update-ipblocklists: Fix loading new blocklists after update

* The script needs to run with root permissions in order to do the ipset operations. So remove code to drop the permissions on startup. * Adjust execute calls to use the proper functions from general functions. * Add some code to set the correct ownership (nobody:nobody) for changed files during script runtime. Fixes #13072. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
2026-04-28 11:43:25 +02:00 · 2023-03-28 18:05:42 +02:00
parent a84b9ed2fe
commit 41d3d33dde
2 changed files with 39 additions and 16 deletions
--- a/config/cfgroot/ipblocklist-functions.pl
+++ b/config/cfgroot/ipblocklist-functions.pl
@@ -383,4 +383,31 @@ sub get_holdoff_rate($) {
 	return $value;
 }

+#
+## sub set_ownership(file)
+##
+## Function to set the correct ownership (nobody:nobody) to a given file.
+##
+#
+sub set_ownership($) {
+	my ($file) = @_;
+
+	# User and group of the WUI.
+	my $uname = "nobody";
+	my $grname = "nobody";
+
+	# The chown function implemented in perl requies the user and group as nummeric id's.
+	my $uid = getpwnam($uname);
+	my $gid = getgrnam($grname);
+
+	# Check if the given file exists.
+	unless ($file) {
+		# Stop the script and print error message.
+		die "The given $file does not exist. Cannot change the ownership!\n";
+	}
+
+	# Change ownership of the file.
+	chown($uid, $gid, "$file");
+}
+
 1;