refactor permissions

2024-09-03 19:16:03 +02:00 · 2024-02-25 21:12:49 +01:00 · 2024-02-25 21:12:49 +01:00 · 3f6c64498d
commit 3f6c64498d
parent 607c603ae3
4 changed files with 21 additions and 42 deletions
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -48,6 +48,22 @@ function setup_sources {
 	ynh_secure_remove --file="$install_dir/downloads/"
 }
 function _set_permissions() {
 	# Set permissions  to app files
 	chown -R "$app:$app" "$install_dir"
 	chmod -R g+rwX,o-rwx "$install_dir"
 	setfacl -n -R -m "user:$app-guacd:rx" -m "default:user:$app-guacd:rx" "$install_dir"
 	setfacl -n -R -m "user:$app-tomcat:rx" -m "default:user:$app-tomcat:rx" "$install_dir"
 	# chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
 	chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
 	setfacl -n -R -m "user:$app-guacd:-" -m "default:user:$app-guacd:-" \
 		"$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
 	chown -R "$app-guacd:$app-guacd" "/var/log/$app/guacd/"
 	chown -R "$app-tomcat:$app-tomcat" "/var/log/$app/tomcat/"
 }
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -110,6 +110,8 @@ ynh_add_config --template="guacamole.properties" --destination="$install_dir/etc
 ynh_replace_string --match_string="8080" --replace_string="$port" --target_file="$install_dir/etc/tomcat9/server.xml"
 _set_permissions
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@ -119,23 +121,6 @@ ynh_script_progression --message="Configuring systemd services..." --weight=1
 ynh_add_systemd_config --service="$app-guacd" --template="guacd.service"
 ynh_add_systemd_config --service="$app-tomcat" --template="tomcat.service"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
 # Set permissions  to app files
 chown -R nobody $install_dir
 chmod -R o-rwx $install_dir
 setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir
 setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir
 chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/"
 chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/"
 chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
 chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
 setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
 #=================================================
 # SETUP LOGROTATE
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -72,19 +72,6 @@ if [ ! $tomcat_active ]; then
 	systemctl stop tomcat9 --quiet
 fi
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
 # Restore permissions on app files
 chown -R nobody $install_dir
 chmod -R o-rwx $install_dir
 setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir
 setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir
 chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
 chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
 setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
@ -98,8 +85,8 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./
 ynh_script_progression --message="Restoring various files..."
 ynh_restore_file --origin_path="/var/log/$app"
-chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/"
+
-chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/"
+_set_permissions
 #=================================================
 # RESTORE SYSTEMD
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -134,16 +134,7 @@ ynh_add_systemd_config --service="$app-tomcat" --template="tomcat.service"
 # SECURE FILES AND DIRECTORIES
 #=================================================
-# Set permissions on app files
+_set_permissions
 chown -R nobody $install_dir
 chmod -R o-rwx $install_dir
 setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir
 setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir
 chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/"
 chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/"
 chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
 chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
 setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
 #=================================================
 # SETUP LOGROTATE