mirror of
https://github.com/YunoHost-Apps/wallabag2_ynh.git
synced 2024-10-01 13:35:06 +02:00
Tighten permissions (#99)
* Tighten permissions * Check for existence of cache file before chmoding it
This commit is contained in:
Jules-Bertholet
lapineige
parent
8407715c98
commit
dddcb5789f
4 changed files with 21 additions and 14 deletions
|
|
@ -7,6 +7,22 @@
|
||||||
# dependencies used by the app
|
# dependencies used by the app
|
||||||
pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis"
|
pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# PERSONAL HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
function set_permissions {
|
||||||
|
# Set permissions to app files
|
||||||
|
chown -R $app:www-data $final_path
|
||||||
|
chmod -R g=u,g-w,o-rwx $final_path
|
||||||
|
|
||||||
|
# Restrict rights to Wallabag user only
|
||||||
|
chmod 600 $wb_conf
|
||||||
|
if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
|
||||||
|
chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# EXPERIMENTAL HELPERS
|
# EXPERIMENTAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
||||||
|
|
@ -160,12 +160,7 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex=
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Restrict rights to Wallabag user only
|
set_permissions
|
||||||
chmod 600 $wb_conf
|
|
||||||
|
|
||||||
# Set permissions to app files
|
|
||||||
chown -R $app: $final_path
|
|
||||||
chmod 755 $final_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP HOOKS
|
# SETUP HOOKS
|
||||||
|
|
|
||||||
|
|
@ -66,8 +66,9 @@ ynh_system_user_create --username=$app
|
||||||
# RESTORE USER RIGHTS
|
# RESTORE USER RIGHTS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Restore permissions on app files
|
wb_conf=$final_path/app/config/parameters.yml
|
||||||
chown -R $app: $final_path
|
|
||||||
|
set_permissions
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE PHP-FPM CONFIGURATION
|
# RESTORE THE PHP-FPM CONFIGURATION
|
||||||
|
|
|
||||||
|
|
@ -191,12 +191,7 @@ fi
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Restrict rights to Wallabag user only
|
set_permissions
|
||||||
chmod 600 $wb_conf
|
|
||||||
|
|
||||||
# Set permissions to app files
|
|
||||||
chown -R $app: $final_path
|
|
||||||
chmod 755 $final_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP HOOKS
|
# SETUP HOOKS
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue