diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 30e4aede8cdcc235b2b58d533913a6bb7ef200ad..1749acd81cc9108af6aff1ef0acbdd30122a0d9e 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -463,13 +463,17 @@ class apache2_plugin {
// Chown and chmod the directories below the document root
exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));
- // The document root itself has to be owned by root
- exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]));
+ // The document root itself has to be owned by root in normal level and by the web owner in security level 20
+ if($web_config['security_level'] == 20) {
+ exec("chown $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));
+ } else {
+ exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]));
+ }
}
- // If the security level is set to high
+ //* If the security level is set to high
if($web_config['security_level'] == 20) {
exec("chmod 751 ".escapeshellcmd($data["new"]["document_root"]."/"));
@@ -487,11 +491,25 @@ class apache2_plugin {
//* add the apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+ /*
+ * Workaround for jailkit: If jailkit is enabled for the site, the
+ * website root has to be owned by the root user and we have to chmod it to 755 then
+ */
+
+ //* Check if there is a jailkit user for this site
+ $tmp = $app->db->queryOneRecord("SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = ".$data["new"]["domain_id"]." AND chroot = 'jailkit'");
+ if($tmp['number'] > 0) {
+ exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
+ exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/"));
+ }
+ unset($tmp);
+
// If the security Level is set to medium
} else {
exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*"));
+ exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/"));
// make temp direcory writable for the apache user and the website user
exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index 13705c09f05f89a244959576e93d3389db13bd7e..3300b52c5d5acf8c35a2f45cb61e996ec032f0a2 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -84,6 +84,8 @@ class shelluser_jailkit_plugin {
$this->data = $data;
$this->app = $app;
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+
+ $this->_update_website_security_level();
$this->_setup_jailkit_chroot();
@@ -119,6 +121,8 @@ class shelluser_jailkit_plugin {
$this->data = $data;
$this->app = $app;
$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');
+
+ $this->_update_website_security_level();
$this->_setup_jailkit_chroot();
$this->_add_jailkit_user();
@@ -263,6 +267,25 @@ class shelluser_jailkit_plugin {
$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
}
+ //* Update the website root directory permissions depending on the security level
+ function _update_website_security_level() {
+ global $app,$conf;
+
+ // load the server configuration options
+ $app->uses("getconf");
+ $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
+
+ // Get the parent website of this shell user
+ $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);
+
+ //* If the security level is set to high
+ if($web_config['security_level'] == 20) {
+ exec("chmod 755 ".escapeshellcmd($web["document_root"]."/"));
+ exec("chown root:root ".escapeshellcmd($web["document_root"]."/"));
+ }
+
+ }
+
} // end class