YunoHost-Apps/cops_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cops_ynh.git synced 2024-09-03 18:25:57 +02:00
Code Issues Activity Actions

Use of dedicated system user

Browse source
This commit is contained in:
root 2017-02-24 17:06:06 +01:00
parent b6bc5638d7
commit 0bcc6cfc56
5 changed files with 66 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
manifest.json
View file

@ -50,15 +50,6 @@
"example": "/home/yunohost.app/owncloud/data/johndoe/files/eBooks", "example": "/home/yunohost.app/owncloud/data/johndoe/files/eBooks",
"default": "/home/yunohost.app/owncloud/data/johndoe/files/eBooks" "default": "/home/yunohost.app/owncloud/data/johndoe/files/eBooks"
}, },
{
"name": "runninguser",
"ask": {
"en": "Which system user is managing the Calibre folder ?",
"fr": "Quel utilisateur système gère le dossier Calibre ?"
},
"choices": ["www-data", "owncloud", "nextcloud"],
"default": "www-data"
},
{ {
"name": "is_public", "name": "is_public",
"ask": { "ask": {

24
scripts/install
View file

@ -40,7 +40,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path=$YNH_APP_ARG_PATH path=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
runninguser=$YNH_APP_ARG_RUNNINGUSER #runninguser=$YNH_APP_ARG_RUNNINGUSER
calibre=$YNH_APP_ARG_CALIBRE calibre=$YNH_APP_ARG_CALIBRE
# No basic auth if app is private # No basic auth if app is private
@ -112,7 +112,6 @@ ynh_app_setting_set "$app" domain "$domain"
#ynh_app_setting_set "$app" path "$path" #ynh_app_setting_set "$app" path "$path"
ynh_app_setting_set "$app" is_public "$is_public" ynh_app_setting_set "$app" is_public "$is_public"
ynh_app_setting_set "$app" final_path "$final_path" ynh_app_setting_set "$app" final_path "$final_path"
ynh_app_setting_set "$app" runninguser "$runninguser"
ynh_app_setting_set "$app" calibre "$calibre" ynh_app_setting_set "$app" calibre "$calibre"
ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate" ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate"
@ -148,8 +147,27 @@ sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php
sudo cp ../conf/config_local.php $final_path sudo cp ../conf/config_local.php $final_path
sudo cp ../conf/robots.txt $final_path sudo cp ../conf/robots.txt $final_path
# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1. Create the user
# Create a system account for COPS
sudo useradd -c "$runninguser system account" \
-d $final_path --system --user-group $runninguser \
|| ynh_die "Unable to create $runninguser system account"
ynh_app_setting_set "$app" runninguser "$runninguser"
# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
app_id=$(sudo yunohost app list --installed -f "$filesharing" \
--output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
[[ -z "$app_id" ]] || {
sudo usermod -a -G $filesharing $runninguser
}
done
# Set permissions # Set permissions
sudo chmod 775 -R $final_path sudo chmod ug+rw -R $final_path
sudo chown -hR $runninguser:$runninguser $final_path sudo chown -hR $runninguser:$runninguser $final_path
# Add basic auth if requested # Add basic auth if requested

5
scripts/remove
View file

@ -27,6 +27,7 @@ domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get $app final_path)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf) finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$app-ynh
# Suppression du dossier de la webapp # Suppression du dossier de la webapp
sudo rm -rf $final_path sudo rm -rf $final_path
@ -40,6 +41,10 @@ if ynh_package_is_installed "cops-deps"; then
ynh_package_autoremove "cops-deps" ynh_package_autoremove "cops-deps"
fi fi
# Remove the user account
id "$runninguser" >/dev/null 2>&1 \
&& sudo deluser --quiet --remove-home "$runninguser" >/dev/null
# We reload the services # We reload the services
sudo service php5-fpm reload sudo service php5-fpm reload
sudo service nginx reload sudo service nginx reload

19
scripts/restore
View file

@ -41,6 +41,25 @@ basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
sudo mkdir -p $final_path sudo mkdir -p $final_path
sudo cp -a ./sources/* $final_path/ sudo cp -a ./sources/* $final_path/
# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1. Create the user
# Create a system account for COPS
sudo useradd -c "$runninguser system account" \
-d $final_path --system --user-group $runninguser \
|| ynh_die "Unable to create $runninguser system account"
ynh_app_setting_set "$app" runninguser "$runninguser"
# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
app_id=$(sudo yunohost app list --installed -f "$filesharing" \
--output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
[[ -z "$app_id" ]] || {
sudo usermod -a -G $filesharing $runninguser
}
done
# Restore permissions to app files # Restore permissions to app files
# you may need to make some file and/or directory writeable by www-data (nginx user) # you may need to make some file and/or directory writeable by www-data (nginx user)
sudo chown -R $runninguser:$runninguser $final_path sudo chown -R $runninguser:$runninguser $final_path

23
scripts/upgrade
View file

@ -38,7 +38,6 @@ domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get $app final_path)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf) finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$(ynh_app_setting_get $app runninguser)
calibre=$(ynh_app_setting_get $app calibre) calibre=$(ynh_app_setting_get $app calibre)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate) basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
@ -80,8 +79,28 @@ sed -i "s@TIMEZONETOCHANGE@$timezone@g" ../conf/config_local.php
sudo cp ../conf/config_local.php $final_path sudo cp ../conf/config_local.php $final_path
sudo cp ../conf/robots.txt $final_path sudo cp ../conf/robots.txt $final_path
# Create cops user and join nextcloud/owncloud/www-data groups
runninguser="${app}-ynh"
# 1. Create the user
# Create a system account for COPS
sudo useradd -c "$runninguser system account" \
-d $final_path --system --user-group $runninguser \
|| ynh_die "Unable to create $runninguser system account"
ynh_app_setting_set "$app" runninguser "$runninguser"
# 2. Add cops-ynh to groups www-data and nextcloud/owncloud if they exist
sudo usermod -a -G www-data $runninguser
for filesharing in "nextcloud" "owncloud"; do
app_id=$(sudo yunohost app list --installed -f "$filesharing" \
--output-as json | grep -Po '"id":[ ]?"\K.*?(?=")' | head -1)
[[ -z "$app_id" ]] || {
sudo usermod -a -G $filesharing $runninguser
}
done
ynh_app_setting_set $app runninguser $runninguser
# Set permissions # Set permissions
sudo chmod 775 -R $final_path sudo chmod ug+rw -R $final_path
sudo chown -hR $runninguser:$runninguser $final_path sudo chown -hR $runninguser:$runninguser $final_path
# Add basic auth if requested # Add basic auth if requested