From 0621ae479fcc9706d1d0ce0eed3ed9a024e0fc04 Mon Sep 17 00:00:00 2001
From: yalh76 <yalh@yahoo.com>
Date: Fri, 29 Jul 2022 20:02:48 +0200
Subject: [PATCH] Fix chown

---
 conf/systemd.service | 4 ++--
 scripts/install      | 2 --
 scripts/restore      | 6 ++++--
 scripts/upgrade      | 2 --
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index 8886528..105eb4c 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -4,11 +4,11 @@ After=network.target
 
 [Service]
 Type=simple
-Environment=NODE_ENV=production
-Environment=NODE_CONFIG_DIR=__FINALPATH__/config
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__/
+Environment=NODE_ENV=production
+Environment=NODE_CONFIG_DIR=__FINALPATH__/config
 Environment="__YNH_NODE_LOAD_PATH__"
 ExecStart=__YNH_NPM__ start
 StandardOutput=syslog
diff --git a/scripts/install b/scripts/install
index d7e3696..1525323 100755
--- a/scripts/install
+++ b/scripts/install
@@ -210,8 +210,6 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions to app files (let dato write right only to what it needs to modify)
-chown -R root: $final_path
 [ -d "$final_path/dist" ] || mkdir "$final_path/dist"
 chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
diff --git a/scripts/restore b/scripts/restore
index aa3fb57..4dcc106 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -58,8 +58,10 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
 
 ynh_restore_file --origin_path="$final_path"
 
-# Restore permissions on app files (let dato write right only to what it needs to modify)
-chown -R root: $final_path
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 [ -d "$final_path/dist" ] || mkdir "$final_path/dist"
 chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
diff --git a/scripts/upgrade b/scripts/upgrade
index f4d8152..d0c48f1 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -132,8 +132,6 @@ popd
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions on app files (let dato write right only to what it needs to modify)
-chown -R root: $final_path
 [ -d "$final_path/dist" ] || mkdir "$final_path/dist"
 chown -R $app:$app $final_path/dist $final_path/global $final_path/config