From 56ed40026c63570d53d28a8687ce7b14d0b12226 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Wed, 24 Mar 2021 19:51:54 +0100
Subject: [PATCH] protect final_path

---
 scripts/install | 1 +
 scripts/restore | 1 +
 scripts/upgrade | 1 +
 3 files changed, 3 insertions(+)

diff --git a/scripts/install b/scripts/install
index ee2e394..9e767f0 100644
--- a/scripts/install
+++ b/scripts/install
@@ -216,6 +216,7 @@ ynh_store_file_checksum --file="$final_path/credentials.json"
 
 # Set files ownership to etherpad
 chown -R $app: $final_path
+chmod o-rwx $final_path
 # Restrict access to credentials.json
 chmod 600 $final_path/credentials.json
 
diff --git a/scripts/restore b/scripts/restore
index d4da3c7..202a1c4 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -136,6 +136,7 @@ ynh_exec_warn_less npm cache clean --force
 
 # Restore permissions on app files
 chown -R $app: $final_path
+chmod o-rwx $final_path
 
 #=================================================
 # ADVERTISE SERVICE IN ADMIN PANEL
diff --git a/scripts/upgrade b/scripts/upgrade
index 28521a1..2b7eb5b 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -356,6 +356,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path
 
 # Set files ownership to etherpad
 chown -R $app: $final_path
+chmod o-rwx $final_path
 chmod 600 "$final_path/credentials.json"
 # Restrict access to credentials.json
 chown $app -R /var/log/$app/etherpad.log