diff --git a/manifest.json b/manifest.json index e00ec5a..f8ea6aa 100644 --- a/manifest.json +++ b/manifest.json @@ -24,7 +24,7 @@ "email": "maniackc_dev@crudelis.fr" }], "requirements": { - "yunohost": ">= 4.1.2" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ diff --git a/scripts/change_url b/scripts/change_url index 40bebad..85f5144 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -47,7 +47,7 @@ ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script diff --git a/scripts/install b/scripts/install index 957189d..1cc15ba 100644 --- a/scripts/install +++ b/scripts/install @@ -230,6 +230,10 @@ $wpcli_alias plugin activate authldap $plugin_network $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= @@ -237,6 +241,9 @@ $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/wp-config.php" +chmod 400 "$final_path/wp-config.php" +chown $app:$app "$final_path/wp-config.php" + #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= @@ -244,17 +251,6 @@ ynh_store_file_checksum --file="$final_path/wp-config.php" echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. 0 3 * * * $app php$phpversion $final_path/wp-cron.php" > /etc/cron.d/$app -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -# Files have to be own by the user of wordpress. To allow upgrade from the app. -chown -R $app: $final_path -# Except the file config wp-config.php -chown root:$app $final_path/wp-config.php -chmod 640 $final_path/wp-config.php - #================================================= # GENERIC FINALISATION #================================================= diff --git a/scripts/restore b/scripts/restore index 2eea8ea..41556c1 100644 --- a/scripts/restore +++ b/scripts/restore @@ -74,12 +74,12 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -# Set permissions to app files -# Files have to be own by the user of wordpress. To allow upgrade from the app. -chown -R $app: $final_path -# Except the file config wp-config.php -chown root:$app $final_path/wp-config.php -chmod 640 $final_path/wp-config.php +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +chmod 400 "$final_path/wp-config.php" +chown $app:$app "$final_path/wp-config.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index b31dedf..0811e11 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -276,6 +276,10 @@ $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Disable broken plugin http-authentication $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deactivate http-authentication $plugin_network +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # STORE THE CHECKSUM OF THE CONFIG FILE #================================================= @@ -283,6 +287,9 @@ $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deac # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file="$final_path/wp-config.php" +chmod 400 "$final_path/wp-config.php" +chown $app:$app "$final_path/wp-config.php" + #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= @@ -292,17 +299,6 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. #================================================= # GENERIC FINALISATION -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -# Files have to be own by the user of wordpress. To allow upgrade from the app. -chown -R $app: $final_path -# Except the file config wp-config.php -chown root:$app $final_path/wp-config.php -chmod 640 $final_path/wp-config.php - #================================================= # UPGRADE FAIL2BAN #=================================================