Merge pull request #2730 from pvogt09/development

Adds world readable attribute to files created by Pi-hole to circumve…
This commit is contained in:
Mark Drobnak 2019-05-12 15:44:20 -04:00 committed by GitHub
commit d6756eb46b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 87 additions and 29 deletions

View file

@ -92,11 +92,13 @@ PoplistFile() {
# Check whitelist file exists, and if not, create it # Check whitelist file exists, and if not, create it
if [[ ! -f "${whitelist}" ]]; then if [[ ! -f "${whitelist}" ]]; then
touch "${whitelist}" touch "${whitelist}"
chmod 644 "${whitelist}"
fi fi
# Check blacklist file exists, and if not, create it # Check blacklist file exists, and if not, create it
if [[ ! -f "${blacklist}" ]]; then if [[ ! -f "${blacklist}" ]]; then
touch "${blacklist}" touch "${blacklist}"
chmod 644 "${blacklist}"
fi fi
for dom in "${domList[@]}"; do for dom in "${domList[@]}"; do
@ -239,9 +241,10 @@ Displaylist() {
NukeList() { NukeList() {
if [[ -f "${listMain}" ]]; then if [[ -f "${listMain}" ]]; then
# Back up original list # Back up original list
cp "${listMain}" "${listMain}.bck~" cp -p "${listMain}" "${listMain}.bck~"
# Empty out file # Empty out file
echo "" > "${listMain}" echo "" > "${listMain}"
chmod 644 "${listMain}"
fi fi
} }

View file

@ -90,6 +90,7 @@ checkout() {
local path local path
path="development/${binary}" path="development/${binary}"
echo "development" > /etc/pihole/ftlbranch echo "development" > /etc/pihole/ftlbranch
chmod 644 /etc/pihole/ftlbranch
elif [[ "${1}" == "master" ]] ; then elif [[ "${1}" == "master" ]] ; then
# Shortcut to check out master branches # Shortcut to check out master branches
echo -e " ${INFO} Shortcut \"master\" detected - checking out master branches..." echo -e " ${INFO} Shortcut \"master\" detected - checking out master branches..."
@ -104,6 +105,7 @@ checkout() {
local path local path
path="master/${binary}" path="master/${binary}"
echo "master" > /etc/pihole/ftlbranch echo "master" > /etc/pihole/ftlbranch
chmod 644 /etc/pihole/ftlbranch
elif [[ "${1}" == "core" ]] ; then elif [[ "${1}" == "core" ]] ; then
str="Fetching branches from ${piholeGitUrl}" str="Fetching branches from ${piholeGitUrl}"
echo -ne " ${INFO} $str" echo -ne " ${INFO} $str"
@ -166,6 +168,7 @@ checkout() {
if check_download_exists "$path"; then if check_download_exists "$path"; then
echo " ${TICK} Branch ${2} exists" echo " ${TICK} Branch ${2} exists"
echo "${2}" > /etc/pihole/ftlbranch echo "${2}" > /etc/pihole/ftlbranch
chmod 644 /etc/pihole/ftlbranch
FTLinstall "${binary}" FTLinstall "${binary}"
restart_service pihole-FTL restart_service pihole-FTL
enable_service pihole-FTL enable_service pihole-FTL

View file

@ -39,8 +39,9 @@ if [[ "$@" == *"once"* ]]; then
# Note that moving the file is not an option, as # Note that moving the file is not an option, as
# dnsmasq would happily continue writing into the # dnsmasq would happily continue writing into the
# moved file (it will have the same file handler) # moved file (it will have the same file handler)
cp /var/log/pihole.log /var/log/pihole.log.1 cp -p /var/log/pihole.log /var/log/pihole.log.1
echo " " > /var/log/pihole.log echo " " > /var/log/pihole.log
chmod 644 /var/log/pihole.log
fi fi
else else
# Manual flushing # Manual flushing
@ -53,6 +54,7 @@ else
echo " " > /var/log/pihole.log echo " " > /var/log/pihole.log
if [ -f /var/log/pihole.log.1 ]; then if [ -f /var/log/pihole.log.1 ]; then
echo " " > /var/log/pihole.log.1 echo " " > /var/log/pihole.log.1
chmod 644 /var/log/pihole.log.1
fi fi
fi fi
# Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history) # Delete most recent 24 hours from FTL's database, leave even older data intact (don't wipe out all history)

