This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, feature/run-wui-as-fusionforge-user has been updated
       via  40a411c522077d53f90247c5b44be1ba887b081f (commit)
      from  f7fd792d694869214ab717a56414cb828b3c8602 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------;a=commitdiff;h=40a411c522077d53f90247c5b44be1ba887b081f

commit 40a411c522077d53f90247c5b44be1ba887b081f
Author: Roland Mas <>
Date:   Mon Oct 17 12:57:30 2016 +0200

    Change ownership of app data to the app user
    The stored data (artifact attachments, docs, files and so on) are now
    stored under a directory that belongs to the "fusionforge" user, rather
    than the previous www-data/apache user.  This means that code running as
    that www-data/apache user (for instance, any project website) no longer
    has access to potentially restricted-access data.

diff --git a/src/post-install.d/web/ b/src/post-install.d/web/
index 1306978..387ba1d 100755
--- a/src/post-install.d/web/
+++ b/src/post-install.d/web/
@@ -59,6 +59,7 @@ case "$1" in
        apache_user=$(forge_get_config apache_user)
        apache_group=$(forge_get_config apache_group)
        apache_service=$(forge_get_config apache_service)
+       system_user=$(forge_get_config system_user)
        if [ -x /usr/sbin/a2ensite ]; then
            ln -nfs $config_path/httpd.conf 
@@ -94,15 +95,14 @@ case "$1" in
        # Setup Docman/FRS/Forum/Tracker/RSS attachments
        # (not done in 'make install' because e.g. dpkg ignores existing dirs, 
cf. DP10.9[1])
-       chown $apache_user: $data_path/docman/
-       chown $apache_user: $data_path/download/
-       chown $apache_user: $data_path/forum/
-       chown $apache_user: $data_path/forum/pending/
-       chown $apache_user: $data_path/tracker/
-       chown $apache_user: $data_path/rss/
+       for i in docman download forum forum/pending tracker rss ; do
+           chown $system_user: $data_path/$i
+           chmod 700 $data_path/$i
+       done
        # Plugins activation from the web UI
-       chown $apache_user: $source_path/www/plugins/
+       chown $system_user: $source_path/www/plugins/
+       chmod 700 $source_path/www/plugins/
        # Enable required modules
        if [ -x /usr/sbin/a2enmod ]; then


Summary of changes:
 src/post-install.d/web/ | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)


Fusionforge-commits mailing list

Reply via email to