diff --git a/check_process b/check_process index 7ac5c52..ea81cc6 100644 --- a/check_process +++ b/check_process @@ -13,8 +13,6 @@ setup_private=1 setup_public=1 upgrade=1 - #19.0.3 - upgrade=1 from_commit=a03e25fac417e2e03e53ed3a7b7ed05185637360 #21.0.2 upgrade=1 from_commit=fa1f0da48d3edbdf5bcb3b8b70a0687b4e878d11 backup_restore=1 @@ -26,8 +24,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=a03e25fac417e2e03e53ed3a7b7ed05185637360 - name=Merge pull request #333 from ericgaspar/Upgrade-to-version-19.0.3 ; commit=fa1f0da48d3edbdf5bcb3b8b70a0687b4e878d11 name=Merge pull request #408 from YunoHost-Apps/21.0.2 manifest_arg=domain=DOMAIN&path=PATH&admin=USER&user_home=1& diff --git a/scripts/restore b/scripts/restore index 0449f5b..aa230c7 100755 --- a/scripts/restore +++ b/scripts/restore @@ -57,6 +57,14 @@ then sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf" fi +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -64,6 +72,10 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # RESTORE THE MYSQL DATABASE #================================================= @@ -73,14 +85,6 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # SPECIFIC RESTORATION #================================================= @@ -119,7 +123,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= ynh_script_progression --message="Restoring data directory..." --weight=2 -datadir="/home/yunohost.app/$app/data" +datadir="/home/yunohost.app/$app" # Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup. ynh_restore_file --origin_path="$datadir" --not_mandatory @@ -130,14 +134,14 @@ mkdir -p "$datadir" # RESTORE USER RIGHTS #================================================= -# Fix app ownerships & permissions -chown -R $app: "$final_path" "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 -chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app +# # Fix app ownerships & permissions +# chown -R $app: "$final_path" "$datadir" +# find $final_path/ -type f -print0 | xargs -0 chmod 0644 +# find $final_path/ -type d -print0 | xargs -0 chmod 0755 +# find $datadir/ -type f -print0 | xargs -0 chmod 0640 +# find $datadir/ -type d -print0 | xargs -0 chmod 0750 +# chmod 640 "$final_path/config/config.php" +# chmod 755 /home/yunohost.app # Iterate over users to extend their home folder permissions - for the external # storage plugin usage - and create relevant Nextcloud directories diff --git a/scripts/upgrade b/scripts/upgrade index 8968143..09d6f80 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -158,6 +158,10 @@ if [ -f /etc/php/$phpversion/fpm/conf.d/20-$app.ini ]; then ynh_secure_remove --file=/etc/php/$phpversion/fpm/conf.d/20-$app.ini fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -423,14 +427,19 @@ exec_occ background:cron # SECURE FILES AND DIRECTORIES #================================================= -# Fix app ownerships & permissions -chown -R $app: "$final_path" "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 -chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app +# # Fix app ownerships & permissions +# chown -R $app: "$final_path" "$datadir" +# find $final_path/ -type f -print0 | xargs -0 chmod 0644 +# find $final_path/ -type d -print0 | xargs -0 chmod 0755 +# find $datadir/ -type f -print0 | xargs -0 chmod 0640 +# find $datadir/ -type d -print0 | xargs -0 chmod 0750 +# chmod 640 "$final_path/config/config.php" +# chmod 755 /home/yunohost.app + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # WARNING ABOUT THIRD-PARTY APPS