View file

@ -51,6 +51,7 @@ if [[ "$2" == "remote" ]]; then
GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")" GITHUB_CORE_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/pi-hole/releases/latest' 2> /dev/null)")"
echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}" echo -n "${GITHUB_CORE_VERSION}" > "${GITHUB_VERSION_FILE}"
chmod 644 "${GITHUB_VERSION_FILE}"
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")" GITHUB_WEB_VERSION="$(json_extract tag_name "$(curl -s 'https://api.github.com/repos/pi-hole/AdminLTE/releases/latest' 2> /dev/null)")"
@ -66,6 +67,7 @@ else
CORE_BRANCH="$(get_local_branch /etc/.pihole)" CORE_BRANCH="$(get_local_branch /etc/.pihole)"
echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}" echo -n "${CORE_BRANCH}" > "${LOCAL_BRANCH_FILE}"
chmod 644 "${LOCAL_BRANCH_FILE}"
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
WEB_BRANCH="$(get_local_branch /var/www/html/admin)" WEB_BRANCH="$(get_local_branch /var/www/html/admin)"
@ -79,6 +81,7 @@ else
CORE_VERSION="$(get_local_version /etc/.pihole)" CORE_VERSION="$(get_local_version /etc/.pihole)"
echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}" echo -n "${CORE_VERSION}" > "${LOCAL_VERSION_FILE}"
chmod 644 "${LOCAL_VERSION_FILE}"
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
WEB_VERSION="$(get_local_version /var/www/html/admin)" WEB_VERSION="$(get_local_version /var/www/html/admin)"

View file

@ -322,6 +322,7 @@ dhcp-option=option:router,${DHCP_ROUTER}
dhcp-leasefile=/etc/pihole/dhcp.leases dhcp-leasefile=/etc/pihole/dhcp.leases
#quiet-dhcp #quiet-dhcp
" > "${dhcpconfig}" " > "${dhcpconfig}"
chmod 644 "${dhcpconfig}"
if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then if [[ "${PIHOLE_DOMAIN}" != "none" ]]; then
echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}" echo "domain=${PIHOLE_DOMAIN}" >> "${dhcpconfig}"
@ -541,11 +542,13 @@ addAudit()
do do
echo "${var}" >> /etc/pihole/auditlog.list echo "${var}" >> /etc/pihole/auditlog.list
done done
chmod 644 /etc/pihole/auditlog.list
} }
clearAudit() clearAudit()
{ {
echo -n "" > /etc/pihole/auditlog.list echo -n "" > /etc/pihole/auditlog.list
chmod 644 /etc/pihole/auditlog.list
} }
SetPrivacyLevel() { SetPrivacyLevel() {

View file

@ -194,7 +194,7 @@ if is_command apt-get ; then
exit # exit the installer exit # exit the installer
else else
printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}" printf " %b Enabling universe package repository for Ubuntu Bionic\\n" "${INFO}"
cp ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list cp -p ${APT_SOURCES} ${APT_SOURCES}.backup # Backup current repo list
printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup" printf " %b Backed up current configuration to %s\\n" "${TICK}" "${APT_SOURCES}.backup"
add-apt-repository universe add-apt-repository universe
printf " %b Enabled %s\\n" "${TICK}" "'universe' repository" printf " %b Enabled %s\\n" "${TICK}" "'universe' repository"
@ -414,6 +414,8 @@ make_repo() {
fi fi
# Clone the repo and return the return code from this command # Clone the repo and return the return code from this command
git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null || return $? git clone -q --depth 1 "${remoteRepo}" "${directory}" &> /dev/null || return $?
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
# Show a colored message showing it's status # Show a colored message showing it's status
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
# Always return 0? Not sure this is correct # Always return 0? Not sure this is correct
@ -447,6 +449,8 @@ update_repo() {
git pull --quiet &> /dev/null || return $? git pull --quiet &> /dev/null || return $?
# Show a completion message # Show a completion message
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
# Move back into the original directory # Move back into the original directory
cd "${curdir}" &> /dev/null || return 1 cd "${curdir}" &> /dev/null || return 1
return 0 return 0
@ -494,6 +498,8 @@ resetRepo() {
printf " %b %s..." "${INFO}" "${str}" printf " %b %s..." "${INFO}" "${str}"
# Use git to remove the local changes # Use git to remove the local changes
git reset --hard &> /dev/null || return $? git reset --hard &> /dev/null || return $?
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
# And show the status # And show the status
printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}" printf "%b %b %s\\n" "${OVER}" "${TICK}" "${str}"
# Returning success anyway? # Returning success anyway?
@ -847,7 +853,7 @@ setIFCFG() {
# Put the IP in variables without the CIDR notation # Put the IP in variables without the CIDR notation
printf -v CIDR "%s" "${IPV4_ADDRESS##*/}" printf -v CIDR "%s" "${IPV4_ADDRESS##*/}"
# Backup existing interface configuration: # Backup existing interface configuration:
cp "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig cp -p "${IFCFG_FILE}" "${IFCFG_FILE}".pihole.orig
# Build Interface configuration file using the GLOBAL variables we have # Build Interface configuration file using the GLOBAL variables we have
{ {
echo "# Configured via Pi-hole installer" echo "# Configured via Pi-hole installer"
@ -861,6 +867,8 @@ setIFCFG() {
echo "DNS2=$PIHOLE_DNS_2" echo "DNS2=$PIHOLE_DNS_2"
echo "USERCTL=no" echo "USERCTL=no"
}> "${IFCFG_FILE}" }> "${IFCFG_FILE}"
chmod 644 "${IFCFG_FILE}"
chown root:root "${IFCFG_FILE}"
# Use ip to immediately set the new address # Use ip to immediately set the new address
ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}" ip addr replace dev "${PIHOLE_INTERFACE}" "${IPV4_ADDRESS}"
# If NetworkMangler command line interface exists and ready to mangle, # If NetworkMangler command line interface exists and ready to mangle,
@ -1185,6 +1193,7 @@ chooseBlocklists() {
do do
appendToListsFile "${choice}" appendToListsFile "${choice}"
done done
chmod 644 "${adlistFile}"
} }
# Accept a string parameter, it must be one of the default lists # Accept a string parameter, it must be one of the default lists
@ -1241,7 +1250,7 @@ version_check_dnsmasq() {
printf "%b %b Backing up dnsmasq.conf to dnsmasq.conf.orig...\\n" "${OVER}" "${TICK}" printf "%b %b Backing up dnsmasq.conf to dnsmasq.conf.orig...\\n" "${OVER}" "${TICK}"
printf " %b Restoring default dnsmasq.conf..." "${INFO}" printf " %b Restoring default dnsmasq.conf..." "${INFO}"
# and replace it with the default # and replace it with the default
cp ${dnsmasq_original_config} ${dnsmasq_conf} install -D -m 644 -T ${dnsmasq_original_config} ${dnsmasq_conf}
printf "%b %b Restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" printf "%b %b Restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}"
