Commit 88273a93 authored by tbrehm's avatar tbrehm
Browse files

- Added code to preserve permissions of invoices folder in the installer.

- Fixed a problem with german umlauts in monitor.
- Added code to update.php and autoupdate.php that checks the mysql root password before the update starts.
- Fixed: FS#1848 - changing password of ssh user >>> rights in webXX are changed
parent daa532dd
......@@ -144,6 +144,11 @@ if( empty($conf["mysql"]["admin_password"]) ) {
die("internal error - MYSQL-Root passord not known");
}
//** Test mysql root connection
if(!@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) {
die("internal error - MYSQL-Root passord wrong");
}
/*
* Check all tables
*/
......
......@@ -1029,6 +1029,11 @@ class installer_dist extends installer_base {
// Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
replaceLine('/etc/sudoers','Defaults requiretty','#Defaults requiretty',0,0);
if(is_file($install_dir.'/interface/invoices')) {
chmod($install_dir.'/interface/invoices', 0770);
chown($install_dir.'/interface/invoices', 'ispconfig');
chgrp($install_dir.'/interface/invoices', 'ispconfig');
}
}
......
......@@ -866,6 +866,12 @@ class installer extends installer_base
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
}
if(is_file($install_dir.'/interface/invoices')) {
chmod($install_dir.'/interface/invoices', 0770);
chown($install_dir.'/interface/invoices', 'ispconfig');
chgrp($install_dir.'/interface/invoices', 'ispconfig');
}
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
// Later this must run as own apache server or via suexec!
......
......@@ -1060,6 +1060,12 @@ class installer_dist extends installer_base {
exec('chmod 744 /usr/local/bin/run-getmail.sh');
}
if(is_file($install_dir.'/interface/invoices')) {
chmod($install_dir.'/interface/invoices', 0770);
chown($install_dir.'/interface/invoices', 'ispconfig');
chgrp($install_dir.'/interface/invoices', 'ispconfig');
}
}
......
......@@ -514,6 +514,10 @@ class installer_base {
copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
}
//* help jailkit fo find its ini files
if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');
}
......@@ -1938,6 +1942,12 @@ class installer_base {
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
if(is_file($install_dir.'/interface/invoices')) {
chmod($install_dir.'/interface/invoices', 0770);
chown($install_dir.'/interface/invoices', 'ispconfig');
chgrp($install_dir.'/interface/invoices', 'ispconfig');
}
}
......
......@@ -139,11 +139,17 @@ $clientdb_host = '';
$clientdb_user = '';
$clientdb_password = '';
//** Ask user for mysql admin_password if empty
if( empty($conf["mysql"]["admin_password"]) ) {
$conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']);
}
//** Test mysql root connection
$finished = false;
do {
if(@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) {
$finished = true;
} else {
swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
$conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']);
}
} while ($finished == false);
unset($finished);
/*
* Prepare the dump of the database
......
......@@ -314,7 +314,7 @@ function showSystemUpdate() {
}
else {
$data = unserialize($record['data']);
$html .= nl2br($data['output']);
$html .= nl2br(html_entity_decode($data['output']));
}
$html .= '</div></div>';
} else {
......
......@@ -541,74 +541,76 @@ class apache2_plugin {
if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
// Chown and chmod the directories below the document root
$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
// The document root itself has to be owned by root in normal level and by the web owner in security level 20
if($web_config['security_level'] == 20) {
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
} else {
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
}
}
//* If the security level is set to high
if($web_config['security_level'] == 20) {
if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
if($web_config['security_level'] == 20) {
$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
$this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
// make tmp directory writable for Apache and the website users
$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
// make tmp directory writable for Apache and the website users
$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
// Set Log symlink to 755 to make the logs accessible by the FTP user
$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
$command = 'usermod';
$command .= ' --groups sshusers';
$command .= ' '.escapeshellcmd($data['new']['system_user']);
$this->_exec($command);
//* if we have a chrooted Apache environment
if($apache_chrooted) {
$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
// Set Log symlink to 755 to make the logs accessible by the FTP user
$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
$command = 'usermod';
$command .= ' --groups sshusers';
$command .= ' '.escapeshellcmd($data['new']['system_user']);
$this->_exec($command);
//* if we have a chrooted Apache environment
if($apache_chrooted) {
$this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
//* add the apache user to the client group in the chroot environment
$tmp_groupfile = $app->system->server_conf['group_datei'];
$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
$app->system->server_conf['group_datei'] = $tmp_groupfile;
unset($tmp_groupfile);
}
//* add the apache user to the client group in the chroot environment
$tmp_groupfile = $app->system->server_conf['group_datei'];
$app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
//* add the Apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
$app->system->server_conf['group_datei'] = $tmp_groupfile;
unset($tmp_groupfile);
}
//* add the Apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
/*
* Workaround for jailkit: If jailkit is enabled for the site, the
* website root has to be owned by the root user and we have to chmod it to 755 then
*/
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
//* Check if there is a jailkit user for this site
$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
if($tmp['number'] > 0) {
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
}
unset($tmp);
/*
* Workaround for jailkit: If jailkit is enabled for the site, the
* website root has to be owned by the root user and we have to chmod it to 755 then
*/
// If the security Level is set to medium
} else {
//* Check if there is a jailkit user for this site
$tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
if($tmp['number'] > 0) {
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
}
unset($tmp);
// If the security Level is set to medium
} else {
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
// make temp directory writable for Apache and the website users
$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
// make temp directory writable for Apache and the website users
$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
}
}
// Change the ownership of the error log to the owner of the website
......
......@@ -235,7 +235,7 @@ class shelluser_base_plugin {
if (!file_exists($sshkeys)){
// add root's key
$app->file->mkdirs($sshdir, '0755');
file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
// Remove duplicate keys
$existing_keys = file($sshkeys);
......
......@@ -404,7 +404,7 @@ class shelluser_jailkit_plugin {
if (!file_exists($sshkeys)){
// add root's key
$app->file->mkdirs($sshdir, '0755');
file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
// Remove duplicate keys
$existing_keys = file($sshkeys);
......@@ -442,7 +442,7 @@ class shelluser_jailkit_plugin {
$this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
}
// set proper file permissions
exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
// exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
exec("chmod 600 '$sshkeys'");
}
......
......@@ -21,7 +21,7 @@ CHROOT_APP_SECTIONS=$2
chown root:root $CHROOT_HOMEDIR
## Initialize the chroot into the specified directory with the specified applications
jk_init -f -k -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS
jk_init -f -k -c /etc/jailkit/jk_init.ini -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS
## Create the temp directory
if [ ! -d "$CHROOT_HOMEDIR/tmp" ]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment