From 35a80dfd6e9babe2d566e6e67ddba258ebdd8679 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 12 Nov 2021 13:03:18 +0100 Subject: [PATCH] Add rights --- scripts/install | 22 ++++++++++++---------- scripts/remove | 10 ++++++++++ scripts/restore | 18 +++++++++++------- scripts/upgrade | 12 ++++++++++++ 4 files changed, 45 insertions(+), 17 deletions(-) diff --git a/scripts/install b/scripts/install index 6e22846..93096ee 100644 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -58,6 +66,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -71,16 +83,6 @@ then ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf" fi -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -chown -R www-data: $final_path - #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index 6e5d453..e009d4b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -36,6 +36,16 @@ ynh_script_progression --message="Removing NGINX web server configuration..." # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index d33c548..2df94e3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -48,6 +48,14 @@ ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -55,13 +63,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RESTORE USER RIGHTS -#================================================= -ynh_script_progression --message="Restoring user rights..." - -# Restore permissions on app files -chown -R www-data: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index e675586..1079291 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -61,6 +61,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -73,6 +81,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #=================================================