From abf8804461722e2e442e62b2b5ed64f504fe24b4 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 2 Jul 2021 15:19:53 +0200 Subject: [PATCH] Set rights --- scripts/install | 29 ++++++++++++----------------- scripts/remove | 12 ++---------- scripts/restore | 24 ++++++++++++++++++------ scripts/upgrade | 13 ++++--------- 4 files changed, 36 insertions(+), 42 deletions(-) diff --git a/scripts/install b/scripts/install index 9e305d1..db4d1bb 100755 --- a/scripts/install +++ b/scripts/install @@ -53,6 +53,14 @@ ynh_app_setting_set --app=$app --key=etherpad_instance --value=$etherpad_instanc ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=creation_open --value=$creation_open +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD MODIFICATIONS #================================================= @@ -69,6 +77,10 @@ pushd "$final_path" git submodule update --init --recursive --quiet popd +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -77,14 +89,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -118,15 +122,6 @@ fi # Calculate and store the config file checksum into the app settings ynh_store_file_checksum "$final_path/config.php" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path - #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index d460e90..c7594f0 100755 --- a/scripts/remove +++ b/scripts/remove @@ -16,8 +16,8 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE @@ -45,14 +45,6 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - -# Remove the app-specific logrotate config -ynh_remove_logrotate - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 4cf92a5..6fcca80 100755 --- a/scripts/restore +++ b/scripts/restore @@ -45,10 +45,11 @@ test ! -d $final_path \ #================================================= # STANDARD RESTORATION STEPS #================================================= -# RESTORE FILES +# RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 -ynh_restore +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RECREATE THE DEDICATED USER @@ -56,14 +57,25 @@ ynh_restore ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 -# Restore permissions on app files -chown -R root: $final_path +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index fb1abfe..ca08087 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -50,6 +50,10 @@ pushd "$final_path" git submodule update --init --recursive --quiet popd +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -81,15 +85,6 @@ ynh_backup_if_checksum_is_different "$final_path/config.php" # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "$final_path/config.php" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R root: $final_path - #================================================= # SETUP SSOWAT #=================================================