From 062bddcf52c4e49280cf326a3afc4edb41b61781 Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Sun, 16 Nov 2025 09:43:51 +0100 Subject: [PATCH] Update fixCertPermissions.sh to use sudo for certificate checks and listings This commit modifies the fixCertPermissions.sh script to ensure that checks for the SSL certificate directory and the ssl-cert group are performed with sudo, allowing proper access for non-privileged users. Additionally, the script now lists the permissions of the private key and full chain certificate using sudo, enhancing its functionality for managing SSL certificate permissions. --- backend/scripts/fixCertPermissions.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/scripts/fixCertPermissions.sh b/backend/scripts/fixCertPermissions.sh index bee33a1..4c5a45d 100644 --- a/backend/scripts/fixCertPermissions.sh +++ b/backend/scripts/fixCertPermissions.sh @@ -5,20 +5,20 @@ CERT_DIR="/etc/letsencrypt/live/tt-tagebuch.de" CERT_GROUP="ssl-cert" # Standard-Gruppe für SSL-Zertifikate -# Prüfe, ob Zertifikate existieren -if [ ! -d "$CERT_DIR" ]; then +# Prüfe, ob Zertifikate existieren (mit sudo, da normaler Benutzer keinen Zugriff hat) +if ! sudo test -d "$CERT_DIR"; then echo "❌ Zertifikat-Verzeichnis nicht gefunden: $CERT_DIR" exit 1 fi # Prüfe, ob ssl-cert-Gruppe existiert -if ! getent group "$CERT_GROUP" > /dev/null 2>&1; then +if ! sudo getent group "$CERT_GROUP" > /dev/null 2>&1; then echo "⚠️ Gruppe '$CERT_GROUP' existiert nicht. Erstelle sie..." sudo groupadd "$CERT_GROUP" fi # Prüfe, welcher Benutzer den systemd-Service ausführt -SERVICE_USER=$(systemctl show -p User tt-tagebuch.service 2>/dev/null | cut -d= -f2) +SERVICE_USER=$(sudo systemctl show -p User tt-tagebuch.service 2>/dev/null | cut -d= -f2) if [ -z "$SERVICE_USER" ]; then echo "⚠️ Konnte Service-Benutzer nicht ermitteln. Verwende 'www-data' als Standard." @@ -60,6 +60,6 @@ echo "⚠️ WICHTIG: Der Service muss neu gestartet werden, damit die Gruppen echo " sudo systemctl restart tt-tagebuch" echo "" echo "📋 Prüfe Berechtigungen:" -ls -la "$CERT_DIR/privkey.pem" -ls -la "$CERT_DIR/fullchain.pem" +sudo ls -la "$CERT_DIR/privkey.pem" +sudo ls -la "$CERT_DIR/fullchain.pem"