mirror of
https://github.com/YunoHost-Apps/freshrss_ynh.git
synced 2024-09-03 18:36:33 +02:00
More tweaks to permissions
This commit is contained in:
parent
0ecb02b072
commit
e6b8ecfd66
8 changed files with 69 additions and 98 deletions
|
@ -1,19 +1,17 @@
|
||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -a
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
app=$1
|
app=$1
|
||||||
new_users=$2
|
new_users=$2
|
||||||
app_path=/var/www/$app
|
|
||||||
|
|
||||||
# Source app helpers
|
if [[ "${0//.\/50-}" = "$app" ]]; then
|
||||||
. /usr/share/yunohost/helpers
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
|
|
||||||
|
for user in $(echo "$new_users" | sed "s/,/ /g")
|
||||||
if [[ "APPNAMETOCHANGE" = "$app" ]];
|
|
||||||
then
|
|
||||||
for myuser in $(echo "$new_users" | sed "s/,/ /g")
|
|
||||||
do
|
do
|
||||||
user_token=$(ynh_string_random)
|
user_token=$(ynh_string_random)
|
||||||
$app_path/cli/create-user.php --user $myuser --language en --token $user_token
|
sudo -u $app $final_path/cli/create-user.php --user $user --language en --token $user_token
|
||||||
sudo chown -R $app:$app $app_path/data/users/$myuser/
|
|
||||||
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $app_path/data/users/$myuser/
|
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,13 +1,10 @@
|
||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
app=APPNAMETOCHANGE
|
|
||||||
app_path=/var/www/$app
|
|
||||||
|
|
||||||
myuser=$1
|
set -a
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
# Source app helpers
|
app="${0//.\/50-}"
|
||||||
. /usr/share/yunohost/helpers
|
username=$1
|
||||||
|
|
||||||
user_token=$(ynh_string_random)
|
user_token=$(ynh_string_random)
|
||||||
sudo $app_path/cli/create-user.php --user $myuser --language en --token $user_token
|
sudo -u $app $final_path/cli/create-user.php --user $username --language en --token $user_token
|
||||||
sudo chown -R $app:$app $app_path/data/users/$myuser/
|
|
||||||
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $app_path/data/users/$myuser/
|
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
#!/bin/bash
|
#!/usr/bin/env bash
|
||||||
app=APPNAMETOCHANGE
|
|
||||||
app_path=/var/www/$app
|
|
||||||
|
|
||||||
myuser=$1
|
set -a
|
||||||
$app_path/cli/delete-user.php --user $myuser
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
app="${0//.\/50-}"
|
||||||
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
|
username=$1
|
||||||
|
|
||||||
|
sudo -u $app $final_path/cli/delete-user.php --user $username
|
||||||
|
|
|
@ -14,6 +14,13 @@ extra_php_dependencies="php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-zip php${
|
||||||
# PERSONAL HELPERS
|
# PERSONAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
function set_permissions {
|
||||||
|
chown -R root:$app $final_path
|
||||||
|
chmod -R g=u,g-w,o-rwx $final_path
|
||||||
|
chown -R $app:$app $final_path/{data,extensions}
|
||||||
|
setfacl -n -R -m u:www-data:rx -m d:u:www-data:rx $final_path
|
||||||
|
}
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# EXPERIMENTAL HELPERS
|
# EXPERIMENTAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -103,7 +103,7 @@ fi
|
||||||
# SPECIFIC MODIFICATIONS
|
# SPECIFIC MODIFICATIONS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
$final_path/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
|
sudo -u $app $final_path/cli/reconfigure.php --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
|
|
|
@ -57,6 +57,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=3
|
||||||
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
ynh_install_app_dependencies $pkg_dependencies
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CREATE DEDICATED USER
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Configuring system user..."
|
||||||
|
|
||||||
|
# Create a system user
|
||||||
|
ynh_system_user_create --username=$app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE A MYSQL DATABASE
|
# CREATE A MYSQL DATABASE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -76,6 +84,8 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$final_path"
|
ynh_setup_source --dest_dir="$final_path"
|
||||||
|
|
||||||
|
set_permissions
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# NGINX CONFIGURATION
|
# NGINX CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -84,14 +94,6 @@ ynh_script_progression --message="Configuring NGINX web server..."
|
||||||
# Create a dedicated NGINX config
|
# Create a dedicated NGINX config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring system user..."
|
|
||||||
|
|
||||||
# Create a system user
|
|
||||||
ynh_system_user_create --username=$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# PHP-FPM CONFIGURATION
|
# PHP-FPM CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -101,20 +103,12 @@ ynh_script_progression --message="Configuring PHP-FPM..."
|
||||||
ynh_add_fpm_config --package="$extra_php_dependencies"
|
ynh_add_fpm_config --package="$extra_php_dependencies"
|
||||||
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC SETUP
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_app_addaccess"
|
|
||||||
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_create"
|
|
||||||
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_delete"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUPING FRESHRSS
|
# SETUPING FRESHRSS
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="FreshRSS setup script..."
|
ynh_script_progression --message="FreshRSS setup script..."
