permissions

Always check root when logname user is different!
2023-09-27 16:42:18 -07:00 · 2023-09-27 16:42:18 -07:00 · 438bf832bb
commit 438bf832bb
parent 5f9ebaecc1
2 changed files with 12 additions and 0 deletions
--- a/lib/verify
+++ b/lib/verify
@ -1160,6 +1160,11 @@ if [[ -z $critical_mode ]]; then
 			local ver_check_dir="/var/www"
 			local ver_check_user="www-data"
 			local ver_count_ssh=2
+		# Always check root when logname user is different!
+		elif [[ $ver_count_ssh == 2 && $CURRENT_HOME != "/root" ]]; then
+			local ver_check_dir="/root"
+			local ver_check_user="root"
+			local ver_count_ssh=3
 		else
 			break
 		fi
--- a/lib/webin
+++ b/lib/webin
@ -414,6 +414,13 @@ fix_permissions() {
 		sudo find $CURRENT_HOME/.ssh -path "$CURRENT_HOME/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
 		sudo chown -R ${CURRENT_USER}:${CURRENT_USER} $CURRENT_HOME/.ssh
 	fi
+	# Always check root when logname user is different!
+	if [[ $CURRENT_HOME != "/root" && -d /root/.ssh ]]; then
+		sudo find /root/.ssh -type d -print0 | sudo xargs -r -0 chmod 700
+		sudo find /root/.ssh ! -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 600
+		sudo find /root/.ssh -path "/root/.ssh/*.pub" -type f -print0 | sudo xargs -r -0 chmod 644
+		sudo chown -R root:root /root/.ssh
+	fi
 	
 	sudo chown -R www-data:www-data /var/www
 	[[ $(conf_read login-www-data) == "true" ]] && sudo chown root:root /var/www