# Otherwise, # Otherwise,
else else
@ -1252,17 +1261,17 @@ version_check_dnsmasq() {
# If a file cannot be found, # If a file cannot be found,
printf " %b No dnsmasq.conf found... restoring default dnsmasq.conf..." "${INFO}" printf " %b No dnsmasq.conf found... restoring default dnsmasq.conf..." "${INFO}"
# restore the default one # restore the default one
cp ${dnsmasq_original_config} ${dnsmasq_conf} install -D -m 644 -T ${dnsmasq_original_config} ${dnsmasq_conf}
printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}" printf "%b %b No dnsmasq.conf found... restoring default dnsmasq.conf...\\n" "${OVER}" "${TICK}"
fi fi
printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}" printf " %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf..." "${INFO}"
# Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency) # Check to see if dnsmasq directory exists (it may not due to being a fresh install and dnsmasq no longer being a dependency)
if [[ ! -d "/etc/dnsmasq.d" ]];then if [[ ! -d "/etc/dnsmasq.d" ]];then
mkdir "/etc/dnsmasq.d" install -d -m 755 "/etc/dnsmasq.d"
fi fi
# Copy the new Pi-hole DNS config file into the dnsmasq.d directory # Copy the new Pi-hole DNS config file into the dnsmasq.d directory
cp ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location} install -D -m 644 -T ${dnsmasq_pihole_01_snippet} ${dnsmasq_pihole_01_location}
printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}" printf "%b %b Copying 01-pihole.conf to /etc/dnsmasq.d/01-pihole.conf\\n" "${OVER}" "${TICK}"
# Replace our placeholder values with the GLOBAL DNS variables that we populated earlier # Replace our placeholder values with the GLOBAL DNS variables that we populated earlier
# First, swap in the interface to listen on # First, swap in the interface to listen on
@ -1360,6 +1369,7 @@ installConfigs() {
# Format: Name;Primary IPv4;Secondary IPv4;Primary IPv6;Secondary IPv6 # Format: Name;Primary IPv4;Secondary IPv4;Primary IPv6;Secondary IPv6
# Some values may be empty (for example: DNS servers without IPv6 support) # Some values may be empty (for example: DNS servers without IPv6 support)
echo "${DNS_SERVERS}" > "${PI_HOLE_CONFIG_DIR}/dns-servers.conf" echo "${DNS_SERVERS}" > "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
chmod 644 "${PI_HOLE_CONFIG_DIR}/dns-servers.conf"
# Install empty file if it does not exist # Install empty file if it does not exist
if [[ ! -r "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then if [[ ! -r "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" ]]; then
@ -1378,19 +1388,18 @@ installConfigs() {
if [[ "${INSTALL_WEB_SERVER}" == true ]]; then if [[ "${INSTALL_WEB_SERVER}" == true ]]; then
# and if the Web server conf directory does not exist, # and if the Web server conf directory does not exist,
if [[ ! -d "/etc/lighttpd" ]]; then if [[ ! -d "/etc/lighttpd" ]]; then
# make it # make it and set the owners
mkdir /etc/lighttpd install -d -m 755 -o "${USER}" -g root /etc/lighttpd
# and set the owners
chown "${USER}":root /etc/lighttpd
# Otherwise, if the config file already exists # Otherwise, if the config file already exists
elif [[ -f "/etc/lighttpd/lighttpd.conf" ]]; then elif [[ -f "/etc/lighttpd/lighttpd.conf" ]]; then
# back up the original # back up the original
mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig mv /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig
fi fi
# and copy in the config file Pi-hole needs # and copy in the config file Pi-hole needs
cp ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/${LIGHTTPD_CFG} /etc/lighttpd/lighttpd.conf
# Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it # Make sure the external.conf file exists, as lighttpd v1.4.50 crashes without it
touch /etc/lighttpd/external.conf touch /etc/lighttpd/external.conf
chmod 644 /etc/lighttpd/external.conf
# if there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config # if there is a custom block page in the html/pihole directory, replace 404 handler in lighttpd config
if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then if [[ -f "${PI_HOLE_BLOCKPAGE_DIR}/custom.php" ]]; then
sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf sed -i 's/^\(server\.error-handler-404\s*=\s*\).*$/\1"pihole\/custom\.php"/' /etc/lighttpd/lighttpd.conf
@ -1421,16 +1430,16 @@ install_manpage() {