|
||||||
|
|
||||||
$final_path/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
|
sudo -u $app $final_path/cli/do-install.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE DEDICATED USER
|
# CREATE DEDICATED USER
|
||||||
|
@ -124,7 +118,7 @@ ynh_script_progression --message="Creating users..."
|
||||||
for myuser in $(ynh_user_list)
|
for myuser in $(ynh_user_list)
|
||||||
do
|
do
|
||||||
user_token=$(ynh_string_random)
|
user_token=$(ynh_string_random)
|
||||||
$final_path/cli/create-user.php --user $myuser --language $language --token $user_token
|
sudo -u $app $final_path/cli/create-user.php --user $myuser --language $language --token $user_token
|
||||||
done
|
done
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -143,17 +137,6 @@ chmod 644 "$cron_path"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
#=================================================
|
|
||||||
# SECURE FILES AND DIRECTORIES
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Set permissions to app files
|
|
||||||
chown -R root:$app $final_path
|
|
||||||
chmod -R g-w $final_path
|
|
||||||
chown -R $app:$app $final_path/{data,extensions}
|
|
||||||
chmod o-rwx $final_path
|
|
||||||
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -49,13 +49,6 @@ ynh_script_progression --message="Restoring NGINX configuration..."
|
||||||
|
|
||||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RESTORE THE APP MAIN DIR
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Restoring the app main directory..."
|
|
||||||
|
|
||||||
ynh_restore_file --origin_path="$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RECREATE THE DEDICATED USER
|
# RECREATE THE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -73,15 +66,13 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=1
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
ynh_install_app_dependencies $pkg_dependencies
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE USER RIGHTS
|
# RESTORE THE APP MAIN DIR
|
||||||
#=================================================
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the app main directory..."
|
||||||
|
|
||||||
# Restore permissions on app files
|
ynh_restore_file --origin_path="$final_path"
|
||||||
chown -R root:$app $final_path
|
|
||||||
chmod -R g-w $final_path
|
set_permissions
|
||||||
chown -R $app:$app $final_path/{data,extensions}
|
|
||||||
chmod o-rwx $final_path
|
|
||||||
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE PHP-FPM CONFIGURATION
|
# RESTORE THE PHP-FPM CONFIGURATION
|
||||||
|
|
|
@ -80,6 +80,21 @@ path_url=$(ynh_normalize_url_path --path_url=$path_url)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD UPGRADE STEPS
|
# STANDARD UPGRADE STEPS
|
||||||
|
#=================================================
|
||||||
|
# CREATE DEDICATED USER
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Making sure dedicated system user exists..."
|
||||||
|
|
||||||
|
# Create a dedicated user (if not existing)
|
||||||
|
ynh_system_user_create --username=$app
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# UPGRADE DEPENDENCIES
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Upgrading dependencies..." --weight=1
|
||||||
|
|
||||||
|
ynh_install_app_dependencies $pkg_dependencies
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -98,21 +113,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
|
||||||
# Create a dedicated nginx config
|
# Create a dedicated nginx config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# UPGRADE DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Upgrading dependencies..." --weight=1
|
|
||||||
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Making sure dedicated system user exists..."
|
|
||||||
|
|
||||||
# Create a dedicated user (if not existing)
|
|
||||||
ynh_system_user_create --username=$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# PHP-FPM CONFIGURATION
|
# PHP-FPM CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -141,11 +141,6 @@ cp -r $final_path/extensions/. $tmp_path/extensions/
|
||||||
ynh_secure_remove "$final_path"
|
ynh_secure_remove "$final_path"
|
||||||
cp -rp "$tmp_path" "$final_path"
|
cp -rp "$tmp_path" "$final_path"
|
||||||
|
|
||||||
#update hook for multi instance
|
|
||||||
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_app_addaccess"
|
|
||||||
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_create"
|
|
||||||
ynh_replace_string --match_string="APPNAMETOCHANGE" --replace_string=$app --target_file="../hooks/post_user_delete"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CRON SETUP
|
# CRON SETUP
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -170,15 +165,10 @@ fi
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Set permissions on app files
|
set_permissions
|
||||||
chown -R root:$app $final_path
|
|
||||||
chmod -R g-w $final_path
|
|
||||||
chown -R $app:$app $final_path/{data,extensions}
|
|
||||||
chmod o-rwx $final_path
|
|
||||||
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
|
|
||||||
|
|
||||||
# reconfigure application with latest parameters
|
# reconfigure application with latest parameters
|
||||||
$final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
|
sudo -u $app $final_path/cli/reconfigure.php --default_user $admin --auth_type http_auth --environment production --base_url https://$domain$path_url --title FreshRSS --api_enabled --db-type mysql --db-host localhost --db-user $db_name --db-password $db_pwd --db-base $db_name
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SSOWAT
|
# SETUP SSOWAT
|
||||||
|
@ -190,11 +180,12 @@ ynh_app_setting_delete --app="$app" --key=unprotected_regex
|
||||||
ynh_app_setting_delete --app="$app" --key=unprotected_uris
|
ynh_app_setting_delete --app="$app" --key=unprotected_uris
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD NGINX
|
# RELOAD NGINX AND PHP-FPM
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Reloading NGINX web server..."
|
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
ynh_systemd_action --service_name=php$YNH_PHP_VERSION-fpm --action=reload
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
Loading…
Reference in a new issue