summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-hooks/04-change-gids-and-uids
blob: f6fde3998024b9e659b69fe7cd64239c85d36174 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/sh

set -e

# Free the fixed GIDs and UIDs we're using.

echo "Change GIDs and UIDs"

TPS_GROUP_STEALER=$(getent group 122 | awk -F ':' '{print $1}')
if [ -n "$TPS_GROUP_STEALER" ]; then
   groupmod --gid 150 "$TPS_GROUP_STEALER"
   find / -wholename /proc -prune -o \( \! -type l -a -gid 122 -exec chgrp 150 '{}' \; \)
fi

TPS_USER_STEALER=$(getent passwd 115 | awk -F ':' '{print $1}')
if [ -n "$TPS_USER_STEALER" ]; then
   usermod --uid 150 "$TPS_USER_STEALER"
   find / -wholename /proc -prune -o \( \! -type l -a -uid 115 -exec chown 150 '{}' \; \)
fi

TOR_NEW_GID=114
TOR_OLD_GID=$(getent passwd debian-tor | awk -F ':' '{print $4}')

if [ "$TOR_NEW_GID" != "$TOR_OLD_GID" ]; then
    echo "Changing debian-tor GID from $TOR_OLD_GID to $TOR_NEW_GID "
    TOR_GROUP_STEALER=$(getent group "$TOR_NEW_GID" | awk -F ':' '{print $1}')
    if [ -n "$TOR_GROUP_STEALER" ]; then
        echo "debian-tor GID is occupied by $TOR_GROUP_STEALER"
        groupmod --gid 151 "$TOR_GROUP_STEALER"
        # Change the GID of the files belonging to the stealer
        find / -wholename /proc -prune -o \( \! -type l -a -gid "$TOR_NEW_GID" -exec chgrp 151 '{}' \; \)
    fi
    groupmod --gid "$TOR_NEW_GID" debian-tor
    # Change the GID of the files belonging to debian-tor
    find / -wholename /proc -prune -o \( \! -type l -a -gid "$TOR_OLD_GID" -exec chgrp "$TOR_NEW_GID" '{}' \; \)
fi

TOR_NEW_UID=107
TOR_OLD_UID=$(getent passwd debian-tor | awk -F ':' '{print $3}')

if [ "$TOR_NEW_UID" != "$TOR_OLD_UID" ]; then
    echo "Changing debian-tor UID from $TOR_OLD_UID to $TOR_NEW_UID"
    TOR_USER_STEALER=$(getent passwd "$TOR_NEW_UID" | awk -F ':' '{print $1}')
    if [ -n "$TOR_USER_STEALER" ]; then
        echo "debian-tor UID is occupied by $TOR_USER_STEALER"
        usermod --uid 151 "$TOR_USER_STEALER"
        # Change the UID of the files belonging to the stealer
        find / -wholename /proc -prune -o \( \! -type l -a -uid "$TOR_NEW_UID" -exec chown 151 '{}' \; \)
    fi
    usermod --uid "$TOR_NEW_UID" debian-tor
    # Change the UID of the files belonging to debian-tor
    find / -wholename /proc -prune -o \( \! -type l -a -uid "$TOR_OLD_UID" -exec chown "$TOR_NEW_UID" '{}' \; \)
fi