Merge pull request #5 from YunoHost-Apps/testing

Fixed permissions and other small things

manifest.json

@@ -6,7 +6,7 @@
     "en": "Store all kinds of data with an extremely customizable interface.",
     "fr": "Stockez tous types de données avec une interface complètement customizable."
   },
-  "version": "1.5.11~ynh1",
+  "version": "1.5.11~ynh2",
   "url": "https://squeak.eauchat.org/dato",
   "license": "AGPL-3.0-or-later",
   "maintainer": {
@@ -62,7 +62,7 @@
         "name": "autosync_info",
         "type": "display_text",
         "ask": {
-          "en": "All the following option are useful only if you chose to enable autosynchronization. You can skip them all if you didn't.",
+          "en": "All the following options are useful only if you chose to enable autosynchronization. You can skip them all if you didn't.",
           "fr": "Les options qui suivent ne sont utiles que si vous avez choisi d'activer l'autosynchronisation. Vous pouvez toutes les ignorer si ce n'est pas le cas."
         }
       },

scripts/change_url

@@ -75,7 +75,7 @@ fi
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
 
 #=================================================
 # MODIFY URL IN NGINX CONF

scripts/install

@@ -204,12 +204,10 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-### For security reason, any app should set the permissions to root: before anything else.
-### Then, if write authorization is needed, any access should be given only to directories
-### that really need such authorization.
-
-# Set permissions to app files
-chown -R "$app":"$app" $final_path
+# Set permissions to app files (let dato write right only to what it needs to modify)
+chown -R root: $final_path
+[ -d "$final_path/dist" ] || mkdir "$final_path/dist"
+chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
 #=================================================
 # SETUP LOGROTATE

scripts/restore

@@ -71,8 +71,10 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================
 
-# Restore permissions on app files
-chown -R "$app":"$app" $final_path
+# Restore permissions on app files (let dato write right only to what it needs to modify)
+chown -R root: $final_path
+[ -d "$final_path/dist" ] || mkdir "$final_path/dist"
+chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
 # #=================================================
 # # RESTORE FAIL2BAN CONFIGURATION

scripts/upgrade

@@ -59,7 +59,7 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -135,8 +135,10 @@ ynh_add_systemd_config --others_var="ynh_node_load_PATH"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions on app files
-chown -R "$app":"$app" $final_path
+# Set permissions on app files (let dato write right only to what it needs to modify)
+chown -R root: $final_path
+[ -d "$final_path/dist" ] || mkdir "$final_path/dist"
+chown -R $app:$app $final_path/dist $final_path/global $final_path/config
 
 #=================================================
 # SETUP LOGROTATE