From 1fe2a983f842e27d5e396dddf412ec90f6e43495 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 3 May 2022 21:45:35 +0200 Subject: [PATCH 1/3] Fix et stick files and directories ownership Co-authored-by: ljf (zamentur) --- scripts/install | 4 ++++ scripts/restore | 5 +++++ scripts/upgrade | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/scripts/install b/scripts/install index 1cc15ba..cd6468b 100644 --- a/scripts/install +++ b/scripts/install @@ -230,9 +230,11 @@ $wpcli_alias plugin activate authldap $plugin_network $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network +# Set file and directories ownership chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +chmod g+s $final_path/wp-content/uploads #================================================= # STORE THE CONFIG FILE CHECKSUM @@ -243,6 +245,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" +# We do not want www-data to get access to this file through the ACLs +setfacl -b "$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE diff --git a/scripts/restore b/scripts/restore index 41556c1..9ea31b9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -74,12 +74,17 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" +# Set file and directories ownership chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +chmod g+s $final_path/wp-content/uploads +chmod g+s $(find $final_path/wp-content/uploads -type d) chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" +# We do not want www-data to get access to this file through the ACLs +setfacl -b "$final_path/wp-config.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 0481559..30c873d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -277,9 +277,13 @@ $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Disable broken plugin http-authentication $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deactivate http-authentication $plugin_network + +# Set file and directories ownership chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +chmod g+s $final_path/wp-content/uploads +chmod g+s $(find $final_path/wp-content/uploads -type d) #================================================= # STORE THE CHECKSUM OF THE CONFIG FILE @@ -290,6 +294,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" +# We do not want www-data to get access to this file through the ACLs +setfacl -b "$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE From 8677e1bb7e73c543660071a1d993607ff087c46e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Wed, 4 May 2022 19:47:08 +0200 Subject: [PATCH 2/3] Make sure uploads directory exists --- scripts/install | 1 + scripts/upgrade | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index cd6468b..64fd183 100644 --- a/scripts/install +++ b/scripts/install @@ -231,6 +231,7 @@ $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Set file and directories ownership +mkdir -p $final_path/wp-content/uploads chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" diff --git a/scripts/upgrade b/scripts/upgrade index 30c873d..65d31c8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -279,6 +279,7 @@ $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deac # Set file and directories ownership +mkdir -p $final_path/wp-content/uploads chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" From 01d894a4acfed464a1576d9dac9dbe43fec113ac Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 22 May 2022 21:15:41 +0200 Subject: [PATCH 3/3] Remove setfacl attempts to fix permissions --- scripts/install | 2 -- scripts/restore | 2 -- scripts/upgrade | 2 -- 3 files changed, 6 deletions(-) diff --git a/scripts/install b/scripts/install index 64fd183..743c885 100644 --- a/scripts/install +++ b/scripts/install @@ -246,8 +246,6 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" -# We do not want www-data to get access to this file through the ACLs -setfacl -b "$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE diff --git a/scripts/restore b/scripts/restore index 9ea31b9..f9ee58f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -83,8 +83,6 @@ chmod g+s $(find $final_path/wp-content/uploads -type d) chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" -# We do not want www-data to get access to this file through the ACLs -setfacl -b "$final_path/wp-config.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 65d31c8..0e7a5e0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -295,8 +295,6 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" chmod 400 "$final_path/wp-config.php" chown $app:$app "$final_path/wp-config.php" -# We do not want www-data to get access to this file through the ACLs -setfacl -b "$final_path/wp-config.php" #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE