YunoHost-Apps/my_webapp_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/my_webapp_ynh.git synced 2024-09-03 19:46:26 +02:00
Code Issues Activity Actions

Fuck that shit why have a user with different name than the app -_-

Browse source
This commit is contained in:
Alexandre Aubin 2020-06-17 15:54:40 +02:00
parent 3c546b1c80
commit 66cc5be9f8
7 changed files with 16 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/ssh_regenconf_hook
View file

@ -11,7 +11,7 @@ echo "
##-> __APP__ ##-> __APP__
# Hardening user connection # Hardening user connection
Match User __USER__ Match User __APP__
ChrootDirectory %h ChrootDirectory %h
ForceCommand internal-sftp ForceCommand internal-sftp
AllowTcpForwarding no AllowTcpForwarding no

2
scripts/actions/sftp
View file

@ -16,7 +16,6 @@ source /usr/share/yunohost/helpers
app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
with_sftp=${YNH_ACTION_WITH_SFTP} with_sftp=${YNH_ACTION_WITH_SFTP}
user=$(ynh_app_setting_get --app=$app --key=user)
#================================================= #=================================================
# CHECK IF ARGUMENTS ARE CORRECT # CHECK IF ARGUMENTS ARE CORRECT
@ -46,7 +45,6 @@ then
cp -R conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app cp -R conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
yunohost tools regen-conf ssh yunohost tools regen-conf ssh
else else
ynh_script_progression --message="Removing the custom ssh config for the SFTP access..." --weight=3 ynh_script_progression --message="Removing the custom ssh config for the SFTP access..." --weight=3

3
scripts/config
View file

@ -126,9 +126,8 @@ apply_config() {
# Disable the sftp access, as the password is incorrect # Disable the sftp access, as the password is incorrect
yunohost app action run $app sftp --args with_sftp=0 yunohost app action run $app sftp --args with_sftp=0
else else
user=$(ynh_app_setting_get --app=$app --key=user)
# Add the password to the user # Add the password to the user
chpasswd <<< "${user}:${password}" chpasswd <<< "${app}:${password}"
ynh_app_setting_set --app=$app --key=password --value="$password" ynh_app_setting_set --app=$app --key=password --value="$password"
fi fi
fi fi

23
scripts/install
View file

@ -56,13 +56,11 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#================================================= #=================================================
ynh_script_progression --message="Storing installation settings..." ynh_script_progression --message="Storing installation settings..."
user=webapp${app_nb}
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=with_mysql --value=$with_mysql ynh_app_setting_set --app=$app --key=with_mysql --value=$with_mysql
ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp
ynh_app_setting_set --app=$app --key=user --value=$user
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=0 ynh_app_setting_set --app=$app --key=overwrite_nginx --value=0
@ -97,13 +95,12 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Configuring system user..." ynh_script_progression --message="Configuring system user..."
# Create a standard user (not a system user for sftp) ynh_system_user_create --username=$app --home_dir="$final_path"
ynh_system_user_exists --username=$user || \
useradd -d "$final_path" -M --user-group "$user"
if [ $with_sftp -eq 1 ] if [ $with_sftp -eq 1 ]
then then
# Add the password to this user # Add the password to this user
chpasswd <<< "${user}:${password}" chpasswd <<< "${app}:${password}"
ynh_app_setting_set --app=$app --key=password --value="$password" ynh_app_setting_set --app=$app --key=password --value="$password"
fi fi
@ -119,7 +116,6 @@ then
cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
yunohost tools regen-conf ssh yunohost tools regen-conf ssh
fi fi
@ -133,7 +129,6 @@ mkdir -p "$final_path/www"
if [ $with_sftp -eq 1 ] if [ $with_sftp -eq 1 ]
then then
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file=../sources/www/index.html ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file=../sources/www/index.html
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=../sources/www/index.html
# Copy files to the right place # Copy files to the right place
cp "../sources/www/index.html" "$final_path/www/index.html" cp "../sources/www/index.html" "$final_path/www/index.html"
@ -159,21 +154,13 @@ ynh_script_progression --message="Configuring php-fpm..." --weight=2
# Create a dedicated php-fpm config # Create a dedicated php-fpm config
ynh_add_fpm_config --usage=low --footprint=low ynh_add_fpm_config --usage=low --footprint=low
# use $user instead of $app as user that run the fpm processes
finalphpconf="/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_replace_string --match_string="^user = .*" --replace_string="user = $user" --target_file="$finalphpconf"
ynh_replace_string --match_string="^group = .*" --replace_string="group = $user" --target_file="$finalphpconf"
ynh_store_file_checksum --file="$finalphpconf"
ynh_systemd_action --service_name=php7.0-fpm --action=reload
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
chown -R $user: "$final_path" chown -R $app: "$final_path"
# Home directory of the user needs to be owned by root to allow # Home directory of the user needs to be owned by root to allow
# SFTP connections # SFTP connections
chown root: "$final_path" chown root: "$final_path"
@ -218,7 +205,7 @@ then
sftp_infos="You can connect to this repository by using sftp with the following credentials. sftp_infos="You can connect to this repository by using sftp with the following credentials.
Domain: $domain Domain: $domain
Port: $(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}') Port: $(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
User: $user User: $app
Password: The one you set at installation." Password: The one you set at installation."
else else
sftp_infos="" sftp_infos=""

