diff --git a/scripts/install b/scripts/install index 906724e..4f90811 100644 --- a/scripts/install +++ b/scripts/install @@ -69,6 +69,8 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=language --value=$language +#================================================= +# STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= @@ -103,6 +105,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -169,14 +175,14 @@ ynh_script_progression --message="Initialising AgenDAV..." --weight=3 # SECURE FILES AND DIRECTORIES #================================================= -chown -R root: $final_path +chown -R $app:www-data $final_path # Only agendav user should write here chown -R $app ${final_path}/web/var/cache/{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -chown -R root:$app ${final_path}/web/config/ +chown -R $app:www-data ${final_path}/web/config/ chmod -R 750 ${final_path}/web/config/ #================================================= diff --git a/scripts/restore b/scripts/restore index 4106230..364f7a4 100644 --- a/scripts/restore +++ b/scripts/restore @@ -60,14 +60,14 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -chown -R root: $final_path +chown -R $app:www-data $final_path # Only agendav user should write here chown -R $app ${final_path}/web/var/cache/{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -chown -R root:$app ${final_path}/web/config/ +chown -R $app:www-data ${final_path}/web/config/ chmod -R 750 ${final_path}/web/config/ #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 8a8aa2e..c744aa9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,7 +26,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) @@ -63,6 +63,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -106,6 +113,17 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -174,14 +192,14 @@ ynh_script_progression --message="Upgrading AgenDAV..." # SECURE FILES AND DIRECTORIES #================================================= -chown -R root: $final_path +chown -R $app:www-data $final_path # Only agendav user should write here chown -R $app ${final_path}/web/var/cache/{profiler,twig} # The agendav user should read here, but does not need to write # Other users should not be able to read as it stores passwords. -chown -R root:$app ${final_path}/web/config/ +chown -R $app:www-data ${final_path}/web/config/ chmod -R 750 ${final_path}/web/config/ #=================================================