mirror of
https://github.com/YunoHost-Apps/humhub_ynh.git
synced 2024-09-03 19:26:11 +02:00
Only allow $app and www-data to read $final_path folder
This commit is contained in:
parent
47ac309927
commit
49671ab690
3 changed files with 14 additions and 2 deletions
|
@ -190,9 +190,13 @@ ynh_store_file_checksum --file="$final_path/protected/config/common.php"
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Set permissions to app files
|
# Set permissions on app files
|
||||||
chown -R root: $final_path
|
chown -R root: $final_path
|
||||||
|
|
||||||
|
# Remove permission to others than $app and www-data (nginx user)
|
||||||
|
chmod o-rwx $final_path
|
||||||
|
chown $app:www-data $final_path
|
||||||
|
|
||||||
chown -R $app $final_path/assets
|
chown -R $app $final_path/assets
|
||||||
chown -R $app $final_path/protected/config
|
chown -R $app $final_path/protected/config
|
||||||
chown -R $app $final_path/protected/modules
|
chown -R $app $final_path/protected/modules
|
||||||
|
|
|
@ -72,9 +72,13 @@ ynh_system_user_create --username=$app
|
||||||
# RESTORE USER RIGHTS
|
# RESTORE USER RIGHTS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Restore permissions on app files
|
# Set permissions on app files
|
||||||
chown -R root: $final_path
|
chown -R root: $final_path
|
||||||
|
|
||||||
|
# Remove permission to others than $app and www-data (nginx user)
|
||||||
|
chmod o-rwx $final_path
|
||||||
|
chown $app:www-data $final_path
|
||||||
|
|
||||||
chown -R $app $final_path/assets
|
chown -R $app $final_path/assets
|
||||||
chown -R $app $final_path/protected/config
|
chown -R $app $final_path/protected/config
|
||||||
chown -R $app $final_path/protected/modules
|
chown -R $app $final_path/protected/modules
|
||||||
|
|
|
@ -144,6 +144,10 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
|
||||||
# Set permissions on app files
|
# Set permissions on app files
|
||||||
chown -R root: $final_path
|
chown -R root: $final_path
|
||||||
|
|
||||||
|
# Remove permission to others than $app and www-data (nginx user)
|
||||||
|
chmod o-rwx $final_path
|
||||||
|
chown $app:www-data $final_path
|
||||||
|
|
||||||
chown -R $app $final_path/assets
|
chown -R $app $final_path/assets
|
||||||
chown -R $app $final_path/protected/config
|
chown -R $app $final_path/protected/config
|
||||||
chown -R $app $final_path/protected/modules
|
chown -R $app $final_path/protected/modules
|
||||||
|
|
Loading…
Reference in a new issue