This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, feature/run-wui-as-fusionforge-user has been updated
via 40a411c522077d53f90247c5b44be1ba887b081f (commit)
from f7fd792d694869214ab717a56414cb828b3c8602 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=40a411c522077d53f90247c5b44be1ba887b081f
commit 40a411c522077d53f90247c5b44be1ba887b081f
Author: Roland Mas <lola...@debian.org>
Date: Mon Oct 17 12:57:30 2016 +0200
Change ownership of app data to the app user
The stored data (artifact attachments, docs, files and so on) are now
stored under a directory that belongs to the "fusionforge" user, rather
than the previous www-data/apache user. This means that code running as
that www-data/apache user (for instance, any project website) no longer
has access to potentially restricted-access data.
diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh
index 1306978..387ba1d 100755
--- a/src/post-install.d/web/web.sh
+++ b/src/post-install.d/web/web.sh
@@ -59,6 +59,7 @@ case "$1" in
apache_user=$(forge_get_config apache_user)
apache_group=$(forge_get_config apache_group)
apache_service=$(forge_get_config apache_service)
+ system_user=$(forge_get_config system_user)
if [ -x /usr/sbin/a2ensite ]; then
ln -nfs $config_path/httpd.conf
/etc/apache2/sites-available/fusionforge.conf
@@ -94,15 +95,14 @@ case "$1" in
# Setup Docman/FRS/Forum/Tracker/RSS attachments
# (not done in 'make install' because e.g. dpkg ignores existing dirs,
cf. DP10.9[1])
- chown $apache_user: $data_path/docman/
- chown $apache_user: $data_path/download/
- chown $apache_user: $data_path/forum/
- chown $apache_user: $data_path/forum/pending/
- chown $apache_user: $data_path/tracker/
- chown $apache_user: $data_path/rss/
+ for i in docman download forum forum/pending tracker rss ; do
+ chown $system_user: $data_path/$i
+ chmod 700 $data_path/$i
+ done
# Plugins activation from the web UI
- chown $apache_user: $source_path/www/plugins/
+ chown $system_user: $source_path/www/plugins/
+ chmod 700 $source_path/www/plugins/
# Enable required modules
if [ -x /usr/sbin/a2enmod ]; then
-----------------------------------------------------------------------
Summary of changes:
src/post-install.d/web/web.sh | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
Fusionforge-commits@lists.fusionforge.org
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
