This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "FusionForge".
The branch, feature/run-wui-as-fusionforge-user has been updated via 40a411c522077d53f90247c5b44be1ba887b081f (commit) from f7fd792d694869214ab717a56414cb828b3c8602 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=40a411c522077d53f90247c5b44be1ba887b081f commit 40a411c522077d53f90247c5b44be1ba887b081f Author: Roland Mas <lola...@debian.org> Date: Mon Oct 17 12:57:30 2016 +0200 Change ownership of app data to the app user The stored data (artifact attachments, docs, files and so on) are now stored under a directory that belongs to the "fusionforge" user, rather than the previous www-data/apache user. This means that code running as that www-data/apache user (for instance, any project website) no longer has access to potentially restricted-access data. diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh index 1306978..387ba1d 100755 --- a/src/post-install.d/web/web.sh +++ b/src/post-install.d/web/web.sh @@ -59,6 +59,7 @@ case "$1" in apache_user=$(forge_get_config apache_user) apache_group=$(forge_get_config apache_group) apache_service=$(forge_get_config apache_service) + system_user=$(forge_get_config system_user) if [ -x /usr/sbin/a2ensite ]; then ln -nfs $config_path/httpd.conf /etc/apache2/sites-available/fusionforge.conf @@ -94,15 +95,14 @@ case "$1" in # Setup Docman/FRS/Forum/Tracker/RSS attachments # (not done in 'make install' because e.g. dpkg ignores existing dirs, cf. DP10.9[1]) - chown $apache_user: $data_path/docman/ - chown $apache_user: $data_path/download/ - chown $apache_user: $data_path/forum/ - chown $apache_user: $data_path/forum/pending/ - chown $apache_user: $data_path/tracker/ - chown $apache_user: $data_path/rss/ + for i in docman download forum forum/pending tracker rss ; do + chown $system_user: $data_path/$i + chmod 700 $data_path/$i + done # Plugins activation from the web UI - chown $apache_user: $source_path/www/plugins/ + chown $system_user: $source_path/www/plugins/ + chmod 700 $source_path/www/plugins/ # Enable required modules if [ -x /usr/sbin/a2enmod ]; then ----------------------------------------------------------------------- Summary of changes: src/post-install.d/web/web.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) hooks/post-receive -- FusionForge _______________________________________________ Fusionforge-commits mailing list Fusionforge-commits@lists.fusionforge.org http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits