From 41b5a1239336ff51868a3ec7cff7385e1d8ab88b Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 11 Mar 2021 03:07:16 +0100
Subject: [PATCH 1/2] Enforce permissions for /home/yunohost.backup and .conf

---
 data/hooks/conf_regen/01-yunohost | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost
index c4120d487..1dd2705e1 100755
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@@ -94,6 +94,22 @@ do_post_regen() {
   # Enfore permissions #
   ######################
 
+  if [ -d /home/yunohost.backup ]
+  then
+    chmod 750 /home/yunohost.backup
+    chown admin:root /home/yunohost.backup
+  fi
+  if [ -d /home/yunohost.backup/archives ]
+  then
+    chmod 750 /home/yunohost.backup/archives
+    chown admin:root /home/yunohost.backup/archives
+  fi
+  if [ -d /home/yunohost.conf ]
+  then
+    chmod 750 /home/yunohost.conf
+    chown root:root /home/yunohost.conf
+  fi
+
   # Certs
   # We do this with find because there could be a lot of them...
   chown -R root:ssl-cert /etc/yunohost/certs

From 4a7129e69b4e4a0d2096f3f8029cb425488a8bbe Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 11 Mar 2021 03:08:41 +0100
Subject: [PATCH 2/2] Update changelog for 4.1.7.4

---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 5fb0e563d..51eed275b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+yunohost (4.1.7.4) stable; urgency=low
+
+  - [fix] sec: Enforce permissions for /home/yunohost.backup and .conf (41b5a123)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 11 Mar 2021 03:08:10 +0100
+
 yunohost (4.1.7.3) stable; urgency=low
 
   - [fix] log: Some secrets were not redacted (0c172cd3)