iio/immich-native
1
0
Fork 0
mirror of https://github.com/iio612/immich-native.git synced 2026-04-17 20:01:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply umask 077 to improve security

Browse Source 
Group and others permissions will be unset.

Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
This commit is contained in:
Juhyung Park
2024-06-12 14:38:32 +09:00
parent 1f544152c1
commit 544fff9595
4 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
immich-machine-learning.service
View File

@@ -7,6 +7,7 @@ User=immich
Group=immich Group=immich
Type=simple Type=simple
Restart=on-failure Restart=on-failure
UMask=0077
WorkingDirectory=/var/lib/immich/app WorkingDirectory=/var/lib/immich/app
EnvironmentFile=/var/lib/immich/env EnvironmentFile=/var/lib/immich/env

1
immich-microservices.service
View File

@@ -9,6 +9,7 @@ User=immich
Group=immich Group=immich
Type=simple Type=simple
Restart=on-failure Restart=on-failure
UMask=0077
WorkingDirectory=/var/lib/immich/app WorkingDirectory=/var/lib/immich/app
EnvironmentFile=/var/lib/immich/env EnvironmentFile=/var/lib/immich/env

1
immich.service
View File

@@ -11,6 +11,7 @@ User=immich
Group=immich Group=immich
Type=simple Type=simple
Restart=on-failure Restart=on-failure
UMask=0077
WorkingDirectory=/var/lib/immich/app WorkingDirectory=/var/lib/immich/app
EnvironmentFile=/var/lib/immich/env EnvironmentFile=/var/lib/immich/env

2
install.sh
View File

@@ -29,6 +29,7 @@ if [[ "$USER" != "immich" ]]; then
fi fi
BASEDIR=$(dirname "$0") BASEDIR=$(dirname "$0")
umask 077
rm -rf $APP rm -rf $APP
mkdir -p $APP mkdir -p $APP
@@ -37,6 +38,7 @@ mkdir -p $APP
# This expects immich user's home directory to be on $IMMICH_PATH/home # This expects immich user's home directory to be on $IMMICH_PATH/home
rm -rf $IMMICH_PATH/home rm -rf $IMMICH_PATH/home
mkdir -p $IMMICH_PATH/home mkdir -p $IMMICH_PATH/home
echo 'umask 077' > $IMMICH_PATH/home/.bashrc
TMP=/tmp/immich-$(uuidgen) TMP=/tmp/immich-$(uuidgen)
git clone https://github.com/immich-app/immich $TMP git clone https://github.com/immich-app/immich $TMP