From ad106df969a89d003fa51a98252c9c4522a18720 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Mon, 22 Mar 2021 19:56:31 +0100
Subject: [PATCH] Secure config file

---
 scripts/install | 17 +++++++++--------
 scripts/restore |  1 +
 scripts/upgrade | 17 +++++++++--------
 3 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/scripts/install b/scripts/install
index 280fa75..7ad7cba 100644
--- a/scripts/install
+++ b/scripts/install
@@ -66,6 +66,14 @@ db_user=$db_name
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..."
+
+# Create a system user
+ynh_system_user_create --username=$app
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -83,14 +91,6 @@ ynh_script_progression --message="Configuring NGINX web server..."
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..."
-
-# Create a system user
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -169,6 +169,7 @@ ynh_script_progression --message="Securing files and directories..."
 
 # Set permissions to ampache directory
 chown -R $app: $final_path
+chmod 600 $final_path/config/ampache.cfg.php
 
 #=================================================
 # SETUP SSOWAT
diff --git a/scripts/restore b/scripts/restore
index db47654..2ff8cf2 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -70,6 +70,7 @@ ynh_script_progression --message="Restoring user rights..."
 
 # Restore permissions on app files
 chown -R $app: $final_path
+chmod 600 $final_path/config/ampache.cfg.php
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index ae36d1b..802f538 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -78,6 +78,14 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..."
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -105,14 +113,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=5
 
 ynh_install_app_dependencies $pkg_dependencies
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -180,6 +180,7 @@ ynh_script_progression --message="Securing files and directories..."
 
 # Set permissions on app files
 chown -R $app: $final_path
+chmod 600 $final_path/config/ampache.cfg.php
 
 #=================================================
 # SETUP SSOWAT