YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fix some critical permissions issues with ssl / slapd configuration

Browse source
This commit is contained in:
Alexandre Aubin 2019-08-12 01:56:18 +02:00
parent 268abdfbbd
commit dde3a19350
3 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
data/hooks/conf_regen/02-ssl
View file

@ -78,6 +78,9 @@ do_init_regen() {
ln -sf "$ynh_crt" /etc/ssl/certs/yunohost_crt.pem ln -sf "$ynh_crt" /etc/ssl/certs/yunohost_crt.pem
ln -sf "$ynh_key" /etc/ssl/private/yunohost_key.pem ln -sf "$ynh_key" /etc/ssl/private/yunohost_key.pem
fi fi
chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
chmod o-rwx /etc/yunohost/certs/yunohost.org/
} }
do_pre_regen() { do_pre_regen() {

2
data/hooks/conf_regen/06-slapd
View file

@ -78,6 +78,8 @@ do_post_regen() {
# Add openldap user in the ssl-cert group to let it access the certificate for TLS # Add openldap user in the ssl-cert group to let it access the certificate for TLS
sudo usermod -aG ssl-cert openldap sudo usermod -aG ssl-cert openldap
chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
chmod o-rwx /etc/yunohost/certs/yunohost.org/
[ -z "$regen_conf_files" ] && exit 0 [ -z "$regen_conf_files" ] && exit 0

2
data/templates/slapd/slapd.conf
View file

@ -42,7 +42,7 @@ sizelimit 500
tool-threads 1 tool-threads 1
# TLS Support # TLS Support
TLSCertificateFile /etc/ssl/private/yunohost_crt.pem TLSCertificateFile /etc/ssl/certs/yunohost_crt.pem
TLSCertificateKeyFile /etc/ssl/private/yunohost_key.pem TLSCertificateKeyFile /etc/ssl/private/yunohost_key.pem
####################################################################### #######################################################################