From 87b0b10e0e6853c79cb786ada4a28ddf1a747548 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Wed, 24 Mar 2021 20:24:31 +0100
Subject: [PATCH] Enforce permissions on /var/cache/yunohost

---
 data/hooks/conf_regen/01-yunohost | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost
index a6d672f57..30828c462 100755
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@@ -50,6 +50,8 @@ do_init_regen() {
   chown root:root /etc/ssowat/conf.json.persistent
 
   mkdir -p /var/cache/yunohost/repo
+  chown root:root /var/cache/yunohost
+  chmod 700 /var/cache/yunohost
 }
 
 do_pre_regen() {
@@ -142,6 +144,9 @@ do_post_regen() {
   find /etc/yunohost/certs/ -type f -exec chmod 640 {} \;
   find /etc/yunohost/certs/ -type d -exec chmod 750 {} \;
 
+  chown root:root /var/cache/yunohost
+  chmod 700 /var/cache/yunohost
+
   # Misc configuration / state files
   chown root:root $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)
   chmod 600 $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)