YunoHost-Apps/freshrss_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/freshrss_ynh.git synced 2024-09-03 18:36:33 +02:00
Code Issues Activity Actions

Harden permissions

Browse source
This commit is contained in:
Jules Bertholet 2021-03-22 18:20:17 -04:00
parent 74c73ae5bc
commit 0ecb02b072
7 changed files with 53 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hooks/post_app_addaccess
View file

@ -13,6 +13,7 @@ then
do do
user_token=$(ynh_string_random) user_token=$(ynh_string_random)
$app_path/cli/create-user.php --user $myuser --language en --token $user_token $app_path/cli/create-user.php --user $myuser --language en --token $user_token
sudo chown -R $app: $app_path/data/users/$myuser/ sudo chown -R $app:$app $app_path/data/users/$myuser/
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $app_path/data/users/$myuser/
done done
fi fi

3
hooks/post_user_create
View file

@ -9,4 +9,5 @@ myuser=$1
user_token=$(ynh_string_random) user_token=$(ynh_string_random)
sudo $app_path/cli/create-user.php --user $myuser --language en --token $user_token sudo $app_path/cli/create-user.php --user $myuser --language en --token $user_token
sudo chown -R $app: $app_path/data/users/$myuser/ sudo chown -R $app:$app $app_path/data/users/$myuser/
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $app_path/data/users/$myuser/

2
scripts/_common.sh
View file

@ -4,6 +4,8 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
pkg_dependencies="acl"
YNH_PHP_VERSION="7.3" YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-dom php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-sqlite3 php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-xml" extra_php_dependencies="php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-dom php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-sqlite3 php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-xml"

16
scripts/install
View file

@ -48,6 +48,15 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=language --value=$language
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=3
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# CREATE A MYSQL DATABASE # CREATE A MYSQL DATABASE
#================================================= #=================================================
@ -139,8 +148,11 @@ chmod 644 "$cron_path"
#================================================= #=================================================
# Set permissions to app files # Set permissions to app files
chown -R root: $final_path chown -R root:$app $final_path
chown -R $app: $final_path/{data,extensions} chmod -R g-w $final_path
chown -R $app:$app $final_path/{data,extensions}
chmod o-rwx $final_path
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT

8
scripts/remove
View file

@ -29,6 +29,14 @@ ynh_script_progression --message="Removing the MySQL database..."
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================

16
scripts/restore
View file

@ -64,14 +64,24 @@ ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
ynh_system_user_create --username=$app ynh_system_user_create --username=$app
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# RESTORE USER RIGHTS # RESTORE USER RIGHTS
#================================================= #=================================================
# Restore permissions on app files # Restore permissions on app files
chown -R root: $final_path chown -R root:$app $final_path
chown -R $app: $final_path/data/ chmod -R g-w $final_path
chown -R $app: $final_path/extensions/ chown -R $app:$app $final_path/{data,extensions}
chmod o-rwx $final_path
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
#================================================= #=================================================
# RESTORE THE PHP-FPM CONFIGURATION # RESTORE THE PHP-FPM CONFIGURATION

15
scripts/upgrade
View file

@ -98,6 +98,13 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
@ -164,9 +171,11 @@ fi
#================================================= #=================================================
# Set permissions on app files # Set permissions on app files
chown -R root: $final_path chown -R root:$app $final_path
chmod 755 $final_path chmod -R g-w $final_path
chown -R $app: $final_path/{data,extensions} chown -R $app:$app $final_path/{data,extensions}
chmod o-rwx $final_path
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
# reconfigure application with latest parameters # reconfigure application with latest parameters
$final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name $final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name