diff --git a/package_linter.py b/package_linter.py index 55c58e7..14751f9 100755 --- a/package_linter.py +++ b/package_linter.py @@ -787,8 +787,6 @@ class Configurations(TestSuite): yield Info(f"You are encouraged to harden the security of the systemd configuration {filename}. You can have a look at https://github.com/YunoHost/example_ynh/blob/master/conf/systemd.service#L14-L42 for a baseline.") - - @test() def php_config_specific_user(self): @@ -1621,6 +1619,13 @@ class Script(TestSuite): "(If you need to run a command using a specific user, use 'ynh_exec_as' (or 'sudo -u'))" ) + @test() + def chownroot(self): + if self.containsregex(r"^\s*chown.* root:?[^$]* .*final_path"): + yield Info( + "Using 'chown root $final_path' is usually symptomatic of misconfigured and wide-open 'other' permissions ... Usually ynh_setup_source should now set sane default permissions on $final_path (if the app requires Yunohost >= 4.2) ... Otherwise, consider using 'chown $app', 'chown nobody' or 'chmod' to limit access to $final_path ..." + ) + @test() def chmod777(self): if self.containsregex(r"chmod .*777") or self.containsregex(r'chmod .*o\+w'):