diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php index 30e4aede8cdcc235b2b58d533913a6bb7ef200ad..1749acd81cc9108af6aff1ef0acbdd30122a0d9e 100644 --- a/server/plugins-available/apache2_plugin.inc.php +++ b/server/plugins-available/apache2_plugin.inc.php @@ -463,13 +463,17 @@ class apache2_plugin { // Chown and chmod the directories below the document root exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"])); - // The document root itself has to be owned by root - exec("chown root:root ".escapeshellcmd($data["new"]["document_root"])); + // The document root itself has to be owned by root in normal level and by the web owner in security level 20 + if($web_config['security_level'] == 20) { + exec("chown $username:$groupname ".escapeshellcmd($data["new"]["document_root"])); + } else { + exec("chown root:root ".escapeshellcmd($data["new"]["document_root"])); + } } - // If the security level is set to high + //* If the security level is set to high if($web_config['security_level'] == 20) { exec("chmod 751 ".escapeshellcmd($data["new"]["document_root"]."/")); @@ -487,11 +491,25 @@ class apache2_plugin { //* add the apache user to the client group $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); + /* + * Workaround for jailkit: If jailkit is enabled for the site, the + * website root has to be owned by the root user and we have to chmod it to 755 then + */ + + //* Check if there is a jailkit user for this site + $tmp = $app->db->queryOneRecord("SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = ".$data["new"]["domain_id"]." AND chroot = 'jailkit'"); + if($tmp['number'] > 0) { + exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/")); + exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/")); + } + unset($tmp); + // If the security Level is set to medium } else { exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/")); exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*")); + exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/")); // make temp direcory writable for the apache user and the website user exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp")); diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php index 13705c09f05f89a244959576e93d3389db13bd7e..3300b52c5d5acf8c35a2f45cb61e996ec032f0a2 100755 --- a/server/plugins-available/shelluser_jailkit_plugin.inc.php +++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php @@ -84,6 +84,8 @@ class shelluser_jailkit_plugin { $this->data = $data; $this->app = $app; $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); + + $this->_update_website_security_level(); $this->_setup_jailkit_chroot(); @@ -119,6 +121,8 @@ class shelluser_jailkit_plugin { $this->data = $data; $this->app = $app; $this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit'); + + $this->_update_website_security_level(); $this->_setup_jailkit_chroot(); $this->_add_jailkit_user(); @@ -263,6 +267,25 @@ class shelluser_jailkit_plugin { $this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG); } + //* Update the website root directory permissions depending on the security level + function _update_website_security_level() { + global $app,$conf; + + // load the server configuration options + $app->uses("getconf"); + $web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); + + // Get the parent website of this shell user + $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']); + + //* If the security level is set to high + if($web_config['security_level'] == 20) { + exec("chmod 755 ".escapeshellcmd($web["document_root"]."/")); + exec("chown root:root ".escapeshellcmd($web["document_root"]."/")); + } + + } + } // end class