blob: fdbb24f8e029233a47b67067223cc0c777f28954 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#!/bin/bash
# T&M Hansson IT AB © - 2022, https://www.hanssonit.se/
true
SCRIPT_NAME="Set up Secure Permissions for Nextcloud"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
htuser='www-data'
htgroup='www-data'
rootuser='root'
# Only check for existing datadir if Nextcloud is installed
if [ -f "$NCPATH"/config/config.php ]
then
NCDATA="$(grep 'datadir' "${NCPATH}"/config/config.php | awk '{print $3}' | cut -d "'" -f2)"
# Check if ncdata is set, else fetch value from lib again (maybe happens during installation)
if [ -z "${NCDATA}" ]
then
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
fi
fi
print_text_in_color "$IGreen" "Setting secure permissions..."
print_text_in_color "$ICyan" "Creating possible missing Directories"
mkdir -p "$NCPATH"/data
mkdir -p "$NCPATH"/updater
install -d -m 777 "$VMLOGS"
install -o "${htuser}" -g "${htgroup}" -m 660 /dev/null /var/log
mkdir -p "${NCDATA}"
if ! [ -f "$VMLOGS/nextcloud.log" ]
then
touch "$VMLOGS/nextcloud.log"
fi
if ! [ -f "$VMLOGS/audit.log" ]
then
touch "$VMLOGS/audit.log"
fi
print_text_in_color "$ICyan" "chmod Files and Directories"
find "${NCPATH}"/ -type f -print0 | xargs -0 chmod 0640
find "${VMLOGS}"/audit.log -type f -print0 | xargs -0 chmod 0640
find "${NCPATH}"/ -type d -print0 | xargs -0 chmod 0750
find "${VMLOGS}"/ -type d -print0 | xargs -0 chmod 0750
find "${VMLOGS}"/nextcloud.log -type f -print0 | xargs -0 chmod 0640
print_text_in_color "$ICyan" "chown Directories"
chown -R "${rootuser}":"${htgroup}" "${VMLOGS}"/
chown "${htuser}":"${htgroup}" "${VMLOGS}"/
chown "${htuser}":"${htgroup}" "${VMLOGS}"/nextcloud.log
chown "${htuser}":"${htgroup}" "${VMLOGS}"/audit.log
chown -R "${rootuser}":"${htgroup}" "${NCPATH}"/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/apps/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/config/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/themes/
chown -R "${htuser}":"${htgroup}" "${NCPATH}"/updater/
if [ -f "${VMLOGS}"/update.log ]
then
chown "${rootuser}":"${rootuser}" "${VMLOGS}"/update.log
fi
# Nextcloud datafolder
if [ -d "${NCDATA}" ]
then
# Always chown root dir
chown "${htuser}":"${htgroup}" "${NCDATA}"/
# Check subdirs as well
if find "${NCDATA}" -maxdepth 2 -type d -exec stat --printf='%U:%G\n' {} \; | grep -v "${htuser}":"${htgroup}"
then
chown -R "${htuser}":"${htgroup}" "${NCDATA}"/
fi
# Also always chown files_external (https://github.com/nextcloud/vm/issues/2398)
if [ -d "${NCDATA}"/files_external ]
then
chown -R "${htuser}":"${htgroup}" "${NCDATA}"/files_external
fi
fi
chmod +x "${NCPATH}"/occ
print_text_in_color "$ICyan" "chmod/chown .htaccess"
if [ -f "${NCPATH}"/.htaccess ]
then
chmod 0644 "${NCPATH}"/.htaccess
chown "${htuser}":"${htgroup}" "${NCPATH}"/.htaccess
fi
if [ -f "${NCDATA}"/.htaccess ]
then
chmod 0644 "${NCDATA}"/.htaccess
chown "${htuser}":"${htgroup}" "${NCDATA}"/.htaccess
fi
|