From 86d0f1a8a69b598c6e46a834302b4cd3556e7193 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 24 Apr 2021 13:44:19 +0200 Subject: [PATCH 1/8] Fix doc links --- README.md | 6 +++--- README_fr.md | 12 +++++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 9348a2e..b2c34bf 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview This application allows you to easily install a custom Web application, -providing files access with [SFTP](https://yunohost.org/#/filezilla). It can also create a MySQL database - +providing files access with [SFTP](https://yunohost.org/en/filezilla). It can also create a MySQL database - which will be backed up and restored with your application. The connection details will be stored in the file `db_accesss.txt` located in the root directory. @@ -28,7 +28,7 @@ of your custom Web application inside. ## Documentation - * YunoHost documentation: https://github.com/YunoHost/doc/blob/master/app_my_webapp.md + * YunoHost documentation: https://yunohost.org/en/app_my_webapp ## YunoHost specific features @@ -46,7 +46,7 @@ of your custom Web application inside. #### SFTP port You may have change the SSH port as described -[here section "Modifier le port SSH"](https://yunohost.org/#/security_fr) ; +[here section "Modifier le port SSH"](https://yunohost.org/en/security) ; then you should use this port to update your website with SFTP. ## Links diff --git a/README_fr.md b/README_fr.md index 6200271..7074b8d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,12 +6,12 @@ *[Read this readme in english.](./README.md)* > *Ce package vous permet d'installer une Application vide avec accès SFTP au répertoire Web personnalisé rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/fr/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble Cette application vous permet d'installer facilement une application vide personnalisée, -fourni un accès aux fichiers avec [SFTP](https://yunohost.org/#/filezilla). Elle peut également créer une base de données MySQL - +fourni un accès aux fichiers avec [SFTP](https://yunohost.org/fr/filezilla). Elle peut également créer une base de données MySQL - qui sera sauvegardée et restaurée avec votre application. Les détails de connexion seront stockés dans le fichier `db_accesss.txt` situé dans le répertoire racine. @@ -21,7 +21,7 @@ seront stockés dans le fichier `db_accesss.txt` situé dans le répertoire raci ## Documentation - * Documentation YunoHost : https://yunohost.org/#/app_my_webapp + * Documentation YunoHost : https://yunohost.org/fr/app_my_webapp ## Caractéristiques spécifiques YunoHost @@ -36,6 +36,12 @@ seront stockés dans le fichier `db_accesss.txt` situé dans le répertoire raci ## Informations additionnelles +#### Port SFTP + +Vous avez peut-être changé le port SSH comme décrit +[ici section "Modifier le port SSH"](https://yunohost.org/fr/security); +alors vous devriez utiliser ce port pour mettre à jour votre site Web avec SFTP. + ## Liens * Signaler un bug : https://github.com/YunoHost-Apps/my_webapp_ynh/issues From ea0030d6a37e1c8e4eb5ee5b86fb21b6674352e9 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 24 Apr 2021 13:45:41 +0200 Subject: [PATCH 2/8] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b2c34bf..e25ff60 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ *[Lire ce readme en français.](./README_fr.md)* > *This package allow you to install Custom Webapp quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +If you don't have YunoHost, please see [here](https://yunohost.org/en/install) to know how to install and enjoy it.* ## Overview From 19bd96b45e1dce3d0dec5dd623c7260e1eff2293 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 24 Apr 2021 13:49:04 +0200 Subject: [PATCH 3/8] Fix --- README.md | 4 ++-- README_fr.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e25ff60..ac48125 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,8 @@ of your custom Web application inside. #### SFTP port -You may have change the SSH port as described -[here section "Modifier le port SSH"](https://yunohost.org/en/security) ; +You may have change the SSH port as described here +[Modify the SSH port](https://yunohost.org/en/security#modify-the-ssh-port) ; then you should use this port to update your website with SFTP. ## Links diff --git a/README_fr.md b/README_fr.md index 7074b8d..9587467 100644 --- a/README_fr.md +++ b/README_fr.md @@ -38,8 +38,8 @@ seront stockés dans le fichier `db_accesss.txt` situé dans le répertoire raci #### Port SFTP -Vous avez peut-être changé le port SSH comme décrit -[ici section "Modifier le port SSH"](https://yunohost.org/fr/security); +Vous avez peut-être changé le port SSH comme décrit ici +[Modifier le port SSH](https://yunohost.org/fr/security#modify-the-ssh-port); alors vous devriez utiliser ce port pour mettre à jour votre site Web avec SFTP. ## Liens From 90e11d34ded22c1525d051da24f497f94f7f2194 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 24 Apr 2021 13:54:44 +0200 Subject: [PATCH 4/8] Fix --- README.md | 4 ++-- README_fr.