diff --git a/check_process b/check_process index 176d5a5..9f9d48d 100644 --- a/check_process +++ b/check_process @@ -1,9 +1,9 @@ ;; Test complet auto_remove=1 ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - is_public="Yes" (PUBLIC|public=Yes|private=No) + domain="domain.tld" + path="/path" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 diff --git a/manifest.json b/manifest.json index 0871e45..d93eb50 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "" }, "requirements": { - "yunohost": ">= 4.1.7" + "yunohost": ">= 4.2.4" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index d64b57b..57050df 100755 --- a/scripts/install +++ b/scripts/install @@ -46,6 +46,14 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD MODIFICATIONS #================================================= @@ -58,6 +66,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -66,22 +78,16 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path - #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -# Make app public if necessary or protect it -[ $is_public -eq 0 ] || ynh_permission_update --permission="main" --add="visitors" +# Make app public if necessary +if [ $is_public -eq 1 ] +then + ynh_permission_update --permission="main" --add="visitors" +fi #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index 7abebbf..583768c 100755 --- a/scripts/remove +++ b/scripts/remove @@ -36,6 +36,14 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 26a7378..2d136fe 100644 --- a/scripts/restore +++ b/scripts/restore @@ -43,6 +43,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -50,20 +58,9 @@ ynh_script_progression --message="Restoring Cubiks 2048 main directory..." --wei ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R root: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 2ef3a47..c06a383 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -57,6 +57,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -69,6 +77,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -77,13 +89,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R root: $final_path - #================================================= # RELOAD NGINX #=================================================