Automatically apply permissions for stuff provisioned with ynh_setup_source.
#1955
Conversation
helpers/helpers.v2.1.d/utils
Outdated
| chown "$app:$app" "$target" | ||
| if (is_in_dir "$target" "${install_dir:-}" || is_in_dir "$target" "${data_dir:-}" || is_in_dir "$target" "/etc/$app"); then | ||
| if [ -d "$target" ]; then | ||
| chmod -R o+rwX "$target" |
There was a problem hiding this comment.
Seems a security hole. If we do ynh_setup_source or ynh_setup_source "$install_dir" we apply here a o+rwX permission by default, but we should not allowed other users to access this dir (by default) i guess.
In more adding a -R options onto data_dir could be looooong (if there is a lot of file), so this should be done only one time by yunohost install or upgrade...
I suggest to study all chown, chmod apps to understand what should be done by default and how give advice in the right way to packagers if needed.
There was a problem hiding this comment.
It was supposed to be u not o x_x
|
|
So eeeeh, should we move forward with this ? |
Honestly 🤷 , I guess zamentur has a valid idea to assess if these are permissions right for my one app or general defaults for the apps in catalogue. |
The problem
ynh_setup_source "$install_dir/subpath"is excluded from default permissions$install_diris exempt from default permissions, unlike adding a file there.Solution
Subdirectories of
$install_dirand$data_dirget$app:$appo+rwXownership & permissions by default, in line with files added there.PR Status
It worked once when installing YunoHost-Apps/syncserver-rs_ynh#58
How to test
Install an app that uses helpers v2.1 (duh) and provisions sources into a subdirectory.