From 6d2d0204e00184a14d528fd06f9b705bfaa217b8 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Wed, 8 Aug 2018 23:28:10 +0200 Subject: [PATCH] Improve file permissions --- README.md | 3 +-- manifest.json | 2 +- scripts/install | 6 +++++- scripts/upgrade | 11 +++++++++-- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d44239c..0cf1343 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,6 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y * to be added: * [ ] Email support - * [ ] Restrict more file access ($app is owner of everything, we should limit it more) * [ ] Add user who will access the app (by default every one has access to the installed app) * [ ] Email admin about installation with ynh_send_readme_to_admin helper @@ -24,4 +23,4 @@ Kresus is an open-source libre self-hosted personal finance manager. It allows y * Report a bug about this package: https://github.com/YunoHost-Apps/kresus_ynh * Report a bug about Kresus itself: https://framagit.org/kresusapp/kresus * Kresus website: https://kresus.org - * YunoHost website: https://yunohost.org/ + * YunoHost website: https://yunohost.org diff --git a/manifest.json b/manifest.json index 8944e6c..c380122 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "requirements": { "yunohost": ">= 2.7.14" }, - "version": "0.13.2~ynh2", + "version": "0.13.2~ynh3", "multi_instance": true, "services": [ "nginx" diff --git a/scripts/install b/scripts/install index 204de79..476baa1 100644 --- a/scripts/install +++ b/scripts/install @@ -152,7 +152,11 @@ ynh_add_systemd_config #================================================= # Set permissions to app files -chown -R $app: $final_path +chown -R "$app":"$app" "$final_path/data/" +chmod -R 750 "$final_path/data/" + +# Set permissions to config file +chown "$app" "$final_path/config.ini" chmod 600 "$final_path/config.ini" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index bc1f861..539918a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -162,8 +162,15 @@ ynh_add_systemd_config # SECURE FILES AND DIRECTORIES #================================================= -# Set right permissions for curl installation -chown -R $app: $final_path +# Reset permissions +chown -R root:root "$final_path" + +# Set permissions to app files +chown -R "$app":"$app" "$final_path/data/" +chmod -R 750 "$final_path/data/" + +# Set permissions to config file +chown "$app" "$final_path/config.ini" chmod 600 "$final_path/config.ini" #=================================================