From e899e4edd97c296a29b2a8da2c2e3b598622c36e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 6 Feb 2023 15:42:53 +0100
Subject: More robust application of access permissions (#5062)

* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037

* Minor simplification

* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
---
 docs/en/admins/06_LinuxInstall.md | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'docs/en/admins/06_LinuxInstall.md')

diff --git a/docs/en/admins/06_LinuxInstall.md b/docs/en/admins/06_LinuxInstall.md
index e92fc3247..1af041efe 100644
--- a/docs/en/admins/06_LinuxInstall.md
+++ b/docs/en/admins/06_LinuxInstall.md
@@ -81,14 +81,7 @@ Change to the new FreshRSS directory, and set the permissions so that your Web s
 
 ```sh
 cd FreshRSS
-chown -R :www-data .
-sudo chmod -R g+r .
-```
-
-We’ll also need to allow the data folder to be written to, like so:
-
-```sh
-chmod -R g+w ./data/
+sudo cli/access-permissions.sh
 ```
 
 Optional: If you would like to allow updates from the Web interface, set write permissions
-- 
cgit v1.2.3