Refactor web tree permissions

Author: jessuppi

bash/archive/ss-install-wordpress-core.txt

@@ -105,7 +105,7 @@ fi
 ## prepare new files ##
 ss_cp "${TMP_WORDPRESS_ZIP}" /var/www/html
 ss_unzip /var/www/html/wordpress.zip -d /var/www/html
-chown -R www-data:slickstack /var/www/html/wordpress
+chown -R www-data:www-data /var/www/html/wordpress
 ss_chmod 775 /var/www/html/wordpress
 
 ## install new files ##
@@ -121,12 +121,12 @@ ss_rm /tmp/master*.zip*
 ss_wget "${TMP_HOVERCRAFT_ZIP}" "${GITHUB_HOVERCRAFT_ZIP}"
 ss_unzip "${TMP_HOVERCRAFT_ZIP}" -d /tmp
 ss_mv /tmp/hovercraft-master /tmp/hovercraft
-chown -R www-data:slickstack /tmp/hovercraft
+chown -R www-data:www-data /tmp/hovercraft
 ss_chmod 775 /tmp/hovercraft
 ss_mkdir /var/www/html/wp-content/themes/hovercraft
 ss_rm /var/www/html/wp-content/themes/hovercraft/*
 ss_rsync /tmp/hovercraft/* /var/www/html/wp-content/themes/hovercraft
-chown -R www-data:slickstack /var/www/html/wp-content/themes/hovercraft
+chown -R www-data:www-data /var/www/html/wp-content/themes/hovercraft
 ss_chmod 775 /var/www/html/wp-content/themes/hovercraft
 ss_rm /tmp/hovercraft*
 ss_rm /tmp/master*.zip*
@@ -156,7 +156,7 @@ if [[ "${STAGING_SITE}" == "true" ]]; then
     ## prepare new files ##
     ss_cp "${TMP_WORDPRESS_ZIP}" /var/www/html/staging
     ss_unzip /var/www/html/staging/wordpress.zip -d /var/www/html/staging
-    chown -R www-data:slickstack /var/www/html/staging/wordpress
+    chown -R www-data:www-data /var/www/html/staging/wordpress
     ss_chmod 775 /var/www/html/staging/wordpress
 
     ## install new files files ##
@@ -193,7 +193,7 @@ if [[ "${DEV_SITE}" == "true" ]]; then
     ## prepare new files ##
     ss_cp "${TMP_WORDPRESS_ZIP}" /var/www/html/dev
     ss_unzip /var/www/html/dev/wordpress.zip -d /var/www/html/dev
-    chown -R www-data:slickstack /var/www/html/dev/wordpress
+    chown -R www-data:www-data /var/www/html/dev/wordpress
     ss_chmod 775 /var/www/html/dev/wordpress
 
     ## install new files ##

bash/archive/ss-perms-wordpress-core.txt

@@ -59,7 +59,7 @@ ss_echo "${COLOR_INFO}Running ss-perms-wordpress-core... ${COLOR_RESET}"
 ## keep in mind that non-WordPress Core files are not affected by this snippet ##
 
 ## all environments ##
-ss_chown "${SFTP_USER}":slickstack /var/www/html
+ss_chown "${SFTP_USER}":www-data /var/www/html
 chmod 0775 /var/www/html ## must be 0775 (0755 not enough)
 find /var/www/html/ -type d -exec chmod 0775 {} \; ## must be 0775 (0755 not enough)
 find /var/www/html/ -type f -exec chmod 0664 {} \; ## must be 0664 (0644 not enough)

bash/ss-functions.txt

@@ -1535,8 +1535,8 @@ PACKAGE_EXIFTOOL="libimage-exiftool-perl"
 #### I. SS-Functions: File Permissions Shorthand ###################################################
 ####################################################################################################
 
-OWNER_GROUP_PUBLIC_HTML="www-data:slickstack"
-OWNER_GROUP_SFTP_FRIENDLY="${SFTP_USER}:slickstack"
+OWNER_GROUP_PUBLIC_HTML="www-data:www-data"
+OWNER_GROUP_SFTP_FRIENDLY="${SFTP_USER}:www-data"
 
 ####################################################################################################
 #### J. SS-Functions: SlickStack Functions #########################################################

bash/ss-import-database.txt

@@ -84,7 +84,7 @@ if [[ "${response}" =~ ^[Yy]([Ee][Ss])?$ ]]; then
         ss_echo "Found import.sql. Proceeding to overwrite the database."
 