fi fi
if [[ ! -d "/usr/local/share/man/man8" ]]; then if [[ ! -d "/usr/local/share/man/man8" ]]; then
# if not present, create man8 directory # if not present, create man8 directory
mkdir /usr/local/share/man/man8 install -d -m 755 /usr/local/share/man/man8
fi fi
if [[ ! -d "/usr/local/share/man/man5" ]]; then if [[ ! -d "/usr/local/share/man/man5" ]]; then
# if not present, create man8 directory # if not present, create man5 directory
mkdir /usr/local/share/man/man5 install -d -m 755 /usr/local/share/man/man5
fi fi
# Testing complete, copy the files & update the man db # Testing complete, copy the files & update the man db
cp ${PI_HOLE_LOCAL_REPO}/manpages/pihole.8 /usr/local/share/man/man8/pihole.8 install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/manpages/pihole.8 /usr/local/share/man/man8/pihole.8
cp ${PI_HOLE_LOCAL_REPO}/manpages/pihole-FTL.8 /usr/local/share/man/man8/pihole-FTL.8 install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/manpages/pihole-FTL.8 /usr/local/share/man/man8/pihole-FTL.8
cp ${PI_HOLE_LOCAL_REPO}/manpages/pihole-FTL.conf.5 /usr/local/share/man/man5/pihole-FTL.conf.5 install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/manpages/pihole-FTL.conf.5 /usr/local/share/man/man5/pihole-FTL.conf.5
if mandb -q &>/dev/null; then if mandb -q &>/dev/null; then
# Updated successfully # Updated successfully
printf "%b %b man pages installed and database updated\\n" "${OVER}" "${TICK}" printf "%b %b man pages installed and database updated\\n" "${OVER}" "${TICK}"
@ -1660,7 +1669,7 @@ installPiholeWeb() {
# Install the directory # Install the directory
install -d -m 0755 ${PI_HOLE_BLOCKPAGE_DIR} install -d -m 0755 ${PI_HOLE_BLOCKPAGE_DIR}
# and the blockpage # and the blockpage
install -D ${PI_HOLE_LOCAL_REPO}/advanced/{index,blockingpage}.* ${PI_HOLE_BLOCKPAGE_DIR}/ install -D -m 644 ${PI_HOLE_LOCAL_REPO}/advanced/{index,blockingpage}.* ${PI_HOLE_BLOCKPAGE_DIR}/
# Remove superseded file # Remove superseded file
if [[ -e "${PI_HOLE_BLOCKPAGE_DIR}/index.js" ]]; then if [[ -e "${PI_HOLE_BLOCKPAGE_DIR}/index.js" ]]; then
@ -1687,7 +1696,7 @@ installPiholeWeb() {
local str="Installing sudoer file" local str="Installing sudoer file"
printf "\\n %b %s..." "${INFO}" "${str}" printf "\\n %b %s..." "${INFO}" "${str}"
# Make the .d directory if it doesn't exist # Make the .d directory if it doesn't exist
mkdir -p /etc/sudoers.d/ install -d -m 755 /etc/sudoers.d/
# and copy in the pihole sudoers file # and copy in the pihole sudoers file
install -m 0640 ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.sudo /etc/sudoers.d/pihole install -m 0640 ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.sudo /etc/sudoers.d/pihole
# Add lighttpd user (OS dependent) to sudoers file # Add lighttpd user (OS dependent) to sudoers file
@ -1710,7 +1719,8 @@ installCron() {
local str="Installing latest Cron script" local str="Installing latest Cron script"
printf "\\n %b %s..." "${INFO}" "${str}" printf "\\n %b %s..." "${INFO}" "${str}"
# Copy the cron file over from the local repo # Copy the cron file over from the local repo
cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.cron /etc/cron.d/pihole # File must not be world or group writeable and must be owned by root
install -D -m 644 -T -o root -g root ${PI_HOLE_LOCAL_REPO}/advanced/Templates/pihole.cron /etc/cron.d/pihole
# Randomize gravity update time # Randomize gravity update time
sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /etc/cron.d/pihole
# Randomize update checker time # Randomize update checker time
@ -1818,6 +1828,7 @@ finalExports() {
echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}" echo "INSTALL_WEB_INTERFACE=${INSTALL_WEB_INTERFACE}"
echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}" echo "LIGHTTPD_ENABLED=${LIGHTTPD_ENABLED}"
}>> "${setupVars}" }>> "${setupVars}"
chmod 644 "${setupVars}"
# Set the privacy level # Set the privacy level
sed -i '/PRIVACYLEVEL/d' "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf" sed -i '/PRIVACYLEVEL/d' "${PI_HOLE_CONFIG_DIR}/pihole-FTL.conf"
@ -1840,7 +1851,7 @@ installLogrotate() {
local str="Installing latest logrotate script" local str="Installing latest logrotate script"
printf "\\n %b %s..." "${INFO}" "${str}" printf "\\n %b %s..." "${INFO}" "${str}"
