Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/www-apps/tt-rss/files/permissions-r1
diff options
context:
space:
mode:
Diffstat (limited to 'www-apps/tt-rss/files/permissions-r1')
-rw-r--r--www-apps/tt-rss/files/permissions-r123
1 files changed, 14 insertions, 9 deletions
diff --git a/www-apps/tt-rss/files/permissions-r1 b/www-apps/tt-rss/files/permissions-r1
index e50b4406646d..0ca420e97beb 100644
--- a/www-apps/tt-rss/files/permissions-r1
+++ b/www-apps/tt-rss/files/permissions-r1
@@ -3,22 +3,27 @@
cd "${MY_INSTALLDIR}"
if [[ $1 = install ]]; then
+ # Ensure database credentials are secure.
+ [[ -e config.php ]] || touch config.php
+ chown --no-dereference "${VHOST_SERVER_UID}":ttrssd config.php
+ chmod 00440 config.php
+
# We need to lock down cache/ for the operations below to be
# safe. The permissions match the webapp-config defaults but these
# can be changed and existing installations may also differ.
chown root:root cache/
chmod 00755 cache/
- chgrp --no-dereference ttrssd feed-icons/ lock/ cache/*/
- chmod g+ws feed-icons/ lock/ cache/*/
+ chgrp --no-dereference ttrssd lock/ cache/*/
+ chmod g+ws lock/ cache/*/
- # Files within lock/ are exclusively written by the update daemon.
- # feed-icons/ and cache/ holds files that are modified in place by both
- # processes and therefore ACLs are required to ensure that the files
- # themselves are created as group writable.
- if ! setfacl --modify d:g::rwX feed-icons/ cache/*/; then
+ # Files within lock/ are exclusively written by the update daemon. cache/
+ # subdirectories hold files that are modified in place by both processes and
+ # therefore ACLs are required to ensure that the files themselves are
+ # created as group writable.
+ if ! setfacl --modify d:g::rwX cache/*/; then
echo "WARNING: ACLs are not available on this filesystem. Either enable them or set TTRSSD_USER to your PHP user in /etc/conf.d/ttrssd to avoid permission issues."
- elif [[ -n $(find feed-icons/ cache/ -type f ! -name ".*" ! -name index.html ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then
- echo "WARNING: Files that are not writable by the ttrssd group found within the cache or feed-icons directories. Either delete them or correct their permissions."
+ elif [[ -n $(find cache/ -type f ! -name ".*" ! -name index.html ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then
+ echo "WARNING: Files that are not writable by the ttrssd group found within the cache directory. Either delete them or correct their permissions."
fi
fi