From 6718a7efa0a1541922cb8c9220acfabffe6c9450 Mon Sep 17 00:00:00 2001 From: Gofannon Date: Mon, 9 Jul 2018 22:14:13 +0200 Subject: [PATCH] [enh] manage file 'preload.php' correctly See https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/37#issuecomment-403296911 --- scripts/install | 16 +++++++++++++--- scripts/upgrade | 16 ++++++++++++++-- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index 63ab4f2..6f496c4 100755 --- a/scripts/install +++ b/scripts/install @@ -127,7 +127,6 @@ cp ../conf/local.php $final_path/conf # This file might be modified by dokuwiki admin panel or by plugins # It will not be modified by Yunohost in order to keep user settings - # Restrict user rights by enforcing "read-only" mode for all users # See https://www.dokuwiki.org/acl#background_info # Default is "8" @@ -145,6 +144,12 @@ cp ../conf/acl.auth.php $final_path/conf cp $final_path/conf/local.php.dist $final_path/conf/local.php.bak cp $final_path/conf/users.auth.php.dist $final_path/conf/users.auth.php +cp $final_path/inc/preload.php.dist $final_path/inc/preload.php +# This file might be used by plugins like https://www.dokuwiki.org/plugin:siteexport +# Create it to be more "user friendly" as over the top security is not the main goal here +# This file could be use for bad behaviour. +# See https://www.dokuwiki.org/devel:preload?s[]=preload + # There is no template .dist provided inside DokuWiki installation folder # Create "empty" files to be able to manage linux permissions # Files content is taken from an existing DokuWiki installation @@ -182,14 +187,19 @@ ynh_store_file_checksum "$final_path/conf/acl.auth.php" # Files owned by DokuWiki can just read chown -R root: $final_path -# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder. +# DokuWiki needs to write inside these folders. Do "DokuWiki" owner chown $app:root $final_path/conf +chown $app:root $final_path/inc -# Do "DokuWiki" owner of onfiguration files that must be writable +# Do "DokuWiki" owner of configuration files that must be writable chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak} +# Usefull for some plugins like https://www.dokuwiki.org/plugin:siteexport +# See https://www.dokuwiki.org/devel:preload +chown $app:root $final_path/inc/preload.php # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them # There are only files in the folder and there is sublevels. No need to use "find" chmod -R a+r $final_path/conf +chmod -R a+r $final_path/inc # Give write access to "data" and subfolders chown -R $app:root $final_path/data diff --git a/scripts/upgrade b/scripts/upgrade index 1a0c1d6..827c77f 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -137,6 +137,15 @@ if [ ! -f "$final_path/conf/plugins.local.php.bak" ]; then cp ../conf/plugins.local.php $final_path/conf/plugins.local.php.bak fi + +if [ ! -f "$final_path/inc/preload.php" ]; then + # if template exists + if [ -f "$final_path/inc/preload.php.dist" ]; then + # Copy template to create default file + cp "$final_path/inc/preload.php.dist" "$final_path/inc/preload.php" + fi +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -260,14 +269,17 @@ ynh_store_file_checksum "$final_path/conf/local.protected.php" # Files owned by DokuWiki can just read chown -R root: $final_path -# DokuWiki needs to write inside the "conf" folder. Do "DokuWiki" owner of the folder. +# DokuWiki needs to write inside these folders. Do "DokuWiki" owner chown $app:root $final_path/conf +chown $app:root $final_path/inc -# Do "DokuWiki" owner of onfiguration files that must be writable +# Do "DokuWiki" owner of configuration files that must be writable chown $app:root $final_path/conf/{local.php,local.php.bak,users.auth.php,acl.auth.php,plugins.local.php,plugins.local.php.bak} +chown $app:root $final_path/inc/preload.php # Grant read-only to all files as files copied above are owned by root by defaut and nginx cannot read them # There are only files in the folder and there is sublevels. No need to use "find" chmod -R a+r $final_path/conf +chmod -R a+r $final_path/inc # Give write access to "data" and subfolders chown -R $app:root $final_path/data