# Copy the file over from the local repo # Copy the file over from the local repo
cp ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate install -D -m 644 -T ${PI_HOLE_LOCAL_REPO}/advanced/Templates/logrotate /etc/pihole/logrotate
# Different operating systems have different user / group # Different operating systems have different user / group
# settings for logrotate that makes it impossible to create # settings for logrotate that makes it impossible to create
# a static logrotate file that will work with e.g. # a static logrotate file that will work with e.g.
@ -1879,9 +1890,6 @@ accountForRefactor() {
# Install base files and web interface # Install base files and web interface
installPihole() { installPihole() {
# Create the pihole user
create_pihole_user
# If the user wants to install the Web interface, # If the user wants to install the Web interface,
if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then if [[ "${INSTALL_WEB_INTERFACE}" == true ]]; then
if [[ ! -d "${webroot}" ]]; then if [[ ! -d "${webroot}" ]]; then
@ -1893,6 +1901,9 @@ installPihole() {
# Set the owner and permissions # Set the owner and permissions
chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} ${webroot} chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} ${webroot}
chmod 0775 ${webroot} chmod 0775 ${webroot}
# Repair permissions if /var/www/html is not world readable
chmod a+rx /var/www
chmod a+rx /var/www/html
# Give pihole access to the Web server group # Give pihole access to the Web server group
usermod -a -G ${LIGHTTPD_GROUP} pihole usermod -a -G ${LIGHTTPD_GROUP} pihole
# If the lighttpd command is executable, # If the lighttpd command is executable,
@ -2104,6 +2115,8 @@ checkout_pull_branch() {
printf " %b %s" "${INFO}" "$str" printf " %b %s" "${INFO}" "$str"
git checkout "${branch}" --quiet || return 1 git checkout "${branch}" --quiet || return 1
printf "%b %b %s\\n" "${OVER}" "${TICK}" "$str" printf "%b %b %s\\n" "${OVER}" "${TICK}" "$str"
# Data in the repositories is public anyway so we can make it readable by everyone (+r to keep executable permission if already set by git)
chmod -R a+rX "${directory}"
git_pull=$(git pull || return 1) git_pull=$(git pull || return 1)
@ -2200,6 +2213,8 @@ FTLinstall() {
# Before stopping FTL, we download the macvendor database # Before stopping FTL, we download the macvendor database
curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true curl -sSL "https://ftl.pi-hole.net/macvendor.db" -o "${PI_HOLE_CONFIG_DIR}/macvendor.db" || true
chmod 644 "${PI_HOLE_CONFIG_DIR}/macvendor.db"
chown pihole:pihole "${PI_HOLE_CONFIG_DIR}/macvendor.db"
# Stop pihole-FTL service if available # Stop pihole-FTL service if available
stop_service pihole-FTL &> /dev/null stop_service pihole-FTL &> /dev/null
@ -2250,6 +2265,7 @@ disable_dnsmasq() {
fi fi
# Create /etc/dnsmasq.conf # Create /etc/dnsmasq.conf
echo "conf-dir=/etc/dnsmasq.d" > "${conffile}" echo "conf-dir=/etc/dnsmasq.d" > "${conffile}"
chmod 644 "${conffile}"
} }
get_binary_name() { get_binary_name() {
@ -2431,6 +2447,7 @@ copy_to_install_log() {
# Copy the contents of file descriptor 3 into the install log # Copy the contents of file descriptor 3 into the install log
# Since we use color codes such as '\e[1;33m', they should be removed # Since we use color codes such as '\e[1;33m', they should be removed
sed 's/\[[0-9;]\{1,5\}m//g' < /proc/$$/fd/3 > "${installLogLoc}" sed 's/\[[0-9;]\{1,5\}m//g' < /proc/$$/fd/3 > "${installLogLoc}"
chmod 644 "${installLogLoc}"
} }
main() { main() {
@ -2515,7 +2532,7 @@ main() {
# Display welcome dialogs # Display welcome dialogs
welcomeDialogs welcomeDialogs
# Create directory for Pi-hole storage # Create directory for Pi-hole storage
mkdir -p /etc/pihole/ install -d -m 755 /etc/pihole/
# Determine available interfaces # Determine available interfaces
get_available_interfaces get_available_interfaces
# Find interfaces and let the user choose one # Find interfaces and let the user choose one
@ -2571,6 +2588,8 @@ main() {
else else
LIGHTTPD_ENABLED=false LIGHTTPD_ENABLED=false
fi fi
# Create the pihole user
create_pihole_user
# Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole # Check if FTL is installed - do this early on as FTL is a hard dependency for Pi-hole
if ! FTLdetect; then if ! FTLdetect; then
printf " %b FTL Engine not installed\\n" "${CROSS}" printf " %b FTL Engine not installed\\n" "${CROSS}"

