mirror of
https://github.com/YunoHost-Apps/grav_ynh.git
synced 2024-09-03 19:16:01 +02:00
Sanitize permissions assignment and commands execution
This commit is contained in:
tituspijean
parent
1c1c954256
commit
19c753acf2
3 changed files with 28 additions and 30 deletions
|
|
@ -95,24 +95,24 @@ ynh_add_fpm_config --usage=medium --footprint=medium --package="$extra_php_depen
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Set permissions on app files
|
# Set permissions on app files
|
||||||
chown -R $app:www-data $final_path
|
chown -R $app:$app "$final_path"
|
||||||
find $final_path -type f -exec chmod 660 {} \;
|
find "$final_path" -type f -exec chmod 640 {} \;
|
||||||
find $final_path/bin -type f -exec chmod 770 {} \;
|
find "$final_path/bin" -type f -exec chmod 750 {} \;
|
||||||
find $final_path -type d -exec chmod 770 {} \;
|
find "$final_path" -type d -exec chmod 750 {} \;
|
||||||
find $final_path -type d -exec chmod +s {} \;
|
find "$final_path" -type d -exec chmod +s {} \;
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# INSTALL LDAP PLUGIN
|
# INSTALL LDAP PLUGIN
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=1
|
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=1
|
||||||
|
|
||||||
pushd "$final_path"
|
exec_as $app php${YNH_PHP_VERSION} "$final_path/bin/gpm" install login-ldap --all-yes --no-interaction
|
||||||
exec_as $app php${YNH_PHP_VERSION} bin/gpm install login-ldap --all-yes --no-interaction
|
exec_as $app mkdir -p "$final_path/user/config/plugins/login-ldap"
|
||||||
exec_as $app mkdir -p user/config/plugins/login-ldap
|
exec_as $app touch "$final_path/user/accounts/admin.yaml"
|
||||||
exec_as $app touch user/accounts/admin.yaml
|
|
||||||
popd
|
|
||||||
|
|
||||||
ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
|
ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
|
||||||
|
chown $app:$app "$final_path/user/config/plugins/login-ldap.yaml"
|
||||||
|
chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE A CRON TASK
|
# CREATE A CRON TASK
|
||||||
|
|
|
||||||
|
|
@ -73,11 +73,11 @@ ynh_system_user_create --username=$app --home_dir=$final_path
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Restore permissions on app files
|
# Restore permissions on app files
|
||||||
chown -R $app:www-data $final_path
|
chown -R $app:$app "$final_path"
|
||||||
find $final_path -type f -exec chmod 660 {} \;
|
find "$final_path" -type f -exec chmod 640 {} \;
|
||||||
find $final_path/bin -type f -exec chmod 770 {} \;
|
find "$final_path/bin" -type f -exec chmod 750 {} \;
|
||||||
find $final_path -type d -exec chmod 770 {} \;
|
find "$final_path" -type d -exec chmod 750 {} \;
|
||||||
find $final_path -type d -exec chmod +s {} \;
|
find "$final_path" -type d -exec chmod +s {} \;
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE CRON
|
# RESTORE THE CRON
|
||||||
|
|
|
||||||
|
|
@ -144,40 +144,38 @@ if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then
|
||||||
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
|
ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC UPGRADE
|
||||||
#=================================================
|
#=================================================
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Set permissions on app files
|
# Set permissions on app files
|
||||||
chown -R $app:www-data $final_path
|
chown -R $app:$app "$final_path"
|
||||||
find $final_path -type f -exec chmod 660 {} \;
|
find "$final_path" -type f -exec chmod 640 {} \;
|
||||||
find $final_path/bin -type f -exec chmod 770 {} \;
|
find "$final_path/bin" -type f -exec chmod 750 {} \;
|
||||||
find $final_path -type d -exec chmod 770 {} \;
|
find "$final_path" -type d -exec chmod 750 {} \;
|
||||||
find $final_path -type d -exec chmod +s {} \;
|
find "$final_path" -type d -exec chmod +s {} \;
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC UPGRADE
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPGRADE PLUGINS
|
# UPGRADE PLUGINS
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating all plugins..." --weight=1
|
ynh_script_progression --message="Updating all plugins..." --weight=1
|
||||||
|
|
||||||
pushd "$final_path"
|
yes N | ynh_exec_warn_less exec_as $app php${YNH_PHP_VERSION} $final_path/bin/gpm update --all-yes --no-interaction
|
||||||
exec_as $app yes N | exec_as $app php${YNH_PHP_VERSION} bin/gpm update --all-yes --no-interaction
|
|
||||||
popd
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# INSTALL LDAP PLUGIN
|
# INSTALL LDAP PLUGIN
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=3
|
ynh_script_progression --message="Installing and configuring LDAP plugin..." --weight=3
|
||||||
|
|
||||||
pushd "$final_path"
|
exec_as $app php${YNH_PHP_VERSION} "$final_path/bin/gpm" install login-ldap --all-yes --no-interaction
|
||||||
exec_as $app php${YNH_PHP_VERSION} bin/gpm install login-ldap --all-yes --no-interaction
|
exec_as $app mkdir -p "$final_path/user/config/plugins/login-ldap"
|
||||||
exec_as $app mkdir -p user/config/plugins/login-ldap
|
exec_as $app touch "$final_path/user/accounts/admin.yaml"
|
||||||
exec_as $app touch user/accounts/admin.yaml
|
|
||||||
popd
|
|
||||||
|
|
||||||
ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
|
ynh_add_config --template="../conf/login-ldap.yaml" --destination="$final_path/user/config/plugins/login-ldap.yaml"
|
||||||
|
chown $app:$app "$final_path/user/config/plugins/login-ldap.yaml"
|
||||||
|
chmod 640 "$final_path/user/config/plugins/login-ldap.yaml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE A CRON TASK
|
# CREATE A CRON TASK
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue