diff --git a/scripts/install b/scripts/install index 7922ff8..f86e6c3 100644 --- a/scripts/install +++ b/scripts/install @@ -87,6 +87,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -202,18 +206,18 @@ ynh_store_file_checksum --file="$final_path/protected/config/common.php" # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -chown -R root: $final_path +# # Set permissions on app files +# chown -R root: $final_path -# Remove permission to others than $app and www-data (nginx user) -chmod o-rwx $final_path -chown $app:www-data $final_path +# # Remove permission to others than $app and www-data (nginx user) +# chmod o-rwx $final_path +# chown $app:www-data $final_path -chown -R $app $final_path/assets -chown -R $app $final_path/protected/config -chown -R $app $final_path/protected/modules -chown -R $app $final_path/protected/runtime -chown -R $app $final_path/uploads +# chown -R $app $final_path/assets +# chown -R $app $final_path/protected/config +# chown -R $app $final_path/protected/modules +# chown -R $app $final_path/protected/runtime +# chown -R $app $final_path/uploads #================================================= # SETUP CRON CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 8e2f7bf..db4dda1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -95,6 +95,10 @@ then ynh_secure_remove --file="$final_path.old" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -162,18 +166,18 @@ chmod 644 "/etc/cron.d/$app" # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -chown -R root: $final_path +# # Set permissions on app files +# chown -R root: $final_path -# Remove permission to others than $app and www-data (nginx user) -chmod o-rwx $final_path -chown $app:www-data $final_path +# # Remove permission to others than $app and www-data (nginx user) +# chmod o-rwx $final_path +# chown $app:www-data $final_path -chown -R $app $final_path/assets -chown -R $app $final_path/protected/config -chown -R $app $final_path/protected/modules -chown -R $app $final_path/protected/runtime -chown -R $app $final_path/uploads +# chown -R $app $final_path/assets +# chown -R $app $final_path/protected/config +# chown -R $app $final_path/protected/modules +# chown -R $app $final_path/protected/runtime +# chown -R $app $final_path/uploads #================================================= # RELOAD NGINX