torsten/trainingstagebuch
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor fixCertPermissions.sh to improve permission handling for SSL certificates

Browse Source 
This commit updates the fixCertPermissions.sh script to utilize the `find` command for setting permissions on SSL certificate files, ensuring that symlinks are properly handled. It also enhances the check for the archive directory's existence by using `sudo`, and reorganizes the output messages for clarity, emphasizing the need to restart the service after changes are made.
This commit is contained in:
Torsten Schulz (local)
2025-11-16 11:19:15 +01:00
parent eff211856f
commit 5f3b6200ec
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
backend/scripts/fixCertPermissions.sh
View File

@@ -47,27 +47,28 @@ echo "📜 Setze Berechtigungen für Zertifikate..."
sudo chgrp -R "$CERT_GROUP" "$CERT_DIR"
# Setze Berechtigungen: Owner (root) kann lesen/schreiben, Gruppe kann lesen
sudo chmod 640 "$CERT_DIR/privkey.pem"
sudo chmod 644 "$CERT_DIR/fullchain.pem"
sudo chmod 644 "$CERT_DIR/cert.pem"
sudo chmod 644 "$CERT_DIR/chain.pem"
# WICHTIG: Verwende find, um auch die Symlinks zu behandeln
sudo find "$CERT_DIR" -name "privkey.pem" -exec chmod 640 {} \;
sudo find "$CERT_DIR" -name "fullchain.pem" -exec chmod 644 {} \;
sudo find "$CERT_DIR" -name "cert.pem" -exec chmod 644 {} \;
sudo find "$CERT_DIR" -name "chain.pem" -exec chmod 644 {} \;
# Setze auch für das archive-Verzeichnis (wo die Symlinks hinzeigen)
ARCHIVE_DIR="/etc/letsencrypt/archive/tt-tagebuch.de"
if [ -d "$ARCHIVE_DIR" ]; then
if sudo test -d "$ARCHIVE_DIR"; then
echo "📜 Setze Berechtigungen für archive-Verzeichnis..."
sudo chgrp -R "$CERT_GROUP" "$ARCHIVE_DIR"
sudo chmod 640 "$ARCHIVE_DIR/privkey*.pem"
sudo chmod 644 "$ARCHIVE_DIR/fullchain*.pem"
sudo chmod 644 "$ARCHIVE_DIR/cert*.pem"
sudo chmod 644 "$ARCHIVE_DIR/chain*.pem"
sudo find "$ARCHIVE_DIR" -name "privkey*.pem" -exec chmod 640 {} \;
sudo find "$ARCHIVE_DIR" -name "fullchain*.pem" -exec chmod 644 {} \;
sudo find "$ARCHIVE_DIR" -name "cert*.pem" -exec chmod 644 {} \;
sudo find "$ARCHIVE_DIR" -name "chain*.pem" -exec chmod 644 {} \;
fi
echo "✅ Berechtigungen gesetzt!"
echo ""
echo "⚠️ WICHTIG: Der Service muss neu gestartet werden, damit die Gruppenänderung wirksam wird:"
echo " sudo systemctl restart tt-tagebuch"
echo ""
echo "📋 Prüfe Berechtigungen:"
sudo ls -la "$CERT_DIR/privkey.pem"
sudo ls -la "$CERT_DIR/fullchain.pem"
echo ""
echo "⚠️ WICHTIG: Der Service muss neu gestartet werden, damit die Gruppenänderung wirksam wird:"
echo " sudo systemctl restart tt-tagebuch"