Commit fa71ccd0 authored by Paul Cammish's avatar Paul Cammish
Browse files

Merge branch 'stretch-testing' into 'stretch'

Properly filter public/cgi-bin (stretch)

See merge request !213
parents 4d2b3d92 d5e5bcc0
CHANGELOG
---------
2020-09-23
sympl-core
* Properly filter public/cgi-bin
2020-09-09
sympl-web
* Fixes incorrect filename for log files (#296)
......
sympl-core (9.20200923.0) stable; urgency=medium
* Properly filter public/cgi-bin
-- Paul Cammish <sympl@kelduum.net> Wed, 23 Sep 2020 13:50:11 +0100
sympl-core (9.200909.0) stable; urgency=medium
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
......
......@@ -68,8 +68,8 @@ function secure_domain_dir()
# Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp
# but exclude changing any permissions inside public/cgi-bin
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
find "${domain}/public" ! -path "${domain}/public/cgi-bin/*" \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" ! -path "${domain}/public/cgi-bin/*" \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
if [ -d "${domain}/php_sessions" ]; then
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment