1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/freshrss_ynh.git synced 2024-09-03 18:36:33 +02:00

More tweaks to permissions

This commit is contained in:
Jules Bertholet 2021-04-17 12:39:02 -04:00
parent 0ecb02b072
commit e6b8ecfd66
8 changed files with 69 additions and 98 deletions

View file

@ -1,19 +1,17 @@
#!/bin/bash #!/usr/bin/env bash
set -a
source /usr/share/yunohost/helpers
app=$1 app=$1
new_users=$2 new_users=$2
app_path=/var/www/$app
# Source app helpers if [[ "${0//.\/50-}" = "$app" ]]; then
. /usr/share/yunohost/helpers final_path=$(ynh_app_setting_get --app=$app --key=final_path)
for user in $(echo "$new_users" | sed "s/,/ /g")
if [[ "APPNAMETOCHANGE" = "$app" ]];
then
for myuser in $(echo "$new_users" | sed "s/,/ /g")
do do
user_token=$(ynh_string_random) user_token=$(ynh_string_random)
$app_path/cli/create-user.php --user $myuser --language en --token $user_token sudo -u $app $final_path/cli/create-user.php --user $user --language en --token $user_token
sudo chown -R $app:$app $app_path/data/users/$myuser/
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $app_path/data/users/$myuser/
done done
fi fi

View file

@ -1,13 +1,10 @@
#!/bin/bash #!/usr/bin/env bash
app=APPNAMETOCHANGE
app_path=/var/www/$app
myuser=$1 set -a
source /usr/share/yunohost/helpers
# Source app helpers app="${0//.\/50-}"
. /usr/share/yunohost/helpers username=$1
user_token=$(ynh_string_random) user_token=$(ynh_string_random)
sudo $app_path/cli/create-user.php --user $myuser --language en --token $user_token sudo -u $app $final_path/cli/create-user.php --user $username --language en --token $user_token
sudo chown -R $app:$app $app_path/data/users/$myuser/
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $app_path/data/users/$myuser/

View file

@ -1,6 +1,10 @@
#!/bin/bash #!/usr/bin/env bash
app=APPNAMETOCHANGE
app_path=/var/www/$app
myuser=$1 set -a
$app_path/cli/delete-user.php --user $myuser source /usr/share/yunohost/helpers
app="${0//.\/50-}"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
username=$1
sudo -u $app $final_path/cli/delete-user.php --user $username

View file

@ -14,6 +14,13 @@ extra_php_dependencies="php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-zip php${
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================
function set_permissions {
chown -R root:$app $final_path
chmod -R g=u,g-w,o-rwx $final_path
chown -R $app:$app $final_path/{data,extensions}
setfacl -n -R -m u:www-data:rx -m d:u:www-data:rx $final_path
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

View file

@ -103,7 +103,7 @@ fi
# SPECIFIC MODIFICATIONS # SPECIFIC MODIFICATIONS
#================================================= #=================================================
$final_path/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name sudo -u $app $final_path/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION

View file

@ -57,6 +57,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=3
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app
#================================================= #=================================================
# CREATE A MYSQL DATABASE # CREATE A MYSQL DATABASE
#================================================= #=================================================
@ -76,6 +84,8 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" ynh_setup_source --dest_dir="$final_path"
set_permissions
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
@ -84,14 +94,6 @@ ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
#================================================= #=================================================
@ -101,20 +103,12 @@ ynh_script_progression --message="Configuring PHP-FPM..."
ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_fpm_config --package="$extra_php_dependencies"
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# SPECIFIC SETUP
#=================================================
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_create"
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_delete"
#================================================= #=================================================
# SETUPING FRESHRSS # SETUPING FRESHRSS
#================================================= #=================================================
ynh_script_progression --message="FreshRSS setup script..." ynh_script_progression --message="FreshRSS setup script..."
$final_path/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name sudo -u $app $final_path/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
@ -124,7 +118,7 @@ ynh_script_progression --message="Creating users..."
for myuser in $(ynh_user_list) for myuser in $(ynh_user_list)
do do
user_token=$(ynh_string_random) user_token=$(ynh_string_random)
$final_path/cli/create-user.php --user $myuser --language $language --token $user_token sudo -u $app $final_path/cli/create-user.php --user $myuser --language $language --token $user_token
done done
#================================================= #=================================================
@ -143,17 +137,6 @@ chmod 644 "$cron_path"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions to app files
chown -R root:$app $final_path
chmod -R g-w $final_path
chown -R $app:$app $final_path/{data,extensions}
chmod o-rwx $final_path
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================

View file

@ -49,13 +49,6 @@ ynh_script_progression --message="Restoring NGINX configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
#================================================= #=================================================
# RECREATE THE DEDICATED USER # RECREATE THE DEDICATED USER
#================================================= #=================================================
@ -73,15 +66,13 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# RESTORE USER RIGHTS # RESTORE THE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Restoring the app main directory..."
# Restore permissions on app files ynh_restore_file --origin_path="$final_path"
chown -R root:$app $final_path
chmod -R g-w $final_path set_permissions
chown -R $app:$app $final_path/{data,extensions}
chmod o-rwx $final_path
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
#================================================= #=================================================
# RESTORE THE PHP-FPM CONFIGURATION # RESTORE THE PHP-FPM CONFIGURATION

View file

@ -80,6 +80,21 @@ path_url=$(ynh_normalize_url_path --path_url=$path_url)
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -98,21 +113,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
#================================================= #=================================================
@ -141,11 +141,6 @@ cp -r $final_path/extensions/. $tmp_path/extensions/
ynh_secure_remove "$final_path" ynh_secure_remove "$final_path"
cp -rp "$tmp_path" "$final_path" cp -rp "$tmp_path" "$final_path"
#update hook for multi instance
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_create"
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_delete"
#================================================= #=================================================
# CRON SETUP # CRON SETUP
#================================================= #=================================================
@ -170,15 +165,10 @@ fi
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# Set permissions on app files set_permissions
chown -R root:$app $final_path
chmod -R g-w $final_path
chown -R $app:$app $final_path/{data,extensions}
chmod o-rwx $final_path
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
# reconfigure application with latest parameters # reconfigure application with latest parameters
$final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name sudo -u $app $final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
@ -190,11 +180,12 @@ ynh_app_setting_delete --app="$app" --key=unprotected_regex
ynh_app_setting_delete --app="$app" --key=unprotected_uris ynh_app_setting_delete --app="$app" --key=unprotected_uris
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX AND PHP-FPM
#================================================= #=================================================
ynh_script_progression --message="Reloading NGINX web server..." ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name=php$YNH_PHP_VERSION-fpm --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT