From 53ac73a30f8485812cd48c37009d4096ad13ef84 Mon Sep 17 00:00:00 2001
From: Richard van den Berg <richard.vandenberg@ncsc.nl>
Date: Fri, 11 Oct 2019 08:49:05 +0200
Subject: [PATCH] Use $WWW_USER everywhere

---
 docs/INSTALL.rhel7.md    | 8 +++++---
 docs/xINSTALL.centos7.md | 6 +++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/docs/INSTALL.rhel7.md b/docs/INSTALL.rhel7.md
index 9b6557ff2..2f015d2b6 100644
--- a/docs/INSTALL.rhel7.md
+++ b/docs/INSTALL.rhel7.md
@@ -158,6 +158,8 @@ yumInstallCoreDeps () {
   # Enable and start redis
   sudo systemctl enable --now rh-redis32-redis.service
 
+  WWW_USER="apache"
+  SUDO_WWW="sudo -H -u $WWW_USER"
   RUN_PHP="/usr/bin/scl enable rh-php72"
   PHP_INI="/etc/opt/rh/rh-php72/php.ini"
   # Install PHP 7.2 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php72/
@@ -359,7 +361,7 @@ installCake_RHEL ()
 # Main function to fix permissions to something sane
 permissions_RHEL () {
   sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP
-  ## ? chown -R root:apache /var/www/MISP
+  ## ? chown -R root:$WWW_USER /var/www/MISP
   sudo find $PATH_TO_MISP -type d -exec chmod g=rx {} \;
   sudo chmod -R g+r,o= $PATH_TO_MISP
   ## **Note :** For updates through the web interface to work, apache must own the /var/www/MISP folder and its subfolders as shown above, which can lead to security issues. If you do not require updates through the web interface to work, you can use the following more restrictive permissions :
@@ -665,8 +667,8 @@ configWorkersRHEL () {
 
   [Service]
   Type=forking
-  User=apache
-  Group=apache
+  User=$WWW_USER
+  Group=$WWW_USER
   ExecStart=/usr/bin/scl enable rh-php72 rh-redis32 rh-mariadb102 /var/www/MISP/app/Console/worker/start.sh
   Restart=always
   RestartSec=10
diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md
index 6102599ca..a5de5fe5d 100644
--- a/docs/xINSTALL.centos7.md
+++ b/docs/xINSTALL.centos7.md
@@ -42,10 +42,10 @@ Make sure you are reading the parsed version of this Document. When in doubt [cl
 ```bash
 # <snippet-begin 0_RHEL_PHP_INI.sh>
 # RHEL/CentOS Specific
-RUN_PHP='/usr/bin/scl enable rh-php72'
-SUDO_WWW='sudo -H -u apache'
-WWW_USER='apache'
+WWW_USER="apache"
+SUDO_WWW="sudo -H -u $WWW_USER"
 
+RUN_PHP='/usr/bin/scl enable rh-php72'
 PHP_INI=/etc/opt/rh/rh-php72/php.ini
 # <snippet-end 0_RHEL_PHP_INI.sh>
 ```