diff --git a/scripts/install b/scripts/install index c36b120..4603c09 100755 --- a/scripts/install +++ b/scripts/install @@ -67,6 +67,14 @@ db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -90,13 +98,10 @@ cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a system user -ynh_system_user_create --username=$app +find $final_path/ -type f -print0 | xargs -0 chmod 0644 +find $final_path/ -type d -print0 | xargs -0 chmod 0755 +chmod -R o-rwx "$final_path" +chown -R $app: "$final_path" #================================================= # PHP-FPM CONFIGURATION @@ -135,6 +140,9 @@ ynh_add_nginx_config datadir="/home/yunohost.app/$app/data" # Create app folders mkdir -p "$datadir" +chown -R $app: "$datadir" +find $datadir/ -type f -print0 | xargs -0 chmod 0640 +find $datadir/ -type d -print0 | xargs -0 chmod 0750 #================================================= # INSTALL NEXTCLOUD @@ -147,9 +155,6 @@ exec_occ() { php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") } -# Set write access for the following commands -chown -R $app: "$final_path" "$datadir" - # Define password in an intermediate var # The fact that it's called _password allows it to be # picked up by Yunohost's auto-redact mecanism @@ -305,13 +310,8 @@ ynh_multimedia_addaccess $app #================================================= # Fix app ownerships & permissions -chown -R $app: "$final_path" "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app +chmod 755 /home/yunohost.app/$app #================================================= # SETUP LOGROTATE diff --git a/scripts/restore b/scripts/restore index 44f8384..4469b2d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -59,6 +59,14 @@ then sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf" fi +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -66,6 +74,11 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" +find $final_path/ -type f -print0 | xargs -0 chmod 0644 +find $final_path/ -type d -print0 | xargs -0 chmod 0755 +chmod -R o-rwx "$final_path" +chown -R $app: "$final_path" + #================================================= # RESTORE THE MYSQL DATABASE #================================================= @@ -75,14 +88,6 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # SPECIFIC RESTORATION #================================================= @@ -128,14 +133,17 @@ ynh_restore_file --origin_path="$datadir" --not_mandatory mkdir -p "$datadir" +find $datadir/ -type f -print0 | xargs -0 chmod 0640 +find $datadir/ -type d -print0 | xargs -0 chmod 0750 +chown -R $app: "$datadir" + #================================================= # RESTORE USER RIGHTS #================================================= # Fix app ownerships & permissions -chown -R $app: "$final_path" "$datadir" chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app +chmod 755 /home/yunohost.app/$app # Iterate over users to extend their home folder permissions - for the external # storage plugin usage - and create relevant Nextcloud directories diff --git a/scripts/upgrade b/scripts/upgrade index 8968143..fdef638 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -130,7 +130,7 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # PHP-FPM CONFIGURATION @@ -406,6 +406,15 @@ EOF ynh_store_file_checksum --file="${final_path}/config/config.php" fi +find $final_path/ -type f -print0 | xargs -0 chmod 0644 +find $final_path/ -type d -print0 | xargs -0 chmod 0755 +find $datadir/ -type f -print0 | xargs -0 chmod 0640 +find $datadir/ -type d -print0 | xargs -0 chmod 0750 +chmod -R o-rwx "$final_path" +chown -R $app: "$final_path" "$datadir" +chmod 640 "$final_path/config/config.php" +chmod 755 /home/yunohost.app/$app + #================================================= # UPDATE THE CRON JOB #================================================= @@ -417,21 +426,6 @@ chmod 644 "$cron_path" exec_occ background:cron -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Fix app ownerships & permissions -chown -R $app: "$final_path" "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 -chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app - #================================================= # WARNING ABOUT THIRD-PARTY APPS #=================================================