From 66cc5be9f8a41090ad38d71032ec7ec6ec366330 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 17 Jun 2020 15:54:40 +0200 Subject: [PATCH] Fuck that shit why have a user with different name than the app -_- --- conf/ssh_regenconf_hook | 2 +- scripts/actions/sftp | 2 -- scripts/config | 3 +-- scripts/install | 23 +++++------------------ scripts/remove | 3 +-- scripts/restore | 9 +++------ scripts/upgrade | 21 +++++---------------- 7 files changed, 16 insertions(+), 47 deletions(-) diff --git a/conf/ssh_regenconf_hook b/conf/ssh_regenconf_hook index 5666bd5..6e8666e 100644 --- a/conf/ssh_regenconf_hook +++ b/conf/ssh_regenconf_hook @@ -11,7 +11,7 @@ echo " ##-> __APP__ # Hardening user connection -Match User __USER__ +Match User __APP__ ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no diff --git a/scripts/actions/sftp b/scripts/actions/sftp index da2aede..2b13b82 100755 --- a/scripts/actions/sftp +++ b/scripts/actions/sftp @@ -16,7 +16,6 @@ source /usr/share/yunohost/helpers app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} with_sftp=${YNH_ACTION_WITH_SFTP} -user=$(ynh_app_setting_get --app=$app --key=user) #================================================= # CHECK IF ARGUMENTS ARE CORRECT @@ -46,7 +45,6 @@ then cp -R conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app - ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app yunohost tools regen-conf ssh else ynh_script_progression --message="Removing the custom ssh config for the SFTP access..." --weight=3 diff --git a/scripts/config b/scripts/config index f373efb..b1024be 100644 --- a/scripts/config +++ b/scripts/config @@ -126,9 +126,8 @@ apply_config() { # Disable the sftp access, as the password is incorrect yunohost app action run $app sftp --args with_sftp=0 else - user=$(ynh_app_setting_get --app=$app --key=user) # Add the password to the user - chpasswd <<< "${user}:${password}" + chpasswd <<< "${app}:${password}" ynh_app_setting_set --app=$app --key=password --value="$password" fi fi diff --git a/scripts/install b/scripts/install index 01db129..19cb9e1 100644 --- a/scripts/install +++ b/scripts/install @@ -56,13 +56,11 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= ynh_script_progression --message="Storing installation settings..." -user=webapp${app_nb} ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=with_mysql --value=$with_mysql ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp -ynh_app_setting_set --app=$app --key=user --value=$user ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=overwrite_nginx --value=0 @@ -97,13 +95,12 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Configuring system user..." -# Create a standard user (not a system user for sftp) -ynh_system_user_exists --username=$user || \ - useradd -d "$final_path" -M --user-group "$user" +ynh_system_user_create --username=$app --home_dir="$final_path" + if [ $with_sftp -eq 1 ] then # Add the password to this user - chpasswd <<< "${user}:${password}" + chpasswd <<< "${app}:${password}" ynh_app_setting_set --app=$app --key=password --value="$password" fi @@ -119,7 +116,6 @@ then cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app - ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app yunohost tools regen-conf ssh fi @@ -133,7 +129,6 @@ mkdir -p "$final_path/www" if [ $with_sftp -eq 1 ] then ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file=../sources/www/index.html - ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=../sources/www/index.html # Copy files to the right place cp "../sources/www/index.html" "$final_path/www/index.html" @@ -159,21 +154,13 @@ ynh_script_progression --message="Configuring php-fpm..." --weight=2 # Create a dedicated php-fpm config ynh_add_fpm_config --usage=low --footprint=low -# use $user instead of $app as user that run the fpm processes -finalphpconf="/etc/php/7.0/fpm/pool.d/$app.conf" -ynh_replace_string --match_string="^user = .*" --replace_string="user = $user" --target_file="$finalphpconf" -ynh_replace_string --match_string="^group = .*" --replace_string="group = $user" --target_file="$finalphpconf" -ynh_store_file_checksum --file="$finalphpconf" - -ynh_systemd_action --service_name=php7.0-fpm --action=reload - #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= -chown -R $user: "$final_path" +chown -R $app: "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections chown root: "$final_path" @@ -218,7 +205,7 @@ then sftp_infos="You can connect to this repository by using sftp with the following credentials. Domain: $domain Port: $(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}') -User: $user +User: $app Password: The one you set at installation." else sftp_infos="" diff --git a/scripts/remove b/scripts/remove index fe1f5f9..5f64004 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) -user=$(ynh_app_setting_get --app=$app --key=user) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name @@ -83,7 +82,7 @@ fi ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user -ynh_system_user_delete --username=$user +ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index a30508f..57d6700 100644 --- a/scripts/restore +++ b/scripts/restore @@ -30,7 +30,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) password=$(ynh_app_setting_get --app=$app --key=password) -user=$(ynh_app_setting_get --app=$app --key=user) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -74,14 +73,12 @@ fi #================================================= ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 -# Create a standard user (not a system user for sftp) -ynh_system_user_exists --username=$user || \ - useradd -d "$final_path" -M --user-group "$user" +ynh_system_user_create --username=$app --home_dir="$final_path" if [ -n "$password" ] then # Add the password to this user - chpasswd <<< "${user}:${password}" + chpasswd <<< "${app}:${password}" fi #================================================= @@ -89,7 +86,7 @@ fi #================================================= # Restore permissions on app files -chown -R $user: "$final_path" +chown -R $app: "$final_path" # Home directory of the user need to be owned by root to allow # SFTP connections chown root: "$final_path" diff --git a/scripts/upgrade b/scripts/upgrade index 246f75a..76023a6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,7 +24,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) password=$(ynh_app_setting_get --app=$app --key=password) -user=$(ynh_app_setting_get --app=$app --key=user) overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx) overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm) @@ -149,18 +148,17 @@ fi #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 -# Create a standard user (not a system user for sftp) -ynh_system_user_exists --username=$user || \ - useradd -d "$final_path" -M --user-group "$user" +ynh_system_user_create --username=$app --home_dir="$final_path" + if [ $with_sftp -eq 1 ] then # Add the password to this user - chpasswd <<< "${user}:${password}" + chpasswd <<< "${app}:${password}" fi # Change the user group for previous my_webapp install script -groupadd -f "$user" -usermod -g "$user" "$user" +groupadd -f "$app" +usermod -g "$app" "$app" #================================================= # PHP-FPM CONFIGURATION @@ -173,14 +171,6 @@ then # Create a dedicated php-fpm config ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint - - # Use $user instead of $app as user that run the fpm processes - finalphpconf="/etc/php/7.0/fpm/pool.d/$app.conf" - ynh_replace_string --match_string="^user = .*" --replace_string="user = $user" --target_file="$finalphpconf" - ynh_replace_string --match_string="^group = .*" --replace_string="group = $user" --target_file="$finalphpconf" - ynh_store_file_checksum --file="$finalphpconf" - - ynh_systemd_action --service_name=php7.0-fpm --action=reload fi #================================================= @@ -196,7 +186,6 @@ then cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app - ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app yunohost tools regen-conf ssh fi