From 5f201a2ae97676dcaaaa9095ee6a966f609fa4c3 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 27 Aug 2021 16:08:49 +0200 Subject: [PATCH] set permissions --- scripts/backup | 3 ++- scripts/install | 31 ++++++++++++++++--------------- scripts/remove | 13 +++++++++++-- scripts/restore | 35 +++++++++++++++++++++-------------- scripts/upgrade | 41 ++++++++++++++++++++++------------------- 5 files changed, 72 insertions(+), 51 deletions(-) diff --git a/scripts/backup b/scripts/backup index 941ad87..fd92d5e 100755 --- a/scripts/backup +++ b/scripts/backup @@ -26,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -42,7 +43,7 @@ ynh_backup --src_path="$final_path" # BACKUP THE APP DATA #================================================= -ynh_backup --src_path="/home/yunohost.app/$app" --is_big +ynh_backup --src_path="$data_path" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/install b/scripts/install index 8144413..518d9ba 100644 --- a/scripts/install +++ b/scripts/install @@ -86,7 +86,7 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -104,17 +104,23 @@ elif [ "$version" = "Team" ]; then ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # CREATE DIRECTORY FOR DATA #================================================= -ynh_script_progression --message="Creating the data directory..." --weight=1 +ynh_script_progression --message="Creating a data directory..." --weight=1 -# Create datadir folder -mkdir -p "/home/yunohost.app/$app" -# Define app's data directory -data_path="/home/yunohost.app/$app" -# Give permission to the datadir -chown -R $app: "$data_path" +data_path=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=data_path --value=$data_path + +mkdir -p $data_path + +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app:www-data "$data_path" #================================================= # HANDLE LOG FILES AND LOGROTATE @@ -141,13 +147,8 @@ smtp_user_pwd=$(ynh_string_random --length=24) url=https://$domain$path_url ynh_add_config --template="../conf/config.json" --destination="$final_path/config/config.json" - -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -chown -R $app: $final_path -chmod -R g+w $final_path +chmod 400 "$final_path/config/config.json" +chown $app:$app "$final_path/config/config.json" #================================================= # NGINX CONFIGURATION diff --git a/scripts/remove b/scripts/remove index 783d0d0..c53ed8e 100755 --- a/scripts/remove +++ b/scripts/remove @@ -20,6 +20,7 @@ port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # STANDARD REMOVE @@ -58,8 +59,16 @@ ynh_script_progression --message="Removing $app main directory..." --weight=6 # Remove the app directory securely ynh_secure_remove --file="$final_path" -# We don't delete this dir as it is marked as is-big -# ynh_secure_remove --file="/home/yunohost.app/$app" +#================================================= +# REMOVE DATA DIR +#================================================= + +# Remove the app data directory with the command `yunohost app remove --purge` +if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +then + ynh_script_progression --message="Removing $app data directory..." --weight=2 + ynh_secure_remove --file="$data_path" +fi #================================================= # REMOVE NGINX CONFIGURATION diff --git a/scripts/restore b/scripts/restore index 6ece5f9..ae1f908 100644 --- a/scripts/restore +++ b/scripts/restore @@ -32,6 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -51,6 +52,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -58,20 +67,22 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= -# RESTORE THE APP DATA +# RESTORE THE DATA DIRECTORY #================================================= +ynh_script_progression --message="Restoring the data directory..." --weight=1 -ynh_restore_file --origin_path="/home/yunohost.app/$app" --not_mandatory -chown -R $app: "/home/yunohost.app/$app" +ynh_restore_file --origin_path="$data_path" --not_mandatory + +mkdir -p $data_path + +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app:www-data "$data_path" #================================================= # RESTORE THE MYSQL DATABASE @@ -86,10 +97,6 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ # RESTORE USER RIGHTS #================================================= -# Restore permissions on app files -chown -R $app: $final_path -chmod -R g+w $final_path - logs_path="/var/log/$app" mkdir -p $logs_path chown -R $app: $logs_path diff --git a/scripts/upgrade b/scripts/upgrade index 486e0e1..a9a9f83 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,6 +34,7 @@ language=$(ynh_app_setting_get --app=$app --key=language) db_name=$(ynh_app_setting_get --app=$app --key=db_name) architecture=$(ynh_detect_arch) version=$(ynh_app_setting_get --app=$app --key=version) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # CHECK VERSION @@ -59,6 +60,12 @@ if [ -z "$language" ]; then ynh_app_setting_set --app=$app --key=language --value=$language fi +# If data_path doesn't exist, create it +if [ -z "$data_path" ]; then + data_path=/home/yunohost.app/$app + ynh_app_setting_set --app=$app --key=data_path --value=$data_path +fi + # If version setting doesn't exist if [ -z "$version" ]; then version="Enterprise" @@ -100,6 +107,14 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$app.log" +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -130,6 +145,10 @@ then ynh_secure_remove --file="$tmpdir" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -138,14 +157,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # SETUP SYSTEMD #================================================= @@ -159,19 +170,11 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Creating the data directory..." --weight=1 -# Define app's data directory -data_path="/home/yunohost.app/$app" -# Create datadir folder mkdir -p $data_path -# Give permission to the datadir -chown -R $app: "$data_path" -#================================================= -# RESTORE FILE PERMISSIONS -#================================================= - -chown -R $app: $final_path -chmod -R g+w $final_path +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app:www-data "$data_path" chown -R $app: "/var/log/$app" #=================================================