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ac48125..f84b2aa 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,8 @@ of your custom Web application inside. #### SFTP port -You may have change the SSH port as described here -[Modify the SSH port](https://yunohost.org/en/security#modify-the-ssh-port) ; +You may have change the SSH port as described in this section: +[Modify the SSH port](https://yunohost.org/en/security#modify-the-ssh-port); then you should use this port to update your website with SFTP. ## Links diff --git a/README_fr.md b/README_fr.md index 9587467..1b9fe0c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -38,8 +38,8 @@ seront stockés dans le fichier `db_accesss.txt` situé dans le répertoire raci #### Port SFTP -Vous avez peut-être changé le port SSH comme décrit ici -[Modifier le port SSH](https://yunohost.org/fr/security#modify-the-ssh-port); +Vous avez peut-être changé le port SSH comme décrit dans cette section : +[Modifier le port SSH](https://yunohost.org/fr/security#modify-the-ssh-port) ; alors vous devriez utiliser ce port pour mettre à jour votre site Web avec SFTP. ## Liens From e618919964f6fb7d48b2340d8e0ede68abc272b1 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 28 Apr 2021 23:31:23 +0200 Subject: [PATCH 5/8] Fix --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f84b2aa..a149a67 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ *[Lire ce readme en français.](./README_fr.md)* > *This package allow you to install Custom Webapp quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/en/install) to know how to install and enjoy it.* +If you don't have YunoHost, please see [here](https://yunohost.org/install) to know how to install and enjoy it.* ## Overview diff --git a/README_fr.md b/README_fr.md index 1b9fe0c..d3dba43 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,7 +6,7 @@ *[Read this readme in english.](./README.md)* > *Ce package vous permet d'installer une Application vide avec accès SFTP au répertoire Web personnalisé rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/fr/install) pour savoir comment l'installer et en profiter.* +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble From cdfa2f061fade969c8f11e0fa1613f56137f0299 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 7 May 2021 20:39:16 +0200 Subject: [PATCH 6/8] Use sftp.app group from 4.2 to manage sftp access, + fix permissions for /var/www/my_webapp --- conf/ssh_regenconf_hook | 21 --------------------- manifest.json | 4 ++-- scripts/install | 36 ++++++++++++++---------------------- scripts/restore | 35 ++++++++++++++--------------------- scripts/upgrade | 27 +++++++++++++-------------- 5 files changed, 43 insertions(+), 80 deletions(-) delete mode 100644 conf/ssh_regenconf_hook diff --git a/conf/ssh_regenconf_hook b/conf/ssh_regenconf_hook deleted file mode 100644 index 6e8666e..0000000 --- a/conf/ssh_regenconf_hook +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -action=$1 -pending_dir=$4 -ssh_conf=$pending_dir/../ssh/etc/ssh/sshd_config - -[[ $action == "pre" ]] || exit 0 -[[ -e $ssh_conf ]] || exit 0 - -echo " - -##-> __APP__ -# Hardening user connection -Match User __APP__ - ChrootDirectory %h - ForceCommand internal-sftp - AllowTcpForwarding no - PermitTunnel no - X11Forwarding no - PasswordAuthentication yes -##<- __APP__" >> $ssh_conf diff --git a/manifest.json b/manifest.json index 26de3ce..eb4576a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Custom Web app with SFTP access", "fr": "Application Web personnalisée avec accès SFTP" }, - "version": "1.0~ynh4", + "version": "1.0~ynh5", "url": "https://github.com/YunoHost-Apps/my_webapp_ynh", "license": "GPL-3.0-only", "maintainer": { @@ -18,7 +18,7 @@ "email": "maniackc_dev@crudelis.fr" }], "requirements": { - "yunohost": ">= 4.1.7" + "yunohost": ">= 4.2.3" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index ba0e392..6fd3eef 100644 --- a/scripts/install +++ b/scripts/install @@ -85,7 +85,14 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Configuring system user..." -ynh_system_user_create --username=$app --home_dir="$final_path" +if [ $with_sftp -eq 1 ] +then + groups="sftp.app" +else + groups="" +fi + +ynh_system_user_create --username=$app --home_dir="$final_path" --groups="$groups" if [ $with_sftp -eq 1 ] then @@ -96,18 +103,6 @@ fi #================================================= # SPECIFIC SETUP -#================================================= -# CONFIGURE SSH -#================================================= -if [ $with_sftp -eq 1 ] -then - ynh_script_progression --message="Configuring SSH..." - - ynh_add_config --template="../conf/ssh_regenconf_hook" --destination="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app" - - yunohost tools regen-conf ssh -fi - #================================================= # MODIFY A CONFIG FILE #================================================= @@ -133,6 +128,12 @@ name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt cp -r "../sources/db_access.txt" "$final_path/db_access.txt" fi +chown -R $app: "$final_path" +# Home directory of the user needs to be owned by root to allow +# SFTP connections +chown root:$app "$final_path" +chmod o-rwx "$final_path" + #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -144,15 +145,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -chown -R $app: "$final_path" -# Home directory of the user needs to be owned by root to allow -# SFTP connections -chown root: "$final_path" - #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/restore b/scripts/restore index 3226eee..b626768 100644 --- a/scripts/restore +++ b/scripts/restore @@ -50,13 +50,6 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." - -ynh_restore_file --origin_path="$final_path" - #================================================= # RESTORE THE MYSQL DATABASE #================================================= @@ -74,7 +67,14 @@ fi #================================================= ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 -ynh_system_user_create --username=$app --home_dir="$final_path" +if [ $with_sftp -eq 1 ] +then + groups="sftp.app" +else + groups="" +fi + +ynh_system_user_create --username=$app --home_dir="$final_path" --groups="$groups" if [ -n "$password" ] then @@ -83,14 +83,18 @@ then fi #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." + +ynh_restore_file --origin_path="$final_path" # Restore permissions on app files chown -R $app: "$final_path" # Home directory of the user need to be owned by root to allow # SFTP connections -chown root: "$final_path" +chown root:$app "$final_path" +chmod o-rwx "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION @@ -101,17 +105,6 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # SPECIFIC RESTORATION #================================================= -# CONFIGURE SSH -#================================================= - -if [ $with_sftp -eq 1 ] -then - ynh_script_progression --message="Configuring SSH..." - - ynh_restore_file "/usr/share/yunohost/hooks/conf_regen/90-ssh_$app" - - yunohost tools regen-conf ssh -fi #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index ec459e6..b02ba33 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -145,9 +145,18 @@ fi #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 -ynh_system_user_create --username=$app --home_dir="$final_path" - if [ $with_sftp -eq 1 ] +then + # Add the password to this user + chpasswd <<< "${app}:${password}" + groups="sftp.app" +else + groups="" +fi + +ynh_system_user_create --username=$app --home_dir="$final_path" --groups="$groups" + +if [ -n "$password" ] then # Add the password to this user chpasswd <<< "${app}:${password}" @@ -173,17 +182,6 @@ fi #================================================= # SPECIFIC UPGRADE #================================================= -# CONFIGURE SSH -#================================================= - -if [ $with_sftp -eq 1 ] -then - ynh_script_progression --message="Configuring SSH..." --weight=1 - - ynh_add_config --template="../conf/ssh_regenconf_hook" --destination="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app" - - yunohost tools regen-conf ssh -fi #================================================= # GENERIC FINALIZATION @@ -194,7 +192,8 @@ fi chown -R $app: "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections -chown root: "$final_path" +chown root:$app "$final_path" +chmod o-rwx "$final_path" #================================================= # RELOAD