From db719f1d0ddb8bea5b224576ca237a1b2d393630 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Thu, 8 Apr 2021 15:04:33 +0200 Subject: [PATCH] Only allow $app and www-data to read $final_path folder --- scripts/install | 5 ++++- scripts/restore | 3 +++ scripts/upgrade | 3 +++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 3e72ba4..f42c748 100755 --- a/scripts/install +++ b/scripts/install @@ -247,8 +247,11 @@ ynh_store_file_checksum --file="$final_path/.htaccess" # Set permissions to app files chown -R root: $final_path +chmod o-rwx $final_path +chown $app:www-data $final_path + # Remove database initialization file -#rm $final_path/qa-include/qa-install.php +rm $final_path/qa-include/qa-install.php #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index a24e6f6..38593d2 100755 --- a/scripts/restore +++ b/scripts/restore @@ -75,6 +75,9 @@ ynh_system_user_create --username=$app # Restore permissions on app files chown -R root: $final_path +chmod o-rwx $final_path +chown $app:www-data $final_path + #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 75b78a8..cab6cc1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -153,6 +153,9 @@ fi # Set permissions on app files chown -R root: $final_path +chmod o-rwx $final_path +chown $app:www-data $final_path + #================================================= # RELOAD NGINX #=================================================