From 40512182dffb00b11f1687183f885ea583818670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Lemonsu?= Date: Thu, 7 Jan 2021 14:34:22 +0100 Subject: [PATCH] remove permissions for other on wp-config file --- scripts/actions/reset_default_app | 5 ++++- scripts/install | 3 ++- scripts/restore | 3 ++- scripts/upgrade | 5 +++-- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/scripts/actions/reset_default_app b/scripts/actions/reset_default_app index 1af95b8..ba86327 100755 --- a/scripts/actions/reset_default_app +++ b/scripts/actions/reset_default_app @@ -77,12 +77,15 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php # Reset permissions find $final_path/ -type f -print0 | xargs -0 chmod 0644 find $final_path/ -type d -print0 | xargs -0 chmod 0755 +# Remove permissions for others +chmod 640 $final_path/wp-config.php + #================================================= # UPGRADE FAIL2BAN #================================================= diff --git a/scripts/install b/scripts/install index ff4d8f6..687ccba 100644 --- a/scripts/install +++ b/scripts/install @@ -241,7 +241,8 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php +chmod 640 $final_path/wp-config.php #================================================= # SETUP FAIL2BAN diff --git a/scripts/restore b/scripts/restore index d77447c..ecf9787 100644 --- a/scripts/restore +++ b/scripts/restore @@ -91,7 +91,8 @@ ynh_system_user_create --username=$app # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php +chmod 640 $final_path/wp-config.php #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index a104e38..c2ef498 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -220,7 +220,7 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_systemd_action --service_name=nginx --action=reload - + plugin_network="--network" else multisite=0 @@ -276,7 +276,8 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. # Files have to be own by the user of wordpress. To allow upgrade from the app. chown -R $app: $final_path # Except the file config wp-config.php -chown root: $final_path/wp-config.php +chown root:$app $final_path/wp-config.php +chmod 640 $final_path/wp-config.php #================================================= # UPGRADE FAIL2BAN