Avoid chown data_dir during the upgrade process #711
Conversation
|
!testme |
|
🎠 |
|
🪱 |
|
!testme |
|
🌻 |
|
🪱 |
|
!testme |
|
🚀 |
|
📚 🪱 |
kay0u
changed the title
|
!testme |
|
😜 |
|
🪱 |
|
Thanks for working on that. Upgrading my nextcloud from 29.0.2 to 29.0.4 ran into a Gateway timeout (HTTP 504). Although |
| chown -R $app:www-data "$install_dir" | ||
| chown -R $app: "$data_dir" |
There was a problem hiding this comment.
| chown -R $app:www-data "$install_dir" | |
| chown -R $app: "$data_dir" | |
| chown -R $app:www-data "$install_dir" | |
| chmod og-rwx "$install_dir/config" | |
| chown -R $app: "$data_dir" |
(me being paranoid about compromission of www-data that would result in leaking secrets etc)
There was a problem hiding this comment.
Eeeh chmod 640 will still allow www-data to read the file, so in the event that www-data gets compromised (or some funky path traversal issue is discovered or whatever) it still allows to access secrets
| @@ -207,7 +207,7 @@ then | |||
| mv "$tmpdir" "$install_dir" | |||
|
|
|||
| # Set write access for the following commands | |||
| chown -R $app: "$install_dir" "$data_dir" | |||
| chown -R $app:www-data "$install_dir" | |||
There was a problem hiding this comment.
| chown -R $app:www-data "$install_dir" | |
| chown -R $app:www-data "$install_dir" | |
| chmod og-rwx "$install_dir/config" |
(me being paranoid about compromission of www-data that would result in leaking secrets etc)
|
@CodeShakingSheep (? with these changes or with the new stable version?) Then just wait, and don't try to restart your server or |
With the stable version. I didn't restart anything but my whole server just went down because of this. So, I have to restart it now. |
|
!testme |
|
📖 |
|
Alrighty! |
|
!testme |
|
🚀 |
Problem
Solution
PR Status
Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ after creating the PR, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)