mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-02-06 19:41:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
9172b65cdbeb3cd19620e38df54669c5d8aa9983
FreshRSS/Docker/entrypoint.sh
Alexandre Alapetite e899e4edd9 More robust application of access permissions (#5062) 
* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037

* Minor simplification

* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
2023-02-06 15:42:53 +01:00

65 lines
1.9 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/sh
ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime
echo "$TZ" >/etc/timezone
find /etc/php*/ -type f -name php.ini -exec sed -r -i "\\#^;?date.timezone#s#^.*#date.timezone = $TZ#" {} \;
find /etc/php*/ -type f -name php.ini -exec sed -r -i "\\#^;?post_max_size#s#^.*#post_max_size = 32M#" {} \;
find /etc/php*/ -type f -name php.ini -exec sed -r -i "\\#^;?upload_max_filesize#s#^.*#upload_max_filesize = 32M#" {} \;
if [ -n "$LISTEN" ]; then
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^Listen#s#^.*#Listen $LISTEN#" {} \;
fi
if [ -n "$CRON_MIN" ]; then
(
echo "export TZ=$TZ"
echo "export COPY_LOG_TO_SYSLOG=$COPY_LOG_TO_SYSLOG"
echo "export COPY_SYSLOG_TO_STDERR=$COPY_SYSLOG_TO_STDERR"
echo "export FRESHRSS_ENV=$FRESHRSS_ENV"
) >/var/www/FreshRSS/Docker/env.txt
sed </etc/crontab.freshrss.default \
-r "s#^[^ ]+ #$CRON_MIN #" | crontab -
fi
./cli/access-permissions.sh
php -f ./cli/prepare.php >/dev/null
if [ -n "$FRESHRSS_INSTALL" ]; then
# shellcheck disable=SC2046
php -f ./cli/do-install.php -- \
$(echo "$FRESHRSS_INSTALL" | sed -r 's/[\r\n]+/\n/g' | paste -s -)
EXITCODE=$?
if [ $EXITCODE -eq 3 ]; then
echo ' FreshRSS already installed; no change performed.'
elif [ $EXITCODE -eq 0 ]; then
echo '✅ FreshRSS successfully installed.'
else
echo '❌ FreshRSS error during installation!'
exit $EXITCODE
fi
fi
if [ -n "$FRESHRSS_USER" ]; then
# shellcheck disable=SC2046
php -f ./cli/create-user.php -- \
$(echo "$FRESHRSS_USER" | sed -r 's/[\r\n]+/\n/g' | paste -s -)
EXITCODE=$?
if [ $EXITCODE -eq 3 ]; then
echo ' FreshRSS user already exists; no change performed.'
elif [ $EXITCODE -eq 0 ]; then
echo '✅ FreshRSS user successfully created.'
./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user
else
echo '❌ FreshRSS error during the creation of a user!'
exit $EXITCODE
fi
fi
./cli/access-permissions.sh
exec "$@"
Reference in New Issue View Git Blame Copy Permalink