3
scripts/remove
View file

@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql)
with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp)
user=$(ynh_app_setting_get --app=$app --key=user)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name db_user=$db_name
@ -83,7 +82,7 @@ fi
ynh_script_progression --message="Removing the dedicated system user..." ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user # Delete a system user
ynh_system_user_delete --username=$user ynh_system_user_delete --username=$app
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

9
scripts/restore
View file

@ -30,7 +30,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql)
with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp)
password=$(ynh_app_setting_get --app=$app --key=password) password=$(ynh_app_setting_get --app=$app --key=password)
user=$(ynh_app_setting_get --app=$app --key=user)
#================================================= #=================================================
# CHECK IF THE APP CAN BE RESTORED # CHECK IF THE APP CAN BE RESTORED
@ -74,14 +73,12 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
# Create a standard user (not a system user for sftp) ynh_system_user_create --username=$app --home_dir="$final_path"
ynh_system_user_exists --username=$user || \
useradd -d "$final_path" -M --user-group "$user"
if [ -n "$password" ] if [ -n "$password" ]
then then
# Add the password to this user # Add the password to this user
chpasswd <<< "${user}:${password}" chpasswd <<< "${app}:${password}"
fi fi
#================================================= #=================================================
@ -89,7 +86,7 @@ fi
#================================================= #=================================================
# Restore permissions on app files # Restore permissions on app files
chown -R $user: "$final_path" chown -R $app: "$final_path"
# Home directory of the user need to be owned by root to allow # Home directory of the user need to be owned by root to allow
# SFTP connections # SFTP connections
chown root: "$final_path" chown root: "$final_path"

21
scripts/upgrade
View file

@ -24,7 +24,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql)
with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp)
password=$(ynh_app_setting_get --app=$app --key=password) password=$(ynh_app_setting_get --app=$app --key=password)
user=$(ynh_app_setting_get --app=$app --key=user)
overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx) overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx)
overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm) overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm)
@ -149,18 +148,17 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2
# Create a standard user (not a system user for sftp) ynh_system_user_create --username=$app --home_dir="$final_path"
ynh_system_user_exists --username=$user || \
useradd -d "$final_path" -M --user-group "$user"
if [ $with_sftp -eq 1 ] if [ $with_sftp -eq 1 ]
then then
# Add the password to this user # Add the password to this user
chpasswd <<< "${user}:${password}" chpasswd <<< "${app}:${password}"
fi fi
# Change the user group for previous my_webapp install script # Change the user group for previous my_webapp install script
groupadd -f "$user" groupadd -f "$app"
usermod -g "$user" "$user" usermod -g "$app" "$app"
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
@ -173,14 +171,6 @@ then
# Create a dedicated php-fpm config # Create a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
# Use $user instead of $app as user that run the fpm processes
finalphpconf="/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_replace_string --match_string="^user = .*" --replace_string="user = $user" --target_file="$finalphpconf"
ynh_replace_string --match_string="^group = .*" --replace_string="group = $user" --target_file="$finalphpconf"
ynh_store_file_checksum --file="$finalphpconf"
ynh_systemd_action --service_name=php7.0-fpm --action=reload
fi fi
#================================================= #=================================================
@ -196,7 +186,6 @@ then
cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
yunohost tools regen-conf ssh yunohost tools regen-conf ssh
fi fi