From ce14062f8f5c4f6e3536d2052162eea07dfb383d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 14 Feb 2023 13:53:45 +0100 Subject: [PATCH] reorder permissions --- scripts/install | 13 ++++++------- scripts/upgrade | 23 +++++++---------------- 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/scripts/install b/scripts/install index 3c653cc..224a035 100644 --- a/scripts/install +++ b/scripts/install @@ -33,6 +33,10 @@ ynh_script_progression --message="Setting up source files..." --weight=4 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" +# Set permissions to app files +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" + #================================================= # NGINX CONFIGURATION #================================================= @@ -48,13 +52,8 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json" -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chmod 400 "$install_dir/config.json" +chown $app:$app "$install_dir/config.json" #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index 90bfe7f..03722f0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,14 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -#ynh_script_progression --message="Loading installation settings..." --weight=1 - -#default_home_server=$(ynh_app_setting_get --app=$app --key=default_home_server) -#login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome) - #================================================= # CHECK VERSION #================================================= @@ -51,6 +43,10 @@ then ynh_setup_source --dest_dir="$install_dir" #--keep="config.json" fi +# Set permissions to app files +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" + #================================================= # ADD A CONFIGURATION #================================================= @@ -58,6 +54,9 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json" +chmod 400 "$install_dir/config.json" +chown $app:$app "$install_dir/config.json" + #================================================= # NGINX CONFIGURATION #================================================= @@ -66,14 +65,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" - #================================================= # END OF SCRIPT #=================================================