Merge pull request #11 from YunoHost-Apps/remove-world-readable

Remove rwx rights to other than root, www-data or $app
2024-09-03 19:26:11 +02:00 · 2021-04-08 14:27:24 +02:00 · 2021-04-08 14:27:24 +02:00 · f75915b9f2
commit f75915b9f2
parent 1734629fc2 49671ab690
3 changed files with 14 additions and 2 deletions
--- a/scripts/install
+++ b/scripts/install
@ -190,9 +190,13 @@ ynh_store_file_checksum --file="$final_path/protected/config/common.php"
 # SECURE FILES AND DIRECTORIES
 #=================================================
-# Set permissions to app files
+# Set permissions on app files
 chown -R root: $final_path
 # Remove permission to others than $app and www-data (nginx user)
 chmod o-rwx $final_path
 chown $app:www-data $final_path
 chown -R $app $final_path/assets
 chown -R $app $final_path/protected/config
 chown -R $app $final_path/protected/modules
--- a/scripts/restore
+++ b/scripts/restore
@ -72,9 +72,13 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================
-# Restore permissions on app files
+# Set permissions on app files
 chown -R root: $final_path
 # Remove permission to others than $app and www-data (nginx user)
 chmod o-rwx $final_path
 chown $app:www-data $final_path
 chown -R $app $final_path/assets
 chown -R $app $final_path/protected/config
 chown -R $app $final_path/protected/modules
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -144,6 +144,10 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
 # Set permissions on app files
 chown -R root: $final_path
 # Remove permission to others than $app and www-data (nginx user)
 chmod o-rwx $final_path
 chown $app:www-data $final_path
 chown -R $app $final_path/assets
 chown -R $app $final_path/protected/config
 chown -R $app $final_path/protected/modules