View file

@ -153,7 +153,7 @@ removeNoPurge() {
# Restore Resolved # Restore Resolved
if [[ -e /etc/systemd/resolved.conf.orig ]]; then if [[ -e /etc/systemd/resolved.conf.orig ]]; then
${SUDO} cp /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf ${SUDO} cp -p /etc/systemd/resolved.conf.orig /etc/systemd/resolved.conf
systemctl reload-or-restart systemd-resolved systemctl reload-or-restart systemd-resolved
fi fi

View file

@ -345,6 +345,7 @@ gravity_ParseFileIntoDomains() {
sed -r '/(\/|#).*$/d' | \ sed -r '/(\/|#).*$/d' | \
sed -r 's/^.*\s+//g' | \ sed -r 's/^.*\s+//g' | \
sed -r '/([^\.]+\.)+[^\.]{2,}/!d' > "${destination}" sed -r '/([^\.]+\.)+[^\.]{2,}/!d' > "${destination}"
chmod 644 "${destination}"
return 0 return 0
fi fi
@ -375,6 +376,7 @@ gravity_ParseFileIntoDomains() {
if($0 ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) { $0="" } if($0 ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) { $0="" }
if($0) { print $0 } if($0) { print $0 }
}' "${source}" > "${destination}" }' "${source}" > "${destination}"
chmod 644 "${destination}"
# Determine if there are Adblock exception rules # Determine if there are Adblock exception rules
# https://adblockplus.org/filters # https://adblockplus.org/filters
@ -392,6 +394,7 @@ gravity_ParseFileIntoDomains() {
# Remove exceptions # Remove exceptions
comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}" comm -23 "${destination}" <(sort "${destination}.exceptionsFile.tmp") > "${source}"
mv "${source}" "${destination}" mv "${source}" "${destination}"
chmod 644 "${destination}"
fi fi
echo -e "${OVER} ${TICK} Format: Adblock" echo -e "${OVER} ${TICK} Format: Adblock"
@ -415,11 +418,13 @@ gravity_ParseFileIntoDomains() {
# Print if nonempty # Print if nonempty
length { print } length { print }
' "${source}" 2> /dev/null > "${destination}" ' "${source}" 2> /dev/null > "${destination}"
chmod 644 "${destination}"
echo -e "${OVER} ${TICK} Format: URL" echo -e "${OVER} ${TICK} Format: URL"
else else
# Default: Keep hosts/domains file in same format as it was downloaded # Default: Keep hosts/domains file in same format as it was downloaded
output=$( { mv "${source}" "${destination}"; } 2>&1 ) output=$( { mv "${source}" "${destination}"; } 2>&1 )
chmod 644 "${destination}"
if [[ ! -e "${destination}" ]]; then if [[ ! -e "${destination}" ]]; then
echo -e "\\n ${CROSS} Unable to move tmp file to ${piholeDir} echo -e "\\n ${CROSS} Unable to move tmp file to ${piholeDir}
@ -440,6 +445,7 @@ gravity_ConsolidateDownloadedBlocklists() {
# Empty $matterAndLight if it already exists, otherwise, create it # Empty $matterAndLight if it already exists, otherwise, create it
: > "${piholeDir}/${matterAndLight}" : > "${piholeDir}/${matterAndLight}"
chmod 644 "${piholeDir}/${matterAndLight}"
# Loop through each *.domains file # Loop through each *.domains file
for i in "${activeDomains[@]}"; do for i in "${activeDomains[@]}"; do
@ -485,6 +491,7 @@ gravity_SortAndFilterConsolidatedList() {
fi fi
sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}" sort -u "${piholeDir}/${parsedMatter}" > "${piholeDir}/${preEventHorizon}"
chmod 644 "${piholeDir}/${preEventHorizon}"
if [[ "${haveSourceUrls}" == true ]]; then if [[ "${haveSourceUrls}" == true ]]; then
echo -e "${OVER} ${TICK} ${str}" echo -e "${OVER} ${TICK} ${str}"
@ -509,6 +516,7 @@ gravity_Whitelist() {
# Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile # Print everything from preEventHorizon into whitelistMatter EXCEPT domains in $whitelistFile
comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}" comm -23 "${piholeDir}/${preEventHorizon}" <(sort "${whitelistFile}") > "${piholeDir}/${whitelistMatter}"
chmod 644 "${piholeDir}/${whitelistMatter}"
echo -e "${OVER} ${INFO} ${str}" echo -e "${OVER} ${INFO} ${str}"
} }
@ -561,6 +569,7 @@ gravity_ParseLocalDomains() {
# Empty $localList if it already exists, otherwise, create it # Empty $localList if it already exists, otherwise, create it
: > "${localList}" : > "${localList}"
chmod 644 "${localList}"
gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}" gravity_ParseDomainsIntoHosts "${localList}.tmp" "${localList}"
@ -581,8 +590,9 @@ gravity_ParseBlacklistDomains() {
mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}" mv "${piholeDir}/${whitelistMatter}" "${piholeDir}/${accretionDisc}"
else else
# There was no whitelist file, so use preEventHorizon instead of whitelistMatter. # There was no whitelist file, so use preEventHorizon instead of whitelistMatter.
cp "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}" cp -p "${piholeDir}/${preEventHorizon}" "${piholeDir}/${accretionDisc}"
fi fi
chmod 644 "${piholeDir}/${accretionDisc}"
# Move the file over as /etc/pihole/gravity.list so dnsmasq can use it # Move the file over as /etc/pihole/gravity.list so dnsmasq can use it
output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 ) output=$( { mv "${piholeDir}/${accretionDisc}" "${adList}"; } 2>&1 )
@ -592,6 +602,7 @@ gravity_ParseBlacklistDomains() {
echo -e "\\n ${CROSS} Unable to move ${accretionDisc} from ${piholeDir}\\n ${output}" echo -e "\\n ${CROSS} Unable to move ${accretionDisc} from ${piholeDir}\\n ${output}"
gravity_Cleanup "error" gravity_Cleanup "error"
fi fi
chmod 644 "${adList}"
} }
# Create user-added blacklist entries # Create user-added blacklist entries
@ -602,6 +613,7 @@ gravity_ParseUserDomains() {
# Copy the file over as /etc/pihole/black.list so dnsmasq can use it # Copy the file over as /etc/pihole/black.list so dnsmasq can use it
cp "${blacklistFile}" "${blackList}" 2> /dev/null || \ cp "${blacklistFile}" "${blackList}" 2> /dev/null || \
echo -e "\\n ${CROSS} Unable to move ${blacklistFile##*/} to ${piholeDir}" echo -e "\\n ${CROSS} Unable to move ${blacklistFile##*/} to ${piholeDir}"
chmod 644 "${blackList}"
} }
# Trap Ctrl-C # Trap Ctrl-C

