From 8265d25d8833999bc01fd801764e77f3ff5aef7f Mon Sep 17 00:00:00 2001 From: Daniel Markstedt Date: Thu, 28 Jul 2022 22:48:18 -0700 Subject: [PATCH] Create the secret file in .config/rascsi instead. Plus some added code comments, and removing a superfluous sudo -v. --- easyinstall.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/easyinstall.sh b/easyinstall.sh index a0604dd9..58940e19 100755 --- a/easyinstall.sh +++ b/easyinstall.sh @@ -89,9 +89,10 @@ function compileRaScsi() { echo "Compiling with ${CORES:-1} simultaneous cores..." make clean "$HOME/.rascsi_secret" - sudo chown root:root "$HOME/.rascsi_secret" - sudo chmod 600 "$HOME/.rascsi_secret" + if [ -f "$SECRET_FILE" ]; then + sudo rm "$SECRET_FILE" + echo "Removed old RaSCSI token file" + fi + echo "$TOKEN" > "$SECRET_FILE" + + # Make the secret file owned and only readable by root + sudo chown root:root "$SECRET_FILE" + sudo chmod 600 "$SECRET_FILE" echo "" - echo "Configured RaSCSI to use $HOME/.rascsi_secret for authentication. This file is readable by root only." + echo "Configured RaSCSI to use $SECRET_FILE for authentication. This file is readable by root only." echo "Make note of your password: you will need it to use rasctl and other RaSCSI clients." fi } @@ -242,8 +251,7 @@ function configureTokenAuth() { # Modifies and installs the rascsi service function enableRaScsiService() { if [ ! -z "$TOKEN" ]; then - sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH -P $HOME/.rascsi_secret@" "$SYSTEMD_PATH/rascsi.service" - sudo chmod 600 "$SYSTEMD_PATH/rascsi.service" + sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service" else sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH@" "$SYSTEMD_PATH/rascsi.service" fi @@ -264,6 +272,7 @@ function installWebInterfaceService() { echo "$TOKEN" if [ ! -z "$TOKEN" ]; then sudo sed -i "8 i ExecStart=$WEB_INSTALL_PATH/start.sh --password=$TOKEN" "$SYSTEMD_PATH/rascsi-web.service" + # Make the service file readable by root only, to protect the token string sudo chmod 600 "$SYSTEMD_PATH/rascsi-web.service" echo "Granted access to the Web Interface with the token password that you configured for RaSCSI." else @@ -932,6 +941,7 @@ function installRaScsiScreen() { sudo sed -i /^ExecStart=/d "$SYSTEMD_PATH/rascsi-oled.service" if [ ! -z "$TOKEN" ]; then sudo sed -i "8 i ExecStart=$OLED_INSTALL_PATH/start.sh --rotation=$ROTATION --height=$SCREEN_HEIGHT --password=$TOKEN" "$SYSTEMD_PATH/rascsi-oled.service" + # Make the service file readable by root only, to protect the token string sudo chmod 600 "$SYSTEMD_PATH/rascsi-oled.service" echo "Granted access to the OLED Monitor with the password that you configured for RaSCSI." else