diff --git a/scripts/_common.sh b/scripts/_common.sh index b1cae13..11a92d5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -48,6 +48,22 @@ function setup_sources { ynh_secure_remove --file="$install_dir/downloads/" } +function _set_permissions() { + # Set permissions to app files + chown -R "$app:$app" "$install_dir" + chmod -R g+rwX,o-rwx "$install_dir" + setfacl -n -R -m "user:$app-guacd:rx" -m "default:user:$app-guacd:rx" "$install_dir" + setfacl -n -R -m "user:$app-tomcat:rx" -m "default:user:$app-tomcat:rx" "$install_dir" + + # chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/" + chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps" + setfacl -n -R -m "user:$app-guacd:-" -m "default:user:$app-guacd:-" \ + "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/" + + chown -R "$app-guacd:$app-guacd" "/var/log/$app/guacd/" + chown -R "$app-tomcat:$app-tomcat" "/var/log/$app/tomcat/" +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index 3973125..914c28d 100755 --- a/scripts/install +++ b/scripts/install @@ -110,6 +110,8 @@ ynh_add_config --template="guacamole.properties" --destination="$install_dir/etc ynh_replace_string --match_string="8080" --replace_string="$port" --target_file="$install_dir/etc/tomcat9/server.xml" +_set_permissions + #================================================= # SETUP SYSTEMD #================================================= @@ -119,23 +121,6 @@ ynh_script_progression --message="Configuring systemd services..." --weight=1 ynh_add_systemd_config --service="$app-guacd" --template="guacd.service" ynh_add_systemd_config --service="$app-tomcat" --template="tomcat.service" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R nobody $install_dir -chmod -R o-rwx $install_dir -setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir -setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir -chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/" -chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/" -chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/" -chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps" -setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/" - #================================================= # SETUP LOGROTATE #================================================= diff --git a/scripts/restore b/scripts/restore index 121e62c..f0af585 100755 --- a/scripts/restore +++ b/scripts/restore @@ -72,19 +72,6 @@ if [ ! $tomcat_active ]; then systemctl stop tomcat9 --quiet fi -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R nobody $install_dir -chmod -R o-rwx $install_dir -setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir -setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir -chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/" -chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps" -setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/" - #================================================= # RESTORE THE MYSQL DATABASE #================================================= @@ -98,8 +85,8 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ ynh_script_progression --message="Restoring various files..." ynh_restore_file --origin_path="/var/log/$app" -chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/" -chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/" + +_set_permissions #================================================= # RESTORE SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index b2715ac..ab921cd 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -134,16 +134,7 @@ ynh_add_systemd_config --service="$app-tomcat" --template="tomcat.service" # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -chown -R nobody $install_dir -chmod -R o-rwx $install_dir -setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir -setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir -chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/" -chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/" -chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/" -chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps" -setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/" +_set_permissions #================================================= # SETUP LOGROTATE