feat: force attr for log/ini files

- based for systemd service with inotify; - group and permissions can be set in kf2-srv.conf; - bot password in separate conf with no permissions for others.
2020-07-12 04:38:39 +03:00
parent 848ea7d726
commit 4b05ded66c
8 changed files with 42 additions and 9 deletions
--- a/SOURCES/bot.conf
+++ b/SOURCES/bot.conf
@ -0,0 +1,4 @@
+# Bot default password
+# To change the password for the bot, you must do this here and in WebAdmin.
+# Otherwise, the bot will stop working and some actions cannot be done on running servers
+ServerBotPassword=VerySecretBotPassword
--- a/SOURCES/kf2-srv
+++ b/SOURCES/kf2-srv
@ -26,10 +26,11 @@ declare -A MutNames

 source /etc/steamcmd/steamcmd.conf
 source /etc/kf2-srv/kf2-srv.conf
+source /etc/kf2-srv/bot.conf

 ScriptFullname=$(readlink -e "$0")
 ScriptName=$(echo "$ScriptFullname" | awk -F '/' '{print $NF;}')
-readonly ScriptVersion="0.11.1"
+readonly ScriptVersion="0.12.0"

 # Constants. Don't change.
 readonly AppServerNum="232130"
--- a/SOURCES/kf2-srv-beta@.service
+++ b/SOURCES/kf2-srv-beta@.service
@ -1,5 +1,6 @@
 [Unit]
 Description=Killing Floor 2 Beta Server Daemon - %i
+After=kf2-srv-force-attr.service
 After=network-online.target
 Wants=network-online.target

--- a/SOURCES/kf2-srv-force-attr.service
+++ b/SOURCES/kf2-srv-force-attr.service
@ -0,0 +1,19 @@
+[Unit]
+Description=kf2-srv force attr service
+
+[Service]
+Type=simple
+StandardOutput=null
+StandardError=null
+EnvironmentFile=/etc/kf2-srv/kf2-srv.conf
+ExecStart=/bin/bash -c 'declare -a DiffNames WaveNames; declare -A ModeNames MutNames; source /etc/kf2-srv/kf2-srv.conf; /usr/bin/inotifywait -qmr -e create -e moved_to --format %w%f /var/log/kf2-srv /var/log/kf2-srv-beta /etc/kf2-srv/instances /etc/kf2-srv/instances-beta | while read File; do if echo "${File}" | grep -Piq "\.log$"; then chmod "${ForceLogPermissions}" "${File}"; chown :"${ForceLogGroup}" "${File}"; elif echo "${File}" | grep -Piq "\.ini$"; then chmod "${ForceIniPermissions}" "${File}"; chown :"${ForceIniGroup}" "${File}"; fi; done'
+Restart=always
+
+NoNewPrivileges=yes
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=true
+
+[Install]
+WantedBy=multi-user.target
--- a/SOURCES/kf2-srv.conf
+++ b/SOURCES/kf2-srv.conf
@ -3,7 +3,7 @@
 DiffNames=('Normal' 'Hard' 'Suicide' 'Hell')

 # Displays the number of waves
-# You can rename them as you like
+# You can rename them as you like (e.g. 'short' 'medium' 'long')
 WaveNames=('4' '7' '10')

 # Add custom gamemodes to the end of the list, similar to what is already there:
@ -16,7 +16,9 @@ ModeNames['KFGameContent.KFGameInfo_VersusSurvival']='Versus'
 # Add mutators to the end of the list, similar to what is already there:
 MutNames['ServerExtMut.ServerExtMut']='RPG'

-# Bot default password
-# To change the password for the bot, you must do this here and in WebAdmin.
-# Otherwise, the bot will stop working and some actions cannot be done on running servers
-ServerBotPassword=VerySecretBotPassword
+# These parameters works only if "kf2-srv-force-attr.service" is active
+ForceIniPermissions=644
+ForceLogPermissions=640
+ForceIniGroup=steam
+ForceLogGroup=steam
+
--- a/SOURCES/kf2-srv@.service
+++ b/SOURCES/kf2-srv@.service
@ -1,5 +1,6 @@
 [Unit]
 Description=Killing Floor 2 Server Daemon - %i
+After=kf2-srv-force-attr.service
 After=network-online.target
 Wants=network-online.target