From a546fb8736fdbd1bf4f8a5c0d5bca68b670a4706 Mon Sep 17 00:00:00 2001 From: Jules Bertholet Date: Wed, 31 Mar 2021 11:06:25 -0400 Subject: [PATCH] Tweak permissions --- scripts/install | 9 ++++----- scripts/restore | 3 +-- scripts/upgrade | 10 ++++------ 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/scripts/install b/scripts/install index 3d2b871..d64a080 100755 --- a/scripts/install +++ b/scripts/install @@ -107,7 +107,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -ynh_setup_source --source_id="nim_$arch" --dest_dir="$final_path/.nim" || ynh_die --message="Your server's architecture is not supported" +ynh_setup_source --source_id="nim_$arch" --dest_dir="$final_path/nim-installation" || ynh_die --message="Your server's architecture is not supported" #================================================= # NGINX CONFIGURATION @@ -134,8 +134,8 @@ usermod -d $final_path $app 2>&1 ynh_script_progression --message="Compiling Nitter..." --weight=30 pushd "$final_path" || ynh_die chown -R $app:$app $final_path - sudo -u $app "PATH=/opt/yunohost/$app/.nim/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/.nim/bin/nimble build -d:release -y - sudo -u $app "PATH=/opt/yunohost/$app/.nim/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/.nim/bin/nimble scss -y + sudo -u $app "PATH=/opt/yunohost/$app/nim-installation/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/nim-installation/bin/nimble build -d:release -y + sudo -u $app "PATH=/opt/yunohost/$app/nim-installation/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/nim-installation/bin/nimble scss -y mkdir -p $final_path/tmp chown -R root:root $final_path popd || ynh_die @@ -161,8 +161,7 @@ ynh_add_config --template="nitter.conf" --destination="$final_path/nitter.conf" # Set permissions to app files chown -R root:$app $final_path chown -R $app:$app $final_path/tmp -chmod -R o-rwx $final_path -chmod -R g-w $final_path +chmod -R g=u,g-w,o-rwx $final_path setfacl -n -m user:www-data:rx $final_path setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path/public diff --git a/scripts/restore b/scripts/restore index 44093ff..bca195a 100755 --- a/scripts/restore +++ b/scripts/restore @@ -80,8 +80,7 @@ ynh_install_app_dependencies $pkg_dependencies # Restore permissions on app files chown -R root:$app $final_path chown -R $app:$app $final_path/tmp -chmod -R o-rwx $final_path -chmod -R g-w $final_path +chmod -R g=u,g-w,o-rwx $final_path setfacl -n -m user:www-data:rx $final_path setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path/public diff --git a/scripts/upgrade b/scripts/upgrade index 3040aa5..f74027d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -73,7 +73,7 @@ then mv "$final_path/nitter.conf" "$final_path/nitter.conf.bak" ynh_setup_source --dest_dir="$final_path" mv "$final_path/nitter.conf.bak" "$final_path/nitter.conf" - ynh_setup_source --source_id="nim_$arch" --dest_dir="$final_path/.nim" || ynh_die --message="Your server's architecture is not supported" + ynh_setup_source --source_id="nim_$arch" --dest_dir="$final_path/nim-installation" || ynh_die --message="Your server's architecture is not supported" fi #================================================= @@ -108,8 +108,8 @@ usermod -d $final_path $app 2>&1 ynh_script_progression --message="Compiling Nitter..." --weight=30 pushd "$final_path" || ynh_die chown -R $app:$app $final_path - sudo -u $app "PATH=/opt/yunohost/$app/.nim/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/.nim/bin/nimble build -d:release -y - sudo -u $app "PATH=/opt/yunohost/$app/.nim/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/.nim/bin/nimble scss -y + sudo -u $app "PATH=/opt/yunohost/$app/nim-installation/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/nim-installation/bin/nimble build -d:release -y + sudo -u $app "PATH=/opt/yunohost/$app/nim-installation/bin:$(sudo -u $app sh -c 'echo $PATH')" $final_path/nim-installation/bin/nimble scss -y mkdir -p $final_path/tmp chown -R root:root $final_path popd || ynh_die @@ -136,11 +136,9 @@ ynh_add_config --template="nitter.conf" --destination="$final_path/nitter.conf" # Set permissions on app files chown -R root:$app $final_path chown -R $app:$app $final_path/tmp -chmod -R o-rwx $final_path -chmod -R g-w $final_path +chmod -R g=u,g-w,o-rwx $final_path setfacl -n -m user:www-data:rx $final_path setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path/public - #================================================= # INTEGRATE SERVICE IN YUNOHOST #=================================================