diff --git a/conf/systemd.service b/conf/systemd.service index 8886528..105eb4c 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -4,11 +4,11 @@ After=network.target [Service] Type=simple -Environment=NODE_ENV=production -Environment=NODE_CONFIG_DIR=__FINALPATH__/config User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/ +Environment=NODE_ENV=production +Environment=NODE_CONFIG_DIR=__FINALPATH__/config Environment="__YNH_NODE_LOAD_PATH__" ExecStart=__YNH_NPM__ start StandardOutput=syslog diff --git a/scripts/install b/scripts/install index d7e3696..1525323 100755 --- a/scripts/install +++ b/scripts/install @@ -210,8 +210,6 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions to app files (let dato write right only to what it needs to modify) -chown -R root: $final_path [ -d "$final_path/dist" ] || mkdir "$final_path/dist" chown -R $app:$app $final_path/dist $final_path/global $final_path/config diff --git a/scripts/restore b/scripts/restore index aa3fb57..4dcc106 100755 --- a/scripts/restore +++ b/scripts/restore @@ -58,8 +58,10 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -# Restore permissions on app files (let dato write right only to what it needs to modify) -chown -R root: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + [ -d "$final_path/dist" ] || mkdir "$final_path/dist" chown -R $app:$app $final_path/dist $final_path/global $final_path/config diff --git a/scripts/upgrade b/scripts/upgrade index f4d8152..d0c48f1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -132,8 +132,6 @@ popd # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files (let dato write right only to what it needs to modify) -chown -R root: $final_path [ -d "$final_path/dist" ] || mkdir "$final_path/dist" chown -R $app:$app $final_path/dist $final_path/global $final_path/config