From a884951f36d7325da7b39432c1aee3e4d93279ec Mon Sep 17 00:00:00 2001
From: lapineige <lapineige@users.noreply.github.com>
Date: Wed, 7 Apr 2021 09:40:57 +0200
Subject: [PATCH] Reduces access permissions to db password

---
 scripts/install | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/install b/scripts/install
index 375add7..9fdcb7e 100644
--- a/scripts/install
+++ b/scripts/install
@@ -160,13 +160,14 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex=
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Restrict rights to Wallabag user only
-chmod 600 $wb_conf
-
 # Set permissions to app files
 chown -R $app: $final_path
 chmod 755 $final_path
 
+# Restrict rights to Wallabag user only
+chmod 600 $wb_conf # parameter file should not be accessible by any other user
+chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php # contains database password, should not be readable by another user
+
 #=================================================
 # SETUP HOOKS
 #=================================================