diff --git a/scripts/install b/scripts/install index 1cc15ba..cd6468b 100644 --- a/scripts/install +++ b/scripts/install @@ -230,9 +230,11 @@ $wpcli_alias plugin activate authldap $plugin_network $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network +# Set file and directories ownership chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +chmod g+s $final_path/wp-content/uploads #================================================= # STORE THE CONFIG FILE CHECKSUM @@ -243,6 +245,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" +# We do not want www-data to get access to this file through the ACLs +setfacl -b "$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE diff --git a/scripts/restore b/scripts/restore index 41556c1..9ea31b9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -74,12 +74,17 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" +# Set file and directories ownership chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +chmod g+s $final_path/wp-content/uploads +chmod g+s $(find $final_path/wp-content/uploads -type d) chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" +# We do not want www-data to get access to this file through the ACLs +setfacl -b "$final_path/wp-config.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 0481559..30c873d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -277,9 +277,13 @@ $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Disable broken plugin http-authentication $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deactivate http-authentication $plugin_network + +# Set file and directories ownership chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +chmod g+s $final_path/wp-content/uploads +chmod g+s $(find $final_path/wp-content/uploads -type d) #================================================= # STORE THE CHECKSUM OF THE CONFIG FILE @@ -290,6 +294,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" +# We do not want www-data to get access to this file through the ACLs +setfacl -b "$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE