From cd3a2fff2ecef4c984bbe78c222b5243e1ce4214 Mon Sep 17 00:00:00 2001
From: Tobias Ollive <tobias.ollive@utc.fr>
Date: Wed, 6 Apr 2022 16:04:47 +0200
Subject: [PATCH] improve right management

---
 scripts/install | 2 ++
 scripts/upgrade | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/scripts/install b/scripts/install
index f8f3598..8b3ed1e 100755
--- a/scripts/install
+++ b/scripts/install
@@ -55,6 +55,7 @@ cat > /tmp/${app}_sudoer << EOSUDOER
 ${app} ALL = (root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, ${final_path}/check_method_${app}
 EOSUDOER
 visudo -cf /tmp/${app}_sudoer && mv /tmp/${app}_sudoer /etc/sudoers.d/${app}
+chmod 644 /etc/sudoers.d/${app}
 
 #=================================================
 # ACTIVATE BACKUP METHODS
@@ -156,6 +157,7 @@ Host ${server}
   UserKnownHostsFile /dev/null
 # end $app ssh config
 EOCONF
+chmod 700 ${ssh_dir}/config
 
 #=================================================
 # Display key
diff --git a/scripts/upgrade b/scripts/upgrade
index 2db9354..417bf90 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -76,6 +76,7 @@ cat > /tmp/${app}_sudoer << EOSUDOER
 ${app} ALL = (root) NOPASSWD: /usr/bin/yunohost*, /bin/journalctl*, /usr/bin/find /etc/yunohost/apps -name backup, ${final_path}/check_method_${app}
 EOSUDOER
 visudo -cf /tmp/${app}_sudoer && mv /tmp/${app}_sudoer /etc/sudoers.d/${app}
+chmod 644 /etc/sudoers.d/${app}
 ynh_script_progression --message="Move ssh keys from root to ${app} user's home"
 ynh_script_progression --message="Generate ssh config"
 set +o errexit
@@ -98,6 +99,7 @@ if [ "$missing_conf" -eq "1" ];then
     UserKnownHostsFile /dev/null
   # end $app ssh config
 EOCONF
+chmod 700 ${ssh_dir}/config
 fi
 chown -R ${app}: /home/${app}