instance gen: Reduce permissions of pleroma directories and config files

Original: 69caedc591
This commit is contained in:
Haelwenn (lanodan) Monnier 2023-06-22 00:58:05 +02:00 committed by Norm
parent ae03513934
commit 4f57c87be4
No known key found for this signature in database
GPG key ID: 7123E30E441E80DE

View file

@ -247,16 +247,22 @@ defmodule Mix.Tasks.Pleroma.Instance do
config_dir = Path.dirname(config_path) config_dir = Path.dirname(config_path)
psql_dir = Path.dirname(psql_path) psql_dir = Path.dirname(psql_path)
# Note: Distros requiring group read (0o750) on those directories should
# pre-create the directories.
to_create = to_create =
[config_dir, psql_dir, static_dir, uploads_dir] [config_dir, psql_dir, static_dir, uploads_dir]
|> Enum.reject(&File.exists?/1) |> Enum.reject(&File.exists?/1)
for dir <- to_create do for dir <- to_create do
File.mkdir_p!(dir) File.mkdir_p!(dir)
File.chmod!(dir, 0o700)
end end
shell_info("Writing config to #{config_path}.") shell_info("Writing config to #{config_path}.")
# Sadly no fchmod(2) equivalent in Elixir…
File.touch!(config_path)
File.chmod!(config_path, 0o640)
File.write(config_path, result_config) File.write(config_path, result_config)
shell_info("Writing the postgres script to #{psql_path}.") shell_info("Writing the postgres script to #{psql_path}.")
File.write(psql_path, result_psql) File.write(psql_path, result_psql)
@ -275,8 +281,7 @@ defmodule Mix.Tasks.Pleroma.Instance do
else else
shell_error( shell_error(
"The task would have overwritten the following files:\n" <> "The task would have overwritten the following files:\n" <>
(Enum.map(will_overwrite, &"- #{&1}\n") |> Enum.join("")) <> Enum.map_join(will_overwrite, &"- #{&1}\n") <> "Rerun with `--force` to overwrite them."
"Rerun with `--force` to overwrite them."
) )
end end
end end