diff --git a/check_process b/check_process index 320dec3..d20e931 100644 --- a/check_process +++ b/check_process @@ -3,7 +3,7 @@ ; Manifest domain="domain.tld" path="/path" - is_public="Yes" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 diff --git a/scripts/install b/scripts/install index c9845cd..8a54277 100755 --- a/scripts/install +++ b/scripts/install @@ -45,6 +45,14 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD MODIFICATIONS #================================================= @@ -57,7 +65,9 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -chown -R root: "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # NGINX CONFIGURATION @@ -73,10 +83,11 @@ ynh_add_nginx_config ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary -if [ $is_public -eq 0 ] +if [ $is_public -eq 1 ] then ynh_permission_update --permission="main" --add="visitors" fi + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/remove b/scripts/remove index 2123569..aeb9752 100755 --- a/scripts/remove +++ b/scripts/remove @@ -36,6 +36,16 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 65415ef..c05b261 100644 --- a/scripts/restore +++ b/scripts/restore @@ -43,6 +43,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -50,7 +58,9 @@ ynh_script_progression --message="Restoring $app main directory..." --weight=2 ynh_restore_file --origin_path="$final_path" -chown -R root: "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 7d7e892..16d4ae4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -43,6 +43,14 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -69,7 +77,9 @@ then ynh_setup_source --dest_dir="$final_path" fi -chown -R root: "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # NGINX CONFIGURATION