mirror of
https://github.com/YunoHost-Apps/grav_ynh.git
synced 2024-09-03 19:16:01 +02:00
Sanitize permissions assignment and commands execution
This commit is contained in:
tituspijean
parent
1c1c954256
commit
19c753acf2
3 changed files with 28 additions and 30 deletions
|
|
@ -95,24 +95,24 @@ ynh_add_fpm_config --usage=medium --footprint=medium --package="$extra_php_depen
|
|||
#=================================================
|
||||
|
||||
# Set permissions on app files
|
||||
chown -R $app:www-data $final_path
|
||||
find $final_path -type f -exec chmod 660 {} \;
|
||||
find $final_path/bin -type f -exec chmod 770 {} \;
|
||||
find $final_path -type d -exec chmod 770 {} \;
|
||||
find $final_path -type d -exec chmod +s {} \;
|
||||
chown -R $app:$app "$final_path"
|
||||
find "$final_path" -type f -exec chmod 640 {} \;
|
||||
find "$final_path/bin" -type f -exec chmod 750 {} \;
|
||||
find "$final_path" -type d -exec chmod 750 {} \;
|
||||
find "$final_path" -type d -exec chmod +s {} \;
|
||||
|
||||
#=================================================
|
||||
# INSTALL LDAP PLUGIN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=1
|
||||
|
||||
pushd "$final_path"
|
||||
exec_as $app php${YNH_PHP_VERSION} bin/gpm install login-ldap --all-yes --no-interaction
|
||||
exec_as $app mkdir -p user/config/plugins/login-ldap
|
||||
exec_as $app touch user/accounts/admin.yaml
|
||||
popd
|
||||
exec_as $app php${YNH_PHP_VERSION} "$final_path/bin/gpm" install login-ldap --all-yes --no-interaction
|
||||
exec_as $app mkdir -p "$final_path/user/config/plugins/login-ldap"
|
||||
exec_as $app touch "$final_path/user/accounts/admin.yaml"
|
||||
|
||||
ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
|
||||
chown $app:$app "$final_path/user/config/plugins/login-ldap.yaml"
|
||||
chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"
|
||||
|
||||
#=================================================
|
||||
# CREATE A CRON TASK
|
||||
|
|
|
|||
|
|
@ -73,11 +73,11 @@ ynh_system_user_create --username=$app --home_dir=$final_path
|
|||
#=================================================
|
||||
|
||||
# Restore permissions on app files
|
||||
chown -R $app:www-data $final_path
|
||||
find $final_path -type f -exec chmod 660 {} \;
|
||||
find $final_path/bin -type f -exec chmod 770 {} \;
|
||||
find $final_path -type d -exec chmod 770 {} \;
|
||||
find $final_path -type d -exec chmod +s {} \;
|
||||
chown -R $app:$app "$final_path"
|
||||
find "$final_path" -type f -exec chmod 640 {} \;
|
||||
find "$final_path/bin" -type f -exec chmod 750 {} \;
|
||||
find "$final_path" -type d -exec chmod 750 {} \;
|
||||
find "$final_path" -type d -exec chmod +s {} \;
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE CRON
|
||||
|
|
|
|||
|
|
@ -144,40 +144,38 @@ if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
|
|||
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# SECURE FILES AND DIRECTORIES
|
||||
#=================================================
|
||||
|
||||
# Set permissions on app files
|
||||
chown -R $app:www-data $final_path
|
||||
find $final_path -type f -exec chmod 660 {} \;
|
||||
find $final_path/bin -type f -exec chmod 770 {} \;
|
||||
find $final_path -type d -exec chmod 770 {} \;
|
||||
find $final_path -type d -exec chmod +s {} \;
|
||||
chown -R $app:$app "$final_path"
|
||||
find "$final_path" -type f -exec chmod 640 {} \;
|
||||
find "$final_path/bin" -type f -exec chmod 750 {} \;
|
||||
find "$final_path" -type d -exec chmod 750 {} \;
|
||||
find "$final_path" -type d -exec chmod +s {} \;
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# UPGRADE PLUGINS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating all plugins..." --weight=1
|
||||
|
||||
pushd "$final_path"
|
||||
exec_as $app yes N | exec_as $app php${YNH_PHP_VERSION} bin/gpm update --all-yes --no-interaction
|
||||
popd
|
||||
yes N | ynh_exec_warn_less exec_as $app php${YNH_PHP_VERSION} $final_path/bin/gpm update --all-yes --no-interaction
|
||||
|
||||
#=================================================
|
||||
# INSTALL LDAP PLUGIN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=3
|
||||
|
||||
pushd "$final_path"
|
||||
exec_as $app php${YNH_PHP_VERSION} bin/gpm install login-ldap --all-yes --no-interaction
|
||||
exec_as $app mkdir -p user/config/plugins/login-ldap
|
||||
exec_as $app touch user/accounts/admin.yaml
|
||||
popd
|
||||
exec_as $app php${YNH_PHP_VERSION} "$final_path/bin/gpm" install login-ldap --all-yes --no-interaction
|
||||
exec_as $app mkdir -p "$final_path/user/config/plugins/login-ldap"
|
||||
exec_as $app touch "$final_path/user/accounts/admin.yaml"
|
||||
|
||||
ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
|
||||
chown $app:$app "$final_path/user/config/plugins/login-ldap.yaml"
|
||||
chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"
|
||||
|
||||
#=================================================
|
||||
# CREATE A CRON TASK
|
||||
|
|
|
|||
Loading…
Reference in a new issue