mirror of
https://github.com/YunoHost-Apps/my_webapp_ynh.git
synced 2024-09-03 19:46:26 +02:00
Use sftp.app group from 4.2 to manage sftp access, + fix permissions for /var/www/my_webapp
This commit is contained in:
Alexandre Aubin
parent
25703dc994
commit
cdfa2f061f
5 changed files with 43 additions and 80 deletions
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
action=$1
|
||||
pending_dir=$4
|
||||
ssh_conf=$pending_dir/../ssh/etc/ssh/sshd_config
|
||||
|
||||
[[ $action == "pre" ]] || exit 0
|
||||
[[ -e $ssh_conf ]] || exit 0
|
||||
|
||||
echo "
|
||||
|
||||
##-> __APP__
|
||||
# Hardening user connection
|
||||
Match User __APP__
|
||||
ChrootDirectory %h
|
||||
ForceCommand internal-sftp
|
||||
AllowTcpForwarding no
|
||||
PermitTunnel no
|
||||
X11Forwarding no
|
||||
PasswordAuthentication yes
|
||||
##<- __APP__" >> $ssh_conf
|
||||
|
|
@ -6,7 +6,7 @@
|
|||
"en": "Custom Web app with SFTP access",
|
||||
"fr": "Application Web personnalisée avec accès SFTP"
|
||||
},
|
||||
"version": "1.0~ynh4",
|
||||
"version": "1.0~ynh5",
|
||||
"url": "https://github.com/YunoHost-Apps/my_webapp_ynh",
|
||||
"license": "GPL-3.0-only",
|
||||
"maintainer": {
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
"email": "maniackc_dev@crudelis.fr"
|
||||
}],
|
||||
"requirements": {
|
||||
"yunohost": ">= 4.1.7"
|
||||
"yunohost": ">= 4.2.3"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
|
|
|
|||
|
|
@ -85,7 +85,14 @@ ynh_add_nginx_config
|
|||
#=================================================
|
||||
ynh_script_progression --message="Configuring system user..."
|
||||
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
groups="sftp.app"
|
||||
else
|
||||
groups=""
|
||||
fi
|
||||
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path" --groups="$groups"
|
||||
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
|
|
@ -96,18 +103,6 @@ fi
|
|||
|
||||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
# CONFIGURE SSH
|
||||
#=================================================
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
ynh_script_progression --message="Configuring SSH..."
|
||||
|
||||
ynh_add_config --template="../conf/ssh_regenconf_hook" --destination="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app"
|
||||
|
||||
yunohost tools regen-conf ssh
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# MODIFY A CONFIG FILE
|
||||
#=================================================
|
||||
|
|
@ -133,6 +128,12 @@ name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > ../sources/db_access.txt
|
|||
cp -r "../sources/db_access.txt" "$final_path/db_access.txt"
|
||||
fi
|
||||
|
||||
chown -R $app: "$final_path"
|
||||
# Home directory of the user needs to be owned by root to allow
|
||||
# SFTP connections
|
||||
chown root:$app "$final_path"
|
||||
chmod o-rwx "$final_path"
|
||||
|
||||
#=================================================
|
||||
# PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
|
|
@ -144,15 +145,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SECURE FILES AND DIRECTORIES
|
||||
#=================================================
|
||||
|
||||
chown -R $app: "$final_path"
|
||||
# Home directory of the user needs to be owned by root to allow
|
||||
# SFTP connections
|
||||
chown root: "$final_path"
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -50,13 +50,6 @@ test ! -d $final_path \
|
|||
|
||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..."
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE MYSQL DATABASE
|
||||
#=================================================
|
||||
|
|
@ -74,7 +67,14 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
|
||||
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
groups="sftp.app"
|
||||
else
|
||||
groups=""
|
||||
fi
|
||||
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path" --groups="$groups"
|
||||
|
||||
if [ -n "$password" ]
|
||||
then
|
||||
|
|
@ -83,14 +83,18 @@ then
|
|||
fi
|
||||
|
||||
#=================================================
|
||||
# RESTORE USER RIGHTS
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..."
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
|
||||
# Restore permissions on app files
|
||||
chown -R $app: "$final_path"
|
||||
# Home directory of the user need to be owned by root to allow
|
||||
# SFTP connections
|
||||
chown root: "$final_path"
|
||||
chown root:$app "$final_path"
|
||||
chmod o-rwx "$final_path"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE PHP-FPM CONFIGURATION
|
||||
|
|
@ -101,17 +105,6 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
|
|||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# CONFIGURE SSH
|
||||
#=================================================
|
||||
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
ynh_script_progression --message="Configuring SSH..."
|
||||
|
||||
ynh_restore_file "/usr/share/yunohost/hooks/conf_regen/90-ssh_$app"
|
||||
|
||||
yunohost tools regen-conf ssh
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
|
|
|||
|
|
@ -145,9 +145,18 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2
|
||||
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
# Add the password to this user
|
||||
chpasswd <<< "${app}:${password}"
|
||||
groups="sftp.app"
|
||||
else
|
||||
groups=""
|
||||
fi
|
||||
|
||||
ynh_system_user_create --username=$app --home_dir="$final_path" --groups="$groups"
|
||||
|
||||
if [ -n "$password" ]
|
||||
then
|
||||
# Add the password to this user
|
||||
chpasswd <<< "${app}:${password}"
|
||||
|
|
@ -173,17 +182,6 @@ fi
|
|||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# CONFIGURE SSH
|
||||
#=================================================
|
||||
|
||||
if [ $with_sftp -eq 1 ]
|
||||
then
|
||||
ynh_script_progression --message="Configuring SSH..." --weight=1
|
||||
|
||||
ynh_add_config --template="../conf/ssh_regenconf_hook" --destination="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app"
|
||||
|
||||
yunohost tools regen-conf ssh
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
|
@ -194,7 +192,8 @@ fi
|
|||
chown -R $app: "$final_path"
|
||||
# Home directory of the user needs to be owned by root to allow
|
||||
# SFTP connections
|
||||
chown root: "$final_path"
|
||||
chown root:$app "$final_path"
|
||||
chmod o-rwx "$final_path"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue