Gitiles
Code Review Sign In
www.giggi.me / tod / e30b4c98dad83c046c4aeeb11205929f0bad99ec^! / .
commite30b4c98dad83c046c4aeeb11205929f0bad99ec[log] [tgz]
authorLuigi Santivetti <luigi.santivetti@gmail.com>Sun Oct 25 21:22:19 2020 +0000
committerLuigi Santivetti <luigi.santivetti@gmail.com>Fri Nov 06 19:24:20 2020 +0000
tree4334734b70911bb5559ace981f615858f3fe6583
parent56541a9f8e832355fea214f9c4f15b501c7a0e3d [diff]
module/apache: set apache files mode to www-data

diff --git a/module/apache/module.sh b/module/apache/module.sh
index 7506a51..6c932af 100644
--- a/module/apache/module.sh
+++ b/module/apache/module.sh

@@ -363,8 +363,9 @@
 function __finalise_install
 {
 	[ ! -f "$1/$clean_skiptag_sh" ] || {
-		pushd "$1" &>/dev/null && \
-			source "$1/$clean_skiptag_sh" && popd &>/dev/null
+		pushd "$1" &>/dev/null || return $s_err
+		sudo -E /bin/bash "$1/$clean_skiptag_sh"
+		popd &>/dev/null
 	}
 }
 
@@ -381,22 +382,22 @@
 		case "$target" in
 			pelican-html)
 				INSTALLDIR=$views_d \
-				make install-html   || return $s_err ;;
+				sudo -E make install-html   || return $s_err ;;
 			pelican-theme)
 				INSTALLDIR_THEME=$html_d \
-				make install-theme  || return $s_err ;;
+				sudo -E make install-theme  || return $s_err ;;
 			pelican-photos)
 				INSTALLDIR_PHOTOS=$photos_d \
-				make install-photos || return $s_err ;;
+				sudo -E make install-photos || return $s_err ;;
 			pelican-videos)
 				INSTALLDIR_VIDEOS=$videos_d \
-				make install-videos || return $s_err ;;
+				sudo -E make install-videos || return $s_err ;;
 			pelican-all)
 				INSTALLDIR=$views_d \
 				INSTALLDIR_THEME=$html_d \
 				INSTALLDIR_PHOTOS=$photos_d \
 				INSTALLDIR_VIDEOS=$videos_d \
-				make install || return $s_err
+				sudo -E make install || return $s_err
 
 				# FIXME: improve integration with skiptag
 				__finalise_install $photos_d || \
@@ -405,6 +406,33 @@
 					lets -l -e "Failed to finalise videos" ;;
 		esac
 	done
+
+	# Default in Linux in www-data, apply to all installed contents here
+	local -ir uid=$(stat -c "%u" $html_d)
+	local -ir gid=$(stat -c "%g" $html_d)
+
+	sudo find $html_d -type f -exec /bin/bash -c \
+	     "set -x; chmod 644 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo find $views_d -type f -exec /bin/bash -c \
+	     "set -x; chmod 644 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo find $html_d -type d -exec /bin/bash -c \
+	     "set -x; chmod 755 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo find $views_d -type d -exec /bin/bash -c \
+	     "set -x; chmod 755 {} && chown $uid:$gid {}" \; || return $s_err	
+
+	if [ -d "$photos_d" ]; then
+	    sudo find $photos_d -type f -exec /bin/bash -c \
+		 "set -x; chmod 644 {} && chown $uid:$gid {}" \; || return $s_err
+	    sudo find $photos_d -type d -exec /bin/bash -c \
+		 "set -x; chmod 755 {} && chown $uid:$gid {}" \; || return $s_err
+	fi
+
+	if [ -d "$videos_d" ]; then
+	    sudo find $videos_d -type f -exec /bin/bash -c \
+		 "set -x; chmod 644 {} && chown $uid:$gid {}" \; || return $s_err
+	    sudo find $videos_d -type d -exec /bin/bash -c \
+		 "set -x; chmod 755 {} && chown $uid:$gid {}" \; || return $s_err
+	fi
 }
 
 function __create_apache_frontend
@@ -467,11 +495,26 @@
 	for target in ${CODEIGN_INSTALL_TARGETS[@]}; do
 		case "$target" in
 			codeign-all)
-				cp -ra $backend_d/application $www_d || return $s_err2
-				cp -ra $backend_d/system $www_d      || return $s_err3
-				cp -a $backend_d/index.php $html_d   || return $s_err4 ;;
+				sudo -E cp -ra $backend_d/application $www_d || return $s_err2
+				sudo -E cp -ra $backend_d/system $www_d      || return $s_err3
+				sudo -E cp -a $backend_d/index.php $html_d   || return $s_err4 ;;
 		esac
 	done
+
+	# Default in Linux in www-data, apply to all installed contents here
+	local -ir uid=$(stat -c "%u" $html_d)
+	local -ir gid=$(stat -c "%g" $html_d)
+
+	sudo find "$www_d/application" -type f -exec /bin/bash -c \
+	     "set -x; chmod 644 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo find "$www_d/application" -type d -exec /bin/bash -c \
+	     "set -x; chmod 755 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo find "$www_d/system" -type f -exec /bin/bash -c \
+	     "set -x; chmod 644 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo find "$www_d/system" -type d -exec /bin/bash -c \
+	     "set -x; chmod 755 {} && chown $uid:$gid {}" \; || return $s_err
+	sudo chmod 644 "$html_d/index.php"
+	sudo chown $uid:$gid "$html_d/index.php"
 }
 
 function __create_apache_backend

diff --git a/module/mysql/module.sh b/module/mysql/module.sh
index 11215bd..de28468 100644
--- a/module/mysql/module.sh
+++ b/module/mysql/module.sh

@@ -160,12 +160,15 @@
 	# Duplicate ca as it needs to be mounted client side
 	cp -ar $ca_f $ca_dup_f
 
-	set_mode "0644" $mysql_uid \
-			 $ca_f $ca_dup_f \
-			 $server_key_f $server_req_f $server_cert_f \
-			 $client_key_f $client_req_f $client_cert_f || return $s_err
+	set_mode "0644" $mysql_uid $ca_f \
+		 $server_key_f $server_req_f $server_cert_f || return $s_err
+
+	# WARNING! The only client expected is apache. This can break other clients
+	set_mode "0644" "www-data" \
+		 $ca_dup_f $client_key_f $client_cert_f || return $s_err
 
 	set_mode "0600" $mysql_uid $ca_key_f || return $s_err
+	set_mode "0755" root $certificates_d || return $s_err
 }
 
 function __mysql_do_dummy_cert