDBschema}"; then echo -e " ${CROSS} Unable to create ${gravityDBfile}" return 1 fi - chown pihole:pihole "${gravityDBfile}" - chmod g+w "${piholeDir}" "${gravityDBfile}" + fix_owner_permissions "${gravityDBfile}" } # Build gravity tree @@ -413,6 +423,19 @@ gravity_DownloadBlocklists() { saveLocation="${piholeDir}/list.${id}.${domain}.${domainsExtension}" activeDomains[$i]="${saveLocation}" + # Check if we can write to the save location file + if ! touch "${saveLocation}" 2>/dev/null; then + echo -e " ${CROSS} Unable to write to ${saveLocation}" + echo " Please run pihole -g as root" + echo "" + continue + fi + + # Chown the file to the pihole user + # This is necessary for the FTL to be able to update the file + # when gravity is run from the web interface + fix_owner_permissions "${saveLocation}" + echo -e " ${INFO} Target: ${url}" local regex check_url # Check for characters NOT allowed in URLs @@ -996,8 +1019,7 @@ fi update_gravity_timestamp # Ensure proper permissions are set for the database -chown pihole:pihole "${gravityTEMPfile}" -chmod g+w "${piholeDir}" "${gravityTEMPfile}" +fix_owner_permissions "${gravityTEMPfile}" # Build the tree timeit gravity_build_tree