regenconf: force systemd, nginx, php and fail2ban conf to be owned by root

hooks/conf_regen/01-yunohost

@@ -181,6 +181,15 @@ do_post_regen() {
     # NB: x permission for 'others' is important for ssl-cert (and maybe mdns), otherwise slapd will fail to start because can't access the certs
     chmod 755 /etc/yunohost
 
+    chown root:root /etc/systemd/system/*.service
+    chmod 644 /etc/systemd/system/*.service
+
+    if ls -l /etc/php/*/fpm/pool.d/*.conf
+    then
+        chown root:root /etc/php/*/fpm/pool.d/*.conf
+        chmod 644 /etc/php/*/fpm/pool.d/*.conf
+    fi
+
     # Certs
     # We do this with find because there could be a lot of them...
     chown -R root:ssl-cert /etc/yunohost/certs

hooks/conf_regen/15-nginx

@@ -144,6 +144,12 @@ do_pre_regen() {
 do_post_regen() {
     regen_conf_files=$1
 
+    if ls -l /etc/nginx/conf.d/*.d/*.conf
+    then
+        chown root:root /etc/nginx/conf.d/*.d/*.conf
+        chmod 644 /etc/nginx/conf.d/*.d/*.conf
+    fi
+
     [ -z "$regen_conf_files" ] && exit 0
 
     # create NGINX conf directories for domains

hooks/conf_regen/52-fail2ban

@@ -24,6 +24,12 @@ do_pre_regen() {
 do_post_regen() {
     regen_conf_files=$1
 
+    if ls -l /etc/fail2ban/jail.d/*.conf
+    then
+        chown root:root /etc/fail2ban/jail.d/*.conf
+        chmod 644 /etc/fail2ban/jail.d/*.conf
+    fi
+
     [[ -z "$regen_conf_files" ]] \
         || systemctl reload fail2ban
 }