refactor permissions

2024-09-03 19:16:03 +02:00 · 2024-02-25 21:12:49 +01:00 · 2024-02-25 21:12:49 +01:00 · 3f6c64498d
commit 3f6c64498d
parent 607c603ae3
4 changed files with 21 additions and 42 deletions
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -48,6 +48,22 @@ function setup_sources {
 	ynh_secure_remove --file="$install_dir/downloads/"
 }

+function _set_permissions() {
+	# Set permissions  to app files
+	chown -R "$app:$app" "$install_dir"
+	chmod -R g+rwX,o-rwx "$install_dir"
+	setfacl -n -R -m "user:$app-guacd:rx" -m "default:user:$app-guacd:rx" "$install_dir"
+	setfacl -n -R -m "user:$app-tomcat:rx" -m "default:user:$app-tomcat:rx" "$install_dir"
+
+	# chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
+	chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
+	setfacl -n -R -m "user:$app-guacd:-" -m "default:user:$app-guacd:-" \
+		"$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
+
+	chown -R "$app-guacd:$app-guacd" "/var/log/$app/guacd/"
+	chown -R "$app-tomcat:$app-tomcat" "/var/log/$app/tomcat/"
+}
+
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -110,6 +110,8 @@ ynh_add_config --template="guacamole.properties" --destination="$install_dir/etc

 ynh_replace_string --match_string="8080" --replace_string="$port" --target_file="$install_dir/etc/tomcat9/server.xml"

+_set_permissions
+
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@ -119,23 +121,6 @@ ynh_script_progression --message="Configuring systemd services..." --weight=1
 ynh_add_systemd_config --service="$app-guacd" --template="guacd.service"
 ynh_add_systemd_config --service="$app-tomcat" --template="tomcat.service"

-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions  to app files
-chown -R nobody $install_dir
-chmod -R o-rwx $install_dir
-setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir
-setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir
-chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/"
-chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/"
-chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
-chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
-setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
-
 #=================================================
 # SETUP LOGROTATE
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -72,19 +72,6 @@ if [ ! $tomcat_active ]; then
 	systemctl stop tomcat9 --quiet
 fi

-#=================================================
-# RESTORE USER RIGHTS
-#=================================================
-
-# Restore permissions on app files
-chown -R nobody $install_dir
-chmod -R o-rwx $install_dir
-setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir
-setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir
-chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
-chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
-setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
-
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
@ -98,8 +85,8 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./
 ynh_script_progression --message="Restoring various files..."

 ynh_restore_file --origin_path="/var/log/$app"
-chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/"
-chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/"
+
+_set_permissions

 #=================================================
 # RESTORE SYSTEMD
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -134,16 +134,7 @@ ynh_add_systemd_config --service="$app-tomcat" --template="tomcat.service"
 # SECURE FILES AND DIRECTORIES
 #=================================================

-# Set permissions on app files
-chown -R nobody $install_dir
-chmod -R o-rwx $install_dir
-setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $install_dir
-setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $install_dir
-chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/"
-chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/"
-chown -R nobody:$app-tomcat "$install_dir/etc/tomcat9/" "$install_dir/etc/guacamole/"
-chown -R "$app-tomcat":"$app-tomcat" "$install_dir/var/lib/tomcat9/webapps"
-setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$install_dir/var/lib/tomcat9/" "$install_dir/etc/guacamole/" "$install_dir/etc/tomcat9/"
+_set_permissions

 #=================================================
 # SETUP LOGROTATE