Fix user admin is set into group www-data

DoliCloud · Jan 22, 2024 · c87d7ec · c87d7ec
1 parent 4157fb9
commit c87d7ec
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 8 deletions.
diff --git a/backoffice/instance_backup.php b/backoffice/instance_backup.php
@@ -198,15 +198,17 @@
 
 $tmparray = explode('.', $object->ref_customer);
 
-$moveinstancestringtoshow .= "# check that the master server can connect with ssh and user admin on the source instance server with\n";
-$moveinstancestringtoshow .= "# ssh admin@".getDomainFromURL($object->ref_customer, 2)."\n";
-$moveinstancestringtoshow .= "# If not, do this on ".getDomainFromURL($object->ref_customer, 2).":\n";
+$moveinstancestringtoshow .= "# First, check that the master server can connect with ssh and user admin on the source instance server with:\n";
+$moveinstancestringtoshow .= "# ssh admin@".getDomainFromURL($object->ref_customer, 2)." wc /etc/apache2/with.sellyoursaas.com*.*\n";
+$moveinstancestringtoshow .= "# If ssh connect fails, do this on ".getDomainFromURL($object->ref_customer, 2).":\n";
 $moveinstancestringtoshow .= "# cp /etc/skel/.ssh/authorized_keys_support /home/admin/.ssh/authorized_keys_support; chown admin.admin /home/admin/.ssh/authorized_keys_support\n";
+//$moveinstancestringtoshow .= "# - If some cert files read is denied, do this on ".getDomainFromURL($object->ref_customer, 2).":\n";
+//$moveinstancestringtoshow .= "#   gpasswd -a admin www-data\n";
 $moveinstancestringtoshow .= "su - admin\n";
 $moveinstancestringtoshow .= getDolGlobalString('DOLICLOUD_SCRIPTS_PATH') . '/master_move_instance.php '.$object->ref_customer.' '.$tmparray[0].'.withNEW.'.getDomainFromURL($object->ref_customer, 1).' (test|confirm|confirmredirect|confirmmaintenance)'."\n";
 // Remove read in certif file.
-$moveinstancestringtoshow .= "chmod o-r /etc/apache2/".getDomainFromURL($object->ref_customer, 2).".key\n";
-
+//$moveinstancestringtoshow .= "chmod o-r /etc/apache2/".getDomainFromURL($object->ref_customer, 2).".key\n";
+$moveinstancestringtoshow .= "gpasswd -d admin www-data\n";
 
 // Increase limit of time. Works only if we are not in safe mode
 $ExecTimeLimit = 1800; // 30mn

diff --git a/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc b/doc/Documentation SellYourSaas - Master and Deployment Servers - EN.asciidoc
@@ -512,6 +512,7 @@ Add at the end of */etc/bash.bashrc*:
 [source, bash]
 ---------------
 alias psld='ps -fax -eo user:12,pid,ppid,pcpu,pmem,vsz:12,size:12,tty,start_time:6,utime,time,context,cmd'
+HISTIGNORE='-*'
 ---------------
 
 

diff --git a/scripts/ansible/launch_install_check.yml b/scripts/ansible/launch_install_check.yml
@@ -17,10 +17,14 @@
   become_method: sudo
   become_user: root
   tasks:
-  - name: Remove user admin from any group (no more need to be in extra groups).
+#  - name: Get list of all groups for user admin
+#    shell: groups admin | sed 's/^.*: //'
+#    register: groups  
+  - name: Remove user admin from any group except www-data (no need to be in extra groups).
     user: 
       name: "admin"
-      groups: ''
+      #groups: ''
+      groups: 'www-data'
       append: false   
 #  - name: Check/create file /home/admin/.ssh/authorized_keys.toallowmaster
 #    ansible.builtin.file:
@@ -36,7 +40,6 @@
 #      path: /home/ubuntu/.ssh/authorized_keys
 #      state: absent
 
-
 - name: Update PAM password policy
   hosts: '{{target}}'
   become: yes