1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wallabag2_ynh.git synced 2024-10-01 13:35:06 +02:00

Tighten permissions (#99)

* Tighten permissions

* Check for existence of cache file before chmoding it
This commit is contained in:
Jules-Bertholet 2021-04-08 16:59:54 -04:00 committed by lapineige
parent 8407715c98
commit dddcb5789f
4 changed files with 21 additions and 14 deletions

View file

@ -7,6 +7,22 @@
# dependencies used by the app
pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis"
#=================================================
# PERSONAL HELPERS
#=================================================
function set_permissions {
# Set permissions to app files
chown -R $app:www-data $final_path
chmod -R g=u,g-w,o-rwx $final_path
# Restrict rights to Wallabag user only
chmod 600 $wb_conf
if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
fi
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================

View file

@ -160,12 +160,7 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex=
# SECURE FILES AND DIRECTORIES
#=================================================
# Restrict rights to Wallabag user only
chmod 600 $wb_conf
# Set permissions to app files
chown -R $app: $final_path
chmod 755 $final_path
set_permissions
#=================================================
# SETUP HOOKS

View file

@ -66,8 +66,9 @@ ynh_system_user_create --username=$app
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R $app: $final_path
wb_conf=$final_path/app/config/parameters.yml
set_permissions
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION

View file

@ -191,12 +191,7 @@ fi
# SECURE FILES AND DIRECTORIES
#=================================================
# Restrict rights to Wallabag user only
chmod 600 $wb_conf
# Set permissions to app files
chown -R $app: $final_path
chmod 755 $final_path
set_permissions
#=================================================
# SETUP HOOKS