From ab71f3fa45fbc580bd6a4df5e296994a6ff33d91 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 23 Mar 2021 08:37:54 +0100 Subject: [PATCH] Protect config file --- scripts/install | 36 +++++++++++++++++++++--------------- scripts/restore | 18 ++++++++++-------- scripts/upgrade | 18 ++++++++++-------- 3 files changed, 41 insertions(+), 31 deletions(-) diff --git a/scripts/install b/scripts/install index c73facc..7db1df9 100644 --- a/scripts/install +++ b/scripts/install @@ -55,6 +55,14 @@ db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -72,14 +80,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=2 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -96,15 +96,19 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="Configuring Backdrop..." --weight=1 -cp ../conf/settings.example.php "$final_path/settings.php" +salt=$(ynh_string_random --length=30) -# Change variables in ttrss configuration -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/settings.php" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/settings.php" -ynh_replace_string --match_string="__SALT__" --replace_string="$(ynh_string_random --length=30)" --target_file="$final_path/settings.php" +ynh_add_config --template="../conf/settings.example.php" --destination="$final_path/settings.php" -# Recalculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$final_path/settings.php" +# cp ../conf/settings.example.php "$final_path/settings.php" + +# # Change variables in ttrss configuration +# ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/settings.php" +# ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/settings.php" +# ynh_replace_string --match_string="__SALT__" --replace_string="$(ynh_string_random --length=30)" --target_file="$final_path/settings.php" + +# # Recalculate and store the config file checksum into the app settings +# ynh_store_file_checksum --file="$final_path/settings.php" #================================================= # SECURE FILES AND DIRECTORIES @@ -115,6 +119,8 @@ chown -R root: $final_path chown -R $app:www-data $final_path/files chmod -R 770 $final_path/files +chmod 600 $final_path/settings.php + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/restore b/scripts/restore index 66e2a29..75e1f63 100644 --- a/scripts/restore +++ b/scripts/restore @@ -46,20 +46,20 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring Backdrop main directory..." --weight=2 - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir=$final_path + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring Backdrop main directory..." --weight=2 + +ynh_restore_file --origin_path="$final_path" #================================================= # RESTORE USER RIGHTS @@ -70,6 +70,8 @@ chown -R root: $final_path chown -R $app:www-data $final_path/files chmod -R 770 $final_path/files +chmod 600 $final_path/settings.php + #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7fc3a0f..4556e50 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -67,6 +67,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -88,14 +96,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -144,6 +144,8 @@ chown -R root: $final_path chown -R $app:www-data $final_path/files chmod -R 770 $final_path/files +chmod 600 $final_path/settings.php + #================================================= # GENERIC FINALIZATION #=================================================