From 9c2ba7d24ac31415dc6db652a04ded70b8edfd1e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 16 Apr 2021 02:49:59 +0200 Subject: [PATCH] Fix rights --- conf/env.prod | 2 +- conf/nginx.conf | 4 ++-- scripts/install | 8 ++++++-- scripts/restore | 4 ++-- scripts/upgrade | 6 +++++- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/conf/env.prod b/conf/env.prod index b1da7e9..53887a3 100644 --- a/conf/env.prod +++ b/conf/env.prod @@ -153,7 +153,7 @@ LDAP_BIND_PASSWORD='' LDAP_SEARCH_FILTER=(|(uid={0})) LDAP_START_TLS=False LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org -LDAP_USER_ATTR_MAP={"username":"uid"} +LDAP_USER_ATTR_MAP={"username": "uid"} FUNKWHALE_FRONTEND_PATH=__FINALPATH__/front/dist FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/front/dist/index.html diff --git a/conf/nginx.conf b/conf/nginx.conf index 81db54f..3ffa7c1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -113,7 +113,7 @@ location /media/ { alias __DATADIR__/media/; } -location /_protected/media/ { +location /_protected/media { # this is an internal location that is used to serve # audio files once correct permission / authentication # has been checked on API side @@ -130,7 +130,7 @@ location /_protected/media/ { # proxy_pass $1; # } -location /_protected/music/ { +location /_protected/music { # this is an internal location that is used to serve # audio files once correct permission / authentication # has been checked on API side diff --git a/scripts/install b/scripts/install index 55b94ea..68b412b 100644 --- a/scripts/install +++ b/scripts/install @@ -113,7 +113,7 @@ popd chmod -R 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chown -R $app:www-data "$final_path" mkdir -p $datadir pushd $datadir @@ -122,7 +122,7 @@ popd chmod -R 750 "$datadir" chmod -R o-rwx "$datadir" -chown -R $app:$app "$datadir" +chown -R $app:www-data "$datadir" #================================================= # NGINX CONFIGURATION @@ -192,6 +192,10 @@ pushd $final_path echo "yes" | python api/manage.py collectstatic popd +chmod -R 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index c08e3ee..6098cb9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -71,7 +71,7 @@ ynh_restore_file --origin_path="$final_path" chmod -R 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chown -R $app:www-data "$final_path" #================================================= # SPECIFIC RESTORATION @@ -89,7 +89,7 @@ popd chmod -R 750 "$datadir" chmod -R o-rwx "$datadir" -chown -R $app:$app "$datadir" +chown -R $app:www-data "$datadir" #================================================= # REINSTALL DEPENDENCIES diff --git a/scripts/upgrade b/scripts/upgrade index dfe5cf9..1dca0059 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -152,7 +152,7 @@ fi chmod -R 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chown -R $app:www-data "$final_path" #================================================= # NGINX CONFIGURATION @@ -230,6 +230,10 @@ pushd $final_path python api/manage.py fw media generate-thumbnails popd +chmod -R 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # SETUP SYSTEMD #=================================================