1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/humhub_ynh.git synced 2024-09-03 19:26:11 +02:00

Only allow $app and www-data to read $final_path folder

This commit is contained in:
Nils VAN ZUIJLEN 2021-04-08 12:03:17 +02:00
parent 47ac309927
commit 49671ab690
3 changed files with 14 additions and 2 deletions

View file

@ -190,9 +190,13 @@ ynh_store_file_checksum --file="$final_path/protected/config/common.php"
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# Set permissions to app files # Set permissions on app files
chown -R root: $final_path chown -R root: $final_path
# Remove permission to others than $app and www-data (nginx user)
chmod o-rwx $final_path
chown $app:www-data $final_path
chown -R $app $final_path/assets chown -R $app $final_path/assets
chown -R $app $final_path/protected/config chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules chown -R $app $final_path/protected/modules

View file

@ -72,9 +72,13 @@ ynh_system_user_create --username=$app
# RESTORE USER RIGHTS # RESTORE USER RIGHTS
#================================================= #=================================================
# Restore permissions on app files # Set permissions on app files
chown -R root: $final_path chown -R root: $final_path
# Remove permission to others than $app and www-data (nginx user)
chmod o-rwx $final_path
chown $app:www-data $final_path
chown -R $app $final_path/assets chown -R $app $final_path/assets
chown -R $app $final_path/protected/config chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules chown -R $app $final_path/protected/modules

View file

@ -144,6 +144,10 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
# Set permissions on app files # Set permissions on app files
chown -R root: $final_path chown -R root: $final_path
# Remove permission to others than $app and www-data (nginx user)
chmod o-rwx $final_path
chown $app:www-data $final_path
chown -R $app $final_path/assets chown -R $app $final_path/assets
chown -R $app $final_path/protected/config chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules chown -R $app $final_path/protected/modules