 		## fix ownership and permissions ##
-		ss_chown "${SFTP_USER}":slickstack "/tmp/import.sql"
+		ss_chown "${SFTP_USER}":www-data "/tmp/import.sql"
 		ss_chmod 0660 "/tmp/import.sql"
 
         ## import sql into database ##
@@ -111,7 +111,7 @@ if [[ "${response}" =~ ^[Yy]([Ee][Ss])?$ ]]; then
         ss_echo "Found import.sql.zip. Proceeding to overwrite the database."
 
 		## fix ownership and permissions ##
-		ss_chown "${SFTP_USER}":slickstack "/tmp/import.sql.zip"
+		ss_chown "${SFTP_USER}":www-data "/tmp/import.sql.zip"
 		ss_chmod 0660 "/tmp/import.sql.zip"
 
         ## stream unzip and import sql into database ##
@@ -138,7 +138,7 @@ if [[ "${response}" =~ ^[Yy]([Ee][Ss])?$ ]]; then
         ss_echo "Found import.sql.gz. Proceeding to overwrite the database."
 
 		## fix ownership and permissions ##
-		ss_chown "${SFTP_USER}":slickstack "/tmp/import.sql.gz"
+		ss_chown "${SFTP_USER}":www-data "/tmp/import.sql.gz"
 		ss_chmod 0660 "/tmp/import.sql.gz"
 
         ## stream gunzip and import sql into database ##

bash/ss-import-files.txt

@@ -75,7 +75,7 @@ if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
         ss_chown "${SFTP_USER}":www-data /tmp/import.tar
         chmod 0644 /tmp/import.tar
         ss_mkdir /var/www/html
-        ss_chown "${SFTP_USER}":slickstack /var/www/html
+        ss_chown "${SFTP_USER}":www-data /var/www/html
         chmod 0775 /var/www/html ## must be 0775 (0755 not enough)
         ss_untar /tmp/import.tar --strip-components=1 -C /var/www/html
 
@@ -96,7 +96,7 @@ if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
         ss_chown "${SFTP_USER}":www-data /tmp/import.tar.gz
         chmod 0644 /tmp/import.tar.gz
         ss_mkdir /var/www/html
-        ss_chown "${SFTP_USER}":slickstack /var/www/html
+        ss_chown "${SFTP_USER}":www-data /var/www/html
         chmod 0775 /var/www/html ## must be 0775 (0755 not enough)
         ss_untargz /tmp/import.tar.gz --strip-components=1 -C /var/www/html
 

bash/ss-install-wordpress-hovercraft.txt

@@ -77,12 +77,12 @@ ss_rm /tmp/master*.zip*
 ss_wget "${TMP_HOVERCRAFT_ZIP}" "${GITHUB_HOVERCRAFT_ZIP}"
 ss_unzip "${TMP_HOVERCRAFT_ZIP}" -d /tmp
 ss_mv /tmp/hovercraft-master /tmp/hovercraft
-chown -R www-data:slickstack /tmp/hovercraft
+chown -R www-data:www-data /tmp/hovercraft
 ss_chmod 775 /tmp/hovercraft
 ss_mkdir /var/www/html/wp-content/themes/hovercraft
 ss_rm /var/www/html/wp-content/themes/hovercraft/*
 ss_rsync /tmp/hovercraft/* /var/www/html/wp-content/themes/hovercraft
-chown -R www-data:slickstack /var/www/html/wp-content/themes/hovercraft
+chown -R www-data:www-data /var/www/html/wp-content/themes/hovercraft
 ss_chmod 775 /var/www/html/wp-content/themes/hovercraft
 ss_rm /tmp/hovercraft*
 ss_rm /tmp/master*.zip*

bash/ss-install-wordpress-packages.txt

@@ -107,7 +107,7 @@ find /var/www/html/ -maxdepth 1 -type f ! -name "wp-config.php" -name "*.php" -d
 ## prepare new files ##
 ss_cp "${TMP_WORDPRESS_ZIP}" /var/www/html
 ss_unzip /var/www/html/wordpress.zip -d /var/www/html
-ss_chown "${SFTP_USER}":slickstack /var/www/html/wordpress
+ss_chown www-data:www-data /var/www/html/wordpress
 ss_chmod 0775 /var/www/html/wordpress
 
 ## delete stock extensions ##
@@ -146,7 +146,7 @@ find /var/www/html/staging/ -maxdepth 1 -type f ! -name "wp-config.php" -name "*
 ## prepare new files ##
 ss_cp "${TMP_WORDPRESS_ZIP}" /var/www/html/staging
 ss_unzip /var/www/html/staging/wordpress.zip -d /var/www/html/staging
-ss_chown "${SFTP_USER}":slickstack /var/www/html/staging/wordpress
+ss_chown www-data:www-data /var/www/html/staging/wordpress
 ss_chmod 0775 /var/www/html/staging/wordpress
 
