From d41c46910ae3ebb0bb41f3834cc7082b947af601 Mon Sep 17 00:00:00 2001
From: gougeon-s <31284753+gougeon-s@users.noreply.github.com>
Date: Sun, 31 May 2020 23:38:48 +0200
Subject: [PATCH] file perms (o-rx) + warn about plaintext passwd

The files, config file included, were world readable.
The admin password is in plain text in the config file. It is used by gotify at the first session. It should be changed after the first login
---
 scripts/install | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/install b/scripts/install
index fa3c8dd..eab084b 100755
--- a/scripts/install
+++ b/scripts/install
@@ -139,7 +139,10 @@ ynh_store_file_checksum "$final_path/config.yml"
 # Set permissions to app files
 chown -R root: $final_path
 mkdir $final_path/data
+chown -R root:$app $final_path/*
+chmod -R 550 $final_path/*
 chown $app $final_path/data
+chmod 770 $final_path/data
 
 #=================================================
 # ADVERTISE SERVICE IN ADMIN PANEL
@@ -163,4 +166,5 @@ ynh_script_progression --message="Reloading nginx web server..." --weight=1
 systemctl reload nginx
 
 systemctl start $app
-ynh_script_progression --message="Installation of $app completed" --last
\ No newline at end of file
+ynh_script_progression --message="Installation of $app completed" --last
+ynh_print_warn "Change the admin password after the first login or delete it in the config file (stored in plain text)"