NGINX From 12a0d94a4f55c6405893e11f5454c8cf6a6b10db Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 9 May 2021 18:25:05 +0200 Subject: [PATCH 7/8] Fix permissions: we also need www-data to be able to browse --- scripts/install | 4 +++- scripts/restore | 6 ++++-- scripts/upgrade | 4 +++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/scripts/install b/scripts/install index 6fd3eef..03cc8dc 100644 --- a/scripts/install +++ b/scripts/install @@ -131,7 +131,9 @@ fi chown -R $app: "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections -chown root:$app "$final_path" +chown root:root "$final_path" +setfacl -m g:$app:r-x "$final_path" +setfacl -m g:www-data:r-x "$final_path" chmod o-rwx "$final_path" #================================================= diff --git a/scripts/restore b/scripts/restore index b626768..5824cb5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -91,9 +91,11 @@ ynh_restore_file --origin_path="$final_path" # Restore permissions on app files chown -R $app: "$final_path" -# Home directory of the user need to be owned by root to allow +# Home directory of the user needs to be owned by root to allow # SFTP connections -chown root:$app "$final_path" +chown root:root "$final_path" +setfacl -m g:$app:r-x "$final_path" +setfacl -m g:www-data:r-x "$final_path" chmod o-rwx "$final_path" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index b02ba33..7ba3989 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -192,7 +192,9 @@ fi chown -R $app: "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections -chown root:$app "$final_path" +chown root:root "$final_path" +setfacl -m g:$app:r-x "$final_path" +setfacl -m g:www-data:r-x "$final_path" chmod o-rwx "$final_path" #================================================= From 9969e5a7b7de0a7bdaac6befb7ad38957c20e8a3 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 10 May 2021 17:01:39 +0200 Subject: [PATCH 8/8] Fix misc issues --- scripts/backup | 11 ----------- scripts/install | 2 +- scripts/remove | 9 --------- scripts/restore | 2 +- scripts/upgrade | 4 +--- 5 files changed, 3 insertions(+), 25 deletions(-) diff --git a/scripts/backup b/scripts/backup index a66a5bc..75e9f52 100644 --- a/scripts/backup +++ b/scripts/backup @@ -63,17 +63,6 @@ then ynh_mysql_dump_db --database="$db_name" > db.sql fi -#================================================= -# BACKUP SPECIFIC FILES -#================================================= - -if [ $with_sftp -eq 1 ] -then - ynh_print_info --message="Backup specific files..." - - ynh_backup "/usr/share/yunohost/hooks/conf_regen/90-ssh_$app" -fi - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 03cc8dc..e9e3108 100644 --- a/scripts/install +++ b/scripts/install @@ -128,7 +128,7 @@ name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt cp -r "../sources/db_access.txt" "$final_path/db_access.txt" fi -chown -R $app: "$final_path" +chown -R $app:www-data "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections chown root:root "$final_path" diff --git a/scripts/remove b/scripts/remove index f39cde3..e9952b0 100644 --- a/scripts/remove +++ b/scripts/remove @@ -64,15 +64,6 @@ ynh_remove_fpm_config #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE THE CUSTOM SSH CONFIG -#================================================= - -if [ $with_sftp -eq 1 ] -then - ynh_script_progression --message="Removing the custom SSH config..." - ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app" - yunohost tools regen-conf ssh -fi #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index 5824cb5..49f60fc 100644 --- a/scripts/restore +++ b/scripts/restore @@ -90,7 +90,7 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" # Restore permissions on app files -chown -R $app: "$final_path" +chown -R $app:www-data "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections chown root:root "$final_path" diff --git a/scripts/upgrade b/scripts/upgrade index 7ba3989..05cb55a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -147,8 +147,6 @@ ynh_script_progression --message="Making sure dedicated system user exists..." - if [ $with_sftp -eq 1 ] then - # Add the password to this user - chpasswd <<< "${app}:${password}" groups="sftp.app" else groups="" @@ -189,7 +187,7 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -chown -R $app: "$final_path" +chown -R $app:www-data "$final_path" # Home directory of the user needs to be owned by root to allow # SFTP connections chown root:root "$final_path"