Fix permissions

This commit is contained in:
Miraty 2020-10-31 22:01:13 +01:00
parent ef1913c51c
commit a72232e5c8
5 changed files with 45 additions and 23 deletions

View File

@ -53,10 +53,10 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
ynh_script_progression --message="Backing up php-fpm configuration..." ynh_script_progression --message="Backing up php-fpm configuration..."
ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" ynh_backup --src_path="/etc/php/7.3/fpm/pool.d/$app.conf"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last

View File

@ -134,9 +134,14 @@ ynh_add_fpm_config
### that really need such authorization. ### that really need such authorization.
# Set permissions to app files # Set permissions to app files
chown -R root:$app $final_path chown -R root: $final_path
chmod -R 750 $final_path find $final_path -type f | xargs chmod 644
chmod -R 770 $final_path/temp find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT

View File

@ -47,6 +47,8 @@ ynh_script_progression --message="Removing php-fpm configuration..."
# Remove the dedicated php-fpm config # Remove the dedicated php-fpm config
ynh_remove_fpm_config ynh_remove_fpm_config
ynh_systemd_action --action=restart --service_name=php7.3-fpm
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -61,4 +63,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Removal of $app completed" --time --last ynh_script_progression --message="Removal of $app completed" --last

View File

@ -69,15 +69,25 @@ ynh_system_user_create --username=$app
# RESTORE USER RIGHTS # RESTORE USER RIGHTS
#================================================= #=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files # Set permissions to app files
chown -R root:$app $final_path chown -R root: $final_path
chmod -R g+w $final_path find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#================================================= #=================================================
# RESTORE THE PHP-FPM CONFIGURATION # RESTORE THE PHP-FPM CONFIGURATION
#================================================= #=================================================
ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/php/7.3/fpm/pool.d/$app.conf"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -86,11 +96,11 @@ ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
#================================================= #=================================================
ynh_script_progression --message="Reloading nginx web server and php-fpm..." ynh_script_progression --message="Reloading nginx web server and php-fpm..."
ynh_systemd_action --service_name=php7.0-fpm --action=reload ynh_systemd_action --service_name=php7.3-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Restoration completed for $app" --time --last ynh_script_progression --message="Restoration completed for $app" --last

View File

@ -79,16 +79,12 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." ynh_script_progression --message="Upgrading source files..."
# Remove old version
ynh_secure_remove --file="$final_path"
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" ynh_setup_source --dest_dir="$final_path"
# Remove unused directories or files from older release
ynh_secure_remove --file="$final_path/aide.svg"
ynh_secure_remove --file="$final_path/favicons"
ynh_secure_remove --file="$final_path/parinux.png"
ynh_secure_remove --file="$final_path/phpqrcode"
ynh_secure_remove --file="$final_path/ubuntu-dl.ttf"
ynh_secure_remove --file="$final_path/style.min.css"
fi fi
#================================================= #=================================================
@ -138,9 +134,19 @@ ynh_store_file_checksum --file="$final_path/config.inc.php"
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files # Set permissions to app files
chown -R root:$app $final_path chown -R root: $final_path
chmod -R g+w $final_path find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
@ -150,8 +156,7 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
# unprotected_uris allows SSO credentials to be passed anyway ynh_permission_update --permission "main" --add visitors
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi fi
#================================================= #=================================================
@ -165,4 +170,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Upgrade of $app completed" --time --last ynh_script_progression --message="Upgrade of $app completed" --last