4
pihole
View file

@ -151,10 +151,12 @@ Time:
if [[ -e "${gravitylist}" ]]; then if [[ -e "${gravitylist}" ]]; then
mv "${gravitylist}" "${gravitylist}.bck" mv "${gravitylist}" "${gravitylist}.bck"
echo "" > "${gravitylist}" echo "" > "${gravitylist}"
chmod 644 "${gravitylist}"
fi fi
if [[ -e "${blacklist}" ]]; then if [[ -e "${blacklist}" ]]; then
mv "${blacklist}" "${blacklist}.bck" mv "${blacklist}" "${blacklist}.bck"
echo "" > "${blacklist}" echo "" > "${blacklist}"
chmod 644 "${blacklist}"
fi fi
if [[ $# > 1 ]]; then if [[ $# > 1 ]]; then
local error=false local error=false
@ -206,9 +208,11 @@ Time:
if [[ -e "${gravitylist}.bck" ]]; then if [[ -e "${gravitylist}.bck" ]]; then
mv "${gravitylist}.bck" "${gravitylist}" mv "${gravitylist}.bck" "${gravitylist}"
chmod 644 "${gravitylist}"
fi fi
if [[ -e "${blacklist}.bck" ]]; then if [[ -e "${blacklist}.bck" ]]; then
mv "${blacklist}.bck" "${blacklist}" mv "${blacklist}.bck" "${blacklist}"
chmod 644 "${blacklist}"
fi fi
sed -i "/BLOCKING_ENABLED=/d" "${setupVars}" sed -i "/BLOCKING_ENABLED=/d" "${setupVars}"
echo "BLOCKING_ENABLED=true" >> "${setupVars}" echo "BLOCKING_ENABLED=true" >> "${setupVars}"

View file

@ -398,6 +398,7 @@ def test_FTL_detect_aarch64_no_errors(Pihole):
) )
detectPlatform = Pihole.run(''' detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLdetect FTLdetect
''') ''')
expected_stdout = info_box + ' FTL Checks...' expected_stdout = info_box + ' FTL Checks...'
@ -418,6 +419,7 @@ def test_FTL_detect_armv6l_no_errors(Pihole):
mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
detectPlatform = Pihole.run(''' detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLdetect FTLdetect
''') ''')
expected_stdout = info_box + ' FTL Checks...' expected_stdout = info_box + ' FTL Checks...'
@ -439,6 +441,7 @@ def test_FTL_detect_armv7l_no_errors(Pihole):
mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole) mock_command('ldd', {'/bin/ls': ('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
detectPlatform = Pihole.run(''' detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLdetect FTLdetect
''') ''')
expected_stdout = info_box + ' FTL Checks...' expected_stdout = info_box + ' FTL Checks...'
@ -455,6 +458,7 @@ def test_FTL_detect_x86_64_no_errors(Pihole):
''' '''
detectPlatform = Pihole.run(''' detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLdetect FTLdetect
''') ''')
expected_stdout = info_box + ' FTL Checks...' expected_stdout = info_box + ' FTL Checks...'
@ -471,6 +475,7 @@ def test_FTL_detect_unknown_no_errors(Pihole):
mock_command('uname', {'-m': ('mips', '0')}, Pihole) mock_command('uname', {'-m': ('mips', '0')}, Pihole)
detectPlatform = Pihole.run(''' detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLdetect FTLdetect
''') ''')
expected_stdout = 'Not able to detect architecture (unknown: mips)' expected_stdout = 'Not able to detect architecture (unknown: mips)'
@ -484,6 +489,7 @@ def test_FTL_download_aarch64_no_errors(Pihole):
download_binary = Pihole.run(''' download_binary = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
binary="pihole-FTL-aarch64-linux-gnu" binary="pihole-FTL-aarch64-linux-gnu"
create_pihole_user
FTLinstall FTLinstall
''') ''')
expected_stdout = tick_box + ' Downloading and Installing FTL' expected_stdout = tick_box + ' Downloading and Installing FTL'
@ -498,6 +504,7 @@ def test_FTL_download_unknown_fails_no_errors(Pihole):
download_binary = Pihole.run(''' download_binary = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
binary="pihole-FTL-mips" binary="pihole-FTL-mips"
create_pihole_user
FTLinstall FTLinstall
''') ''')
expected_stdout = cross_box + ' Downloading and Installing FTL' expected_stdout = cross_box + ' Downloading and Installing FTL'
@ -514,6 +521,7 @@ def test_FTL_download_binary_unset_no_errors(Pihole):
''' '''
download_binary = Pihole.run(''' download_binary = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLinstall FTLinstall
''') ''')
expected_stdout = cross_box + ' Downloading and Installing FTL' expected_stdout = cross_box + ' Downloading and Installing FTL'
@ -530,6 +538,7 @@ def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
''' '''
installed_binary = Pihole.run(''' installed_binary = Pihole.run('''
source /opt/pihole/basic-install.sh source /opt/pihole/basic-install.sh
create_pihole_user
FTLdetect FTLdetect
pihole-FTL version pihole-FTL version
''') ''')