From f7bc34fde98614db5745d497a4d5641a331f2c5e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 22:13:32 +0200 Subject: [PATCH 1/6] Fix permissions --- scripts/install | 23 ++++++++--------------- scripts/upgrade | 24 +++++++++--------------- 2 files changed, 17 insertions(+), 30 deletions(-) diff --git a/scripts/install b/scripts/install index 5f8d061..1788968 100644 --- a/scripts/install +++ b/scripts/install @@ -64,8 +64,6 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -chown -R $app:$app $final_path - #================================================= # NGINX CONFIGURATION #================================================= @@ -101,19 +99,14 @@ else ynh_replace_string --match_string="//const WWW_URI = '/asso/';" --replace_string="const WWW_URI = '$path_url/';" --target_file="$final_path/config.local.php" fi -# permissions on files and directories -chmod 400 $final_path/config.dist.php $final_path/index.php $final_path/sous-domaine.html $final_path/VERSION -chmod 644 $final_path/config.local.php -find $final_path/scripts -type d -exec chmod 500 {} + -find $final_path/scripts -type f -exec chmod 400 {} + -find $final_path/templates -type d -exec chmod 500 {} + -find $final_path/templates -type f -exec chmod 400 {} + -find $final_path/include -type d -exec chmod 500 {} + -find $final_path/include -type f -exec chmod 400 {} + -find $final_path/data -type d -exec chmod 700 {} + -find $final_path/data -type f -exec chmod 600 {} + -find /var/www/garradin/www -type d -exec chmod 505 {} + -find /var/www/garradin/www -type f -exec chmod 644 {} + +# Permissions on files and directories +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +find "$final_path" -type d -exec chmod 550 {} + +find "$final_path" -type f -exec chmod 440 {} + +find "$final_path/data" -type d -exec chmod 770 {} + +find "$final_path/data" -type f -exec chmod 660 {} + +chmod 660 "$final_path/config.local.php" #================================================= # SETUP SSOWAT diff --git a/scripts/upgrade b/scripts/upgrade index d251201..8b5a911 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -193,8 +193,6 @@ then ynh_secure_remove $backup_bdd fi -chown -R $app:$app $final_path - #================================================= # ADD A CONFIGURATION #================================================= @@ -209,19 +207,14 @@ else ynh_replace_string --match_string="//const WWW_URI = '/asso/';" --replace_string="const WWW_URI = '$path_url/';" --target_file="$final_path/config.local.php" fi -# Set permissions on app files -chmod 400 $final_path/config.dist.php $final_path/index.php $final_path/sous-domaine.html $final_path/VERSION -chmod 644 $final_path/config.local.php -find $final_path/scripts -type d -exec chmod 500 {} + -find $final_path/scripts -type f -exec chmod 400 {} + -find $final_path/templates -type d -exec chmod 500 {} + -find $final_path/templates -type f -exec chmod 400 {} + -find $final_path/include -type d -exec chmod 500 {} + -find $final_path/include -type f -exec chmod 400 {} + -find $final_path/data -type d -exec chmod 700 {} + -find $final_path/data -type f -exec chmod 600 {} + -find /var/www/garradin/www -type d -exec chmod 505 {} + -find /var/www/garradin/www -type f -exec chmod 644 {} + +# Permissions on files and directories +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +find "$final_path" -type d -exec chmod 550 {} + +find "$final_path" -type f -exec chmod 440 {} + +find "$final_path/data" -type d -exec chmod 770 {} + +find "$final_path/data" -type f -exec chmod 660 {} + +chmod 660 "$final_path/config.local.php" #================================================= # RELOAD NGINX @@ -236,6 +229,7 @@ ynh_systemd_action --service_name=nginx --action=reload ynh_script_progression --message="Finalise upgrade" --weight=1 ynh_local_curl "/admin/index.php" +chmod 440 "$final_path/config.local.php" #================================================= # END OF SCRIPT From 1e3a7a09b4ef10373f268e70ed1e941024f5d246 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 22:20:28 +0200 Subject: [PATCH 2/6] Remove ynh_webpath_available --- scripts/install | 2 -- scripts/restore | 2 -- 2 files changed, 4 deletions(-) diff --git a/scripts/install b/scripts/install index 1788968..335a112 100644 --- a/scripts/install +++ b/scripts/install @@ -34,8 +34,6 @@ ynh_script_progression --message="Validating installation parameters..." --weigh final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url diff --git a/scripts/restore b/scripts/restore index f23b8ad..030a67d 100644 --- a/scripts/restore +++ b/scripts/restore @@ -34,8 +34,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=4 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die "There is already a directory: $final_path " From 2b130e0d3513ba2445486c189398f988641a8467 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 22:46:35 +0200 Subject: [PATCH 3/6] Fix permissions in restore too --- scripts/install | 2 -- scripts/restore | 8 +++++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 335a112..b7447b9 100644 --- a/scripts/install +++ b/scripts/install @@ -77,8 +77,6 @@ ynh_script_progression --message="Configuring PHP-FPM..." --weight=5 # Create a dedicated PHP-FPM config ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" -#phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - #================================================= # ADD A CONFIGURATION diff --git a/scripts/restore b/scripts/restore index 030a67d..4ba8ebe 100644 --- a/scripts/restore +++ b/scripts/restore @@ -65,7 +65,13 @@ ynh_system_user_create --username=$app #================================================= # Restore permissions on app files -chown -R $app:$app $final_path +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" +find "$final_path" -type d -exec chmod 550 {} + +find "$final_path" -type f -exec chmod 440 {} + +find "$final_path/data" -type d -exec chmod 770 {} + +find "$final_path/data" -type f -exec chmod 660 {} + +chmod 660 "$final_path/config.local.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION From 5021b9992a11151e038c88c743c74fa1ae68caa1 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 22:55:29 +0200 Subject: [PATCH 4/6] Appease package linter, remove superfluous example --- manifest.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 3e46591..bb35489 100644 --- a/manifest.json +++ b/manifest.json @@ -25,8 +25,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "domain.org" + "type": "domain" }, { "name": "path", From 285974232bdc07b945fb4dd536ef8736fbde92ca Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 23:19:34 +0200 Subject: [PATCH 5/6] Fix change_url --- scripts/change_url | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index 532750e..54fb322 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -88,8 +88,8 @@ if [ $change_path -eq 1 ] && [ "$new_path" == "/" ]; then ynh_replace_string --match_string="const WWW_URI = '$old_path/';" --replace_string="const WWW_URI = '$new_path';" --target_file="$final_path/config.local.php" elif [ $change_path -eq 1 ] && [ "$old_path" == "/" ]; then ynh_replace_string --match_string="const WWW_URI = '$old_path';" --replace_string="const WWW_URI = '$new_path/';" --target_file="$final_path/config.local.php" -else [ $change_path -eq 1 ] - ynh_replace_string --match_string="const WWW_URI = '$old_path/';" --replace_string="const WWW_URI = '$new_path/';" --target_file="$final_path/config.local.php" +elif [ $change_path -eq 1 ] + ynh_replace_string --match_string="const WWW_URI = '$old_path/';" --replace_string="const WWW_URI = '$new_path/';" --target_file="$final_path/config.local.php" fi # Change the domain for NGINX From 30f93edf17ede59cd596eb1355a2aa71b755b96e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 23:26:27 +0200 Subject: [PATCH 6/6] =?UTF-8?q?Fix=20change=5Furl=C2=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/change_url | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index 54fb322..594268b 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -88,7 +88,7 @@ if [ $change_path -eq 1 ] && [ "$new_path" == "/" ]; then ynh_replace_string --match_string="const WWW_URI = '$old_path/';" --replace_string="const WWW_URI = '$new_path';" --target_file="$final_path/config.local.php" elif [ $change_path -eq 1 ] && [ "$old_path" == "/" ]; then ynh_replace_string --match_string="const WWW_URI = '$old_path';" --replace_string="const WWW_URI = '$new_path/';" --target_file="$final_path/config.local.php" -elif [ $change_path -eq 1 ] +elif [ $change_path -eq 1 ]; then ynh_replace_string --match_string="const WWW_URI = '$old_path/';" --replace_string="const WWW_URI = '$new_path/';" --target_file="$final_path/config.local.php" fi