 ## delete stock extensions ##
@@ -186,7 +186,7 @@ find /var/www/html/dev/ -maxdepth 1 -type f ! -name "wp-config.php" -name "*.php
 ## prepare new files ##
 ss_cp "${TMP_WORDPRESS_ZIP}" /var/www/html/dev
 ss_unzip /var/www/html/dev/wordpress.zip -d /var/www/html/dev
-ss_chown "${SFTP_USER}":slickstack /var/www/html/dev/wordpress
+ss_chown www-data:www-data /var/www/html/dev/wordpress
 ss_chmod 0775 /var/www/html/dev/wordpress
 
 ## delete stock extensions ##

bash/ss-perms-nginx-config.txt

@@ -71,7 +71,7 @@ ss_touch /var/www/meta/.htpasswd
 
 ## chown dirs ##
 ss_chown www-data:www-data /var/www/cache/nginx ## must be www-data:www-data
-chown "${SFTP_USER}":slickstack /var/www/html ## must be SFTP_USER:slickstack
+chown "${SFTP_USER}":www-data /var/www/html ## must be SFTP_USER:www-data
 chown root:www-data /var/www/logs ## must be root:www-data
 chown root:www-data /var/www/meta ## must be root:www-data
 chown root:root /var/www/certs
@@ -89,10 +89,10 @@ chown root:www-data /var/www/meta/.htpasswd ## must be root:www-data
 chmod 0755 /var/www/cache/nginx ## 0755 seems enough
 chmod 0775 /var/www/html ## must be 0775 (0755 not enough)
 chmod 0775 /var/www/logs ## 0755 should also work
-chmod 0775 /var/www/meta ## 0755 should also work
-ss_chmod 0775 /var/www/sites ## 0755 should also work
-ss_chmod 0775 /var/www/sites/includes ## 0755 should also work
-ss_chmod 0775 /var/www/sites/error_pages ## 0755 should also work
+chmod 0755 /var/www/meta ## must be 0755
+ss_chmod 0755 /var/www/sites ## must be 0755
+ss_chmod 0755 /var/www/sites/includes ## must be 0755
+ss_chmod 0755 /var/www/sites/error_pages ## must be 0755
 
 ## chmod files ##
 ss_chmod 0640 /var/www/meta/.htpasswd ## must be 0640
@@ -110,8 +110,26 @@ ss_chmod 0660 /var/www/logs/nginx*.log ## must be 0660
 
 ## cloudflare.ini ##
 if [[ -f /var/www/meta/cloudflare.ini ]]; then
-    chmod 600 /var/www/meta/cloudflare.ini
-    chown root:root /var/www/meta/cloudflare.ini
+    chown root:root /var/www/meta/cloudflare.ini ## must be root:root
+    chmod 0600 /var/www/meta/cloudflare.ini ## must be 0600
+fi
+
+## rclone.conf ##
+if [[ -f /var/www/meta/rclone.conf ]]; then
+    chown root:root /var/www/meta/rclone.conf ## must be root:root
+    chmod 0600 /var/www/meta/rclone.conf ## must be 0600
+fi
+
+## adminer.php ##
+if [[ -f /var/www/meta/adminer.php ]]; then
+    chown root:www-data /var/www/meta/adminer.php ## must be root:www-data
+    chmod 0640 /var/www/meta/adminer.php ## must be 0640
+fi
+
+## maintenance.html ##
+if [[ -f /var/www/meta/maintenance.html ]]; then
+    chown root:www-data /var/www/meta/maintenance.html ## must be root:www-data
+    chmod 0644 /var/www/meta/maintenance.html ## must be 0644
 fi
 
 ####################################################################################################

bash/ss-perms-php-config.txt

@@ -83,7 +83,7 @@ fi
 if [ ! -f "/var/www/logs/php-error.log" ]; then ss_touch "/var/www/logs/php-error.log"; fi
 
 chown www-data:www-data /var/www/logs/php-error.log
-chmod 0640 /var/www/logs/php-error.log ## must be 0640
+chmod 0660 /var/www/logs/php-error.log ## must be 0660
 
 ####################################################################################################
 #### D. SS-Perms-PHP-Config: Reset Permissions (Adminer.php) #######################################

bash/ss-perms-php-packages.txt

@@ -127,7 +127,7 @@ fi
 
 if [ ! -f "/var/www/logs/php-error.log" ]; then ss_touch "/var/www/logs/php-error.log"; fi
 chown www-data:www-data /var/www/logs/php-error.log
-chmod 0640 /var/www/logs/php-error.log ## must be 0640
+chmod 0660 /var/www/logs/php-error.log ## must be 0660
 
 ####################################################################################################
 #### SlickStack: Reset Permissions (SlickStack Scripts) ############################################