From c4af75125a3332e36ee8e5c100b92968328250eb Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Wed, 29 Sep 2021 18:01:01 +0200
Subject: [PATCH] Report usage of 'chown root '

---
 package_linter.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/package_linter.py b/package_linter.py
index 55c58e7..14751f9 100755
--- a/package_linter.py
+++ b/package_linter.py
@@ -787,8 +787,6 @@ class Configurations(TestSuite):
 
                 yield Info(f"You are encouraged to harden the security of the systemd configuration {filename}. You can have a look at https://github.com/YunoHost/example_ynh/blob/master/conf/systemd.service#L14-L42 for a baseline.")
 
-
-
     @test()
     def php_config_specific_user(self):
 
@@ -1621,6 +1619,13 @@ class Script(TestSuite):
                 "(If you need to run a command using a specific user, use 'ynh_exec_as' (or 'sudo -u'))"
             )
 
+    @test()
+    def chownroot(self):
+        if self.containsregex(r"^\s*chown.* root:?[^$]* .*final_path"):
+            yield Info(
+                "Using 'chown root $final_path' is usually symptomatic of misconfigured and wide-open 'other' permissions ... Usually ynh_setup_source should now set sane default permissions on $final_path (if the app requires Yunohost >= 4.2) ... Otherwise, consider using 'chown $app', 'chown nobody' or 'chmod' to limit access to $final_path ..."
+            )
+
     @test()
     def chmod777(self):
         if self.containsregex(r"chmod .*777") or self.containsregex(r'chmod .*o\+w'):