diff --git a/scripts/install b/scripts/install index 90c8106..794689f 100644 --- a/scripts/install +++ b/scripts/install @@ -50,7 +50,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # STANDARD MODIFICATIONS @@ -63,6 +63,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -79,17 +83,6 @@ ynh_script_progression --message="Configuring PHP-FPM..." # Create a dedicated PHP-FPM config ynh_add_fpm_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -chown -R $app:www-data $final_path -chmod 775 $final_path - #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/restore b/scripts/restore index 5fd497d..1e31906 100755 --- a/scripts/restore +++ b/scripts/restore @@ -52,7 +52,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # RESTORE THE APP MAIN DIR @@ -61,14 +61,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RESTORE USER RIGHTS -#================================================= -ynh_script_progression --message="Restoring user rights..." - -# Restore permissions on app files -chown -R $app:www-data $final_path -chmod 775 $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index d7fd836..1c43702 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -71,7 +71,7 @@ ynh_abort_if_errors ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # STANDARD UPGRADE STEPS @@ -88,6 +88,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -104,17 +108,6 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." # Create a dedicated PHP-FPM config ynh_add_fpm_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions on app files -chown -R $app:www-data $final_path -chmod 775 $final_path - #================================================= # RELOAD NGINX #=================================================