Fix permissions

This commit is contained in:
Miraty 2020-10-31 22:01:13 +01:00
parent ef1913c51c
commit a72232e5c8
5 changed files with 45 additions and 23 deletions

View File

@ -53,10 +53,10 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
ynh_script_progression --message="Backing up php-fpm configuration..."
ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/php/7.3/fpm/pool.d/$app.conf"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last

View File

@ -134,9 +134,14 @@ ynh_add_fpm_config
### that really need such authorization.
# Set permissions to app files
chown -R root:$app $final_path
chmod -R 750 $final_path
chmod -R 770 $final_path/temp
chown -R root: $final_path
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#=================================================
# SETUP SSOWAT

View File

@ -47,6 +47,8 @@ ynh_script_progression --message="Removing php-fpm configuration..."
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
ynh_systemd_action --action=restart --service_name=php7.3-fpm
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -61,4 +63,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --time --last
ynh_script_progression --message="Removal of $app completed" --last

View File

@ -69,15 +69,25 @@ ynh_system_user_create --username=$app
# RESTORE USER RIGHTS
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root:$app $final_path
chmod -R g+w $final_path
chown -R root: $final_path
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_restore_file --origin_path="/etc/php/7.3/fpm/pool.d/$app.conf"
#=================================================
# GENERIC FINALIZATION
@ -86,11 +96,11 @@ ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
ynh_script_progression --message="Reloading nginx web server and php-fpm..."
ynh_systemd_action --service_name=php7.0-fpm --action=reload
ynh_systemd_action --service_name=php7.3-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --time --last
ynh_script_progression --message="Restoration completed for $app" --last

View File

@ -79,16 +79,12 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..."
# Remove old version
ynh_secure_remove --file="$final_path"
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Remove unused directories or files from older release
ynh_secure_remove --file="$final_path/aide.svg"
ynh_secure_remove --file="$final_path/favicons"
ynh_secure_remove --file="$final_path/parinux.png"
ynh_secure_remove --file="$final_path/phpqrcode"
ynh_secure_remove --file="$final_path/ubuntu-dl.ttf"
ynh_secure_remove --file="$final_path/style.min.css"
fi
#=================================================
@ -138,9 +134,19 @@ ynh_store_file_checksum --file="$final_path/config.inc.php"
# SECURE FILES AND DIRECTORIES
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root:$app $final_path
chmod -R g+w $final_path
chown -R root: $final_path
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#=================================================
# SETUP SSOWAT
@ -150,8 +156,7 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
ynh_permission_update --permission "main" --add visitors
fi
#=================================================
@ -165,4 +170,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --time --last
ynh_script_progression --message="Upgrade of $app completed" --last