From 8d8cb0bdb7ccf0986a953aed03ebb18e02de1a22 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Dec 2023 10:28:07 +0100 Subject: [PATCH] More standard way to apply permissions + harden security for wakka.config.php --- scripts/_common.sh | 28 ---------------------------- scripts/install | 9 +++++---- scripts/restore | 8 +++----- scripts/upgrade | 5 +++-- 4 files changed, 11 insertions(+), 39 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 6e71054..5ea3694 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,31 +1,3 @@ #!/bin/bash -#================================================= -# COMMON VARIABLES -#================================================= - loginldap_version="2021-03-01-2" - -#================================================= -# PERSONAL HELPERS -#================================================= - -# update directory right -# | arg: app - The application's name ; default : yeswiki -# | arg: install_dir - The path of the application's folder -# yeswiki_update_dir_rights yeswiki /var/www/yeswiki -yeswiki_update_dir_rights() { - local app="${1:-yeswiki}" - local install_dir="${2}" - - chown -R $app:www-data $install_dir - chmod -R u=rwx,g=rx,o-rwx $install_dir -} - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/install b/scripts/install index d037d33..2868ff4 100755 --- a/scripts/install +++ b/scripts/install @@ -17,8 +17,8 @@ ynh_script_progression --message="Setting up source files..." --weight=5 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir #================================================= # PHP-FPM CONFIGURATION @@ -85,8 +85,9 @@ ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=us # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions to app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index a8f29f5..2dff91d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,11 +17,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" - -# Restore permissions on app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index a6e85f1..9618e9e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,8 +85,9 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # END OF SCRIPT