mirror of
https://github.com/YunoHost-Apps/jitsi_ynh.git
synced 2024-09-03 19:35:57 +02:00
more security
This commit is contained in:
parent
fe5f1461b4
commit
da6e8b429c
4 changed files with 21 additions and 2 deletions
|
@ -115,6 +115,8 @@ ynh_script_progression --message="Configuring system user..."
|
||||||
|
|
||||||
# Create a system user
|
# Create a system user
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||||
|
gpasswd --add prosody $app
|
||||||
|
gpasswd --add www-data $app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
|
@ -141,7 +143,9 @@ do
|
||||||
ynh_secure_remove --file="$final_path/${package}_temp"
|
ynh_secure_remove --file="$final_path/${package}_temp"
|
||||||
done
|
done
|
||||||
|
|
||||||
chown -R $app: "$final_path"
|
chmod 750 "$final_path"
|
||||||
|
chmod -R o-rwx "$final_path"
|
||||||
|
chown -R $app:$app "$final_path"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# NGINX CONFIGURATION
|
# NGINX CONFIGURATION
|
||||||
|
|
|
@ -113,6 +113,7 @@ ynh_remove_app_dependencies
|
||||||
|
|
||||||
# Remove Prosody
|
# Remove Prosody
|
||||||
ynh_app_setting_delete --app=$app --key=require_prosody
|
ynh_app_setting_delete --app=$app --key=require_prosody
|
||||||
|
gpasswd --delete prosody $app
|
||||||
|
|
||||||
# List apps requiring Prosody
|
# List apps requiring Prosody
|
||||||
installed_apps=$(yunohost app list | grep -oP 'id: \K.*$')
|
installed_apps=$(yunohost app list | grep -oP 'id: \K.*$')
|
||||||
|
@ -172,6 +173,7 @@ ynh_secure_remove --file="/var/log/$app"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Removing the dedicated system user..."
|
ynh_script_progression --message="Removing the dedicated system user..."
|
||||||
|
|
||||||
|
gpasswd --delete www-data $app
|
||||||
# Delete a system user
|
# Delete a system user
|
||||||
ynh_system_user_delete --username=$app
|
ynh_system_user_delete --username=$app
|
||||||
|
|
||||||
|
|
|
@ -66,6 +66,8 @@ ynh_script_progression --message="Recreating the dedicated system user..."
|
||||||
|
|
||||||
# Create the dedicated user (if not existing)
|
# Create the dedicated user (if not existing)
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||||
|
gpasswd --add prosody $app
|
||||||
|
gpasswd --add www-data $app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE APP MAIN DIR
|
# RESTORE THE APP MAIN DIR
|
||||||
|
@ -74,7 +76,9 @@ ynh_script_progression --message="Restoring the app main directory..."
|
||||||
|
|
||||||
ynh_restore_file --origin_path="$final_path"
|
ynh_restore_file --origin_path="$final_path"
|
||||||
|
|
||||||
chown -R root: $final_path
|
chmod 750 "$final_path"
|
||||||
|
chmod -R o-rwx "$final_path"
|
||||||
|
chown -R $app:$app "$final_path"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC RESTORATION
|
# SPECIFIC RESTORATION
|
||||||
|
@ -112,6 +116,7 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_videobridge
|
||||||
ynh_script_progression --message="Configuring prosody..."
|
ynh_script_progression --message="Configuring prosody..."
|
||||||
|
|
||||||
ynh_restore_file --origin_path="/etc/prosody/conf.avail/$domain.cfg.lua"
|
ynh_restore_file --origin_path="/etc/prosody/conf.avail/$domain.cfg.lua"
|
||||||
|
chmod 644 "/etc/prosody/conf.avail/$domain.cfg.lua"
|
||||||
ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua"
|
ln -s "/etc/prosody/conf.avail/$domain.cfg.lua" "/etc/prosody/conf.d/$domain.cfg.lua"
|
||||||
|
|
||||||
ln -sf /var/lib/prosody/$domain.key /etc/prosody/certs/$domain.key
|
ln -sf /var/lib/prosody/$domain.key /etc/prosody/certs/$domain.key
|
||||||
|
@ -138,6 +143,8 @@ ynh_script_progression --message="Restoring the app config..."
|
||||||
|
|
||||||
ynh_restore_file --origin_path="/etc/$app"
|
ynh_restore_file --origin_path="/etc/$app"
|
||||||
|
|
||||||
|
chmod 644 "/etc/$app/meet/$domain-config.js"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE LOG DIR
|
# CREATE LOG DIR
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -85,6 +85,8 @@ ynh_script_progression --message="Making sure dedicated system user exists..."
|
||||||
|
|
||||||
# Create a dedicated user (if not existing)
|
# Create a dedicated user (if not existing)
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||||
|
gpasswd --add prosody $app
|
||||||
|
gpasswd --add www-data $app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
|
@ -115,6 +117,10 @@ then
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
chmod 750 "$final_path"
|
||||||
|
chmod -R o-rwx "$final_path"
|
||||||
|
chown -R $app:$app "$final_path"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# NGINX CONFIGURATION
|
# NGINX CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
Loading…
Add table
Reference in a new issue