diff --git a/manifest.json b/manifest.json index 0ea39d2..9e49422 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.", "fr": "Service de bureau à distance sans client. Fonctionne avec des protocoles standard comme VNC, RDP, et SSH." }, - "version": "1.3.0~ynh1", + "version": "1.3.0~ynh2", "url": "https://example.com", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index fe8c2ef..5361b6c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="build-essential libcairo2 libjpeg62-turbo-dev libpng-dev libtool-bin libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev tomcat9" +pkg_dependencies="acl build-essential libcairo2 libjpeg62-turbo-dev libpng-dev libtool-bin libossp-uuid-dev libavcodec-dev libavformat-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libwebsockets-dev libpulse-dev libssl-dev libvorbis-dev libwebp-dev tomcat9" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 0df4784..e0809ec 100755 --- a/scripts/install +++ b/scripts/install @@ -291,11 +291,15 @@ ynh_replace_string --match_string="8080" --replace_string="$port" --target_file= ### that really need such authorization. # Set permissions to app files -chown -R root: $final_path -chown -R "$app-tomcat":"$app-guacd" "/var/log/$app/guacd/" "/var/log/$app/tomcat/" -chown -R root:"$app-tomcat" "$final_path/etc/tomcat9/" "$final_path/etc/guacamole/" -chmod -R 650 "$final_path/etc/guacamole/" +chown -R root:root $final_path +chmod -R o-rwx $final_path +setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $final_path +setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $final_path +chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/" +chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/" +chown -R root:$app-tomcat "$final_path/etc/tomcat9/" "$final_path/etc/guacamole/" chown -R "$app-tomcat":"$app-tomcat" "$final_path/var/lib/tomcat9/webapps" +setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$final_path/var/lib/tomcat9/" "$final_path/etc/guacamole/" "$final_path/etc/tomcat9/" #================================================= # SETUP LOGROTATE diff --git a/scripts/restore b/scripts/restore index 7e858f4..1caf853 100755 --- a/scripts/restore +++ b/scripts/restore @@ -74,28 +74,6 @@ ynh_system_user_create --username="$app-tomcat" ynh_restore_file --origin_path="/var/log/$app" -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R root: $final_path -chown -R "$app-tomcat":"$app-guacd" "/var/log/$app/guacd/" "/var/log/$app/tomcat/" -chown -R root:"$app-tomcat" "$final_path/etc/tomcat9/" "$final_path/etc/guacamole/" -chmod -R 650 "$final_path/etc/guacamole/" -chown -R "$app-tomcat":"$app-tomcat" "$final_path/var/lib/tomcat9/webapps" - -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 - -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban - -#================================================= -# SPECIFIC RESTORATION #================================================= # REINSTALL DEPENDENCIES #================================================= @@ -122,6 +100,32 @@ if [ ! $tomcat_active ]; then systemctl stop tomcat9 --quiet fi +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R root:root $final_path +chmod -R o-rwx $final_path +setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $final_path +setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $final_path +chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/" +chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/" +chown -R root:$app-tomcat "$final_path/etc/tomcat9/" "$final_path/etc/guacamole/" +chown -R "$app-tomcat":"$app-tomcat" "$final_path/var/lib/tomcat9/webapps" +setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$final_path/var/lib/tomcat9/" "$final_path/etc/guacamole/" "$final_path/etc/tomcat9/" + +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + +#================================================= +# SPECIFIC RESTORATION #================================================= # RESTORE THE MYSQL DATABASE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4365f54..cea93e1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -218,11 +218,15 @@ ynh_replace_string --match_string="8080" --replace_string="$port" --target_file= #================================================= # Set permissions on app files -chown -R root: $final_path -chown -R "$app-tomcat":"$app-guacd" "/var/log/$app/guacd/" "/var/log/$app/tomcat/" -chown -R root:"$app-tomcat" "$final_path/etc/tomcat9/" "$final_path/etc/guacamole/" -chmod -R 650 "$final_path/etc/guacamole/" +chown -R root:root $final_path +chmod -R o-rwx $final_path +setfacl -n -R -m user:$app-guacd:rx -m default:user:$app-guacd:rx $final_path +setfacl -n -R -m user:$app-tomcat:rx -m default:user:$app-tomcat:rx $final_path +chown -R $app-guacd:$app-guacd "/var/log/$app/guacd/" +chown -R $app-tomcat:$app-tomcat "/var/log/$app/tomcat/" +chown -R root:$app-tomcat "$final_path/etc/tomcat9/" "$final_path/etc/guacamole/" chown -R "$app-tomcat":"$app-tomcat" "$final_path/var/lib/tomcat9/webapps" +setfacl -n -R -m user:$app-guacd:- -m default:user:$app-guacd:- "$final_path/var/lib/tomcat9/" "$final_path/etc/guacamole/" "$final_path/etc/tomcat9/" #================================================= # SETUP LOGROTATE