From 5f3b6200ecb31328180e78cd2d4cda4377a1f3d8 Mon Sep 17 00:00:00 2001 From: "Torsten Schulz (local)" Date: Sun, 16 Nov 2025 11:19:15 +0100 Subject: [PATCH] Refactor fixCertPermissions.sh to improve permission handling for SSL certificates This commit updates the fixCertPermissions.sh script to utilize the `find` command for setting permissions on SSL certificate files, ensuring that symlinks are properly handled. It also enhances the check for the archive directory's existence by using `sudo`, and reorganizes the output messages for clarity, emphasizing the need to restart the service after changes are made. --- backend/scripts/fixCertPermissions.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/backend/scripts/fixCertPermissions.sh b/backend/scripts/fixCertPermissions.sh index d619c59..7b02a27 100755 --- a/backend/scripts/fixCertPermissions.sh +++ b/backend/scripts/fixCertPermissions.sh @@ -47,27 +47,28 @@ echo "📜 Setze Berechtigungen für Zertifikate..." sudo chgrp -R "$CERT_GROUP" "$CERT_DIR" # Setze Berechtigungen: Owner (root) kann lesen/schreiben, Gruppe kann lesen -sudo chmod 640 "$CERT_DIR/privkey.pem" -sudo chmod 644 "$CERT_DIR/fullchain.pem" -sudo chmod 644 "$CERT_DIR/cert.pem" -sudo chmod 644 "$CERT_DIR/chain.pem" +# WICHTIG: Verwende find, um auch die Symlinks zu behandeln +sudo find "$CERT_DIR" -name "privkey.pem" -exec chmod 640 {} \; +sudo find "$CERT_DIR" -name "fullchain.pem" -exec chmod 644 {} \; +sudo find "$CERT_DIR" -name "cert.pem" -exec chmod 644 {} \; +sudo find "$CERT_DIR" -name "chain.pem" -exec chmod 644 {} \; # Setze auch für das archive-Verzeichnis (wo die Symlinks hinzeigen) ARCHIVE_DIR="/etc/letsencrypt/archive/tt-tagebuch.de" -if [ -d "$ARCHIVE_DIR" ]; then +if sudo test -d "$ARCHIVE_DIR"; then + echo "📜 Setze Berechtigungen für archive-Verzeichnis..." sudo chgrp -R "$CERT_GROUP" "$ARCHIVE_DIR" - sudo chmod 640 "$ARCHIVE_DIR/privkey*.pem" - sudo chmod 644 "$ARCHIVE_DIR/fullchain*.pem" - sudo chmod 644 "$ARCHIVE_DIR/cert*.pem" - sudo chmod 644 "$ARCHIVE_DIR/chain*.pem" + sudo find "$ARCHIVE_DIR" -name "privkey*.pem" -exec chmod 640 {} \; + sudo find "$ARCHIVE_DIR" -name "fullchain*.pem" -exec chmod 644 {} \; + sudo find "$ARCHIVE_DIR" -name "cert*.pem" -exec chmod 644 {} \; + sudo find "$ARCHIVE_DIR" -name "chain*.pem" -exec chmod 644 {} \; fi echo "✅ Berechtigungen gesetzt!" echo "" -echo "⚠️ WICHTIG: Der Service muss neu gestartet werden, damit die Gruppenänderung wirksam wird:" -echo " sudo systemctl restart tt-tagebuch" -echo "" echo "📋 Prüfe Berechtigungen:" sudo ls -la "$CERT_DIR/privkey.pem" sudo ls -la "$CERT_DIR/fullchain.pem" - +echo "" +echo "⚠️ WICHTIG: Der Service muss neu gestartet werden, damit die Gruppenänderung wirksam wird:" +echo " sudo systemctl restart tt-tagebuch"