From f5ea1b4fc06009b47d0647ca36d6bf8f1081680b Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 8 Sep 2011 14:28:07 +0000
Subject: [PATCH] Implemented: FS#1418 - Change optionally the owner of the
backup dir to the website user - Added Limit fields for openvz in the
database - Limited several vm functions to be used by admin only.
---
install/sql/incremental/upd_0015.sql | 3 +++
install/sql/ispconfig3.sql | 4 +++-
interface/web/vm/form/openvz_vm.tform.php | 2 ++
interface/web/vm/lib/module.conf.php | 3 ++-
interface/web/vm/openvz_ip_del.php | 1 +
interface/web/vm/openvz_ip_edit.php | 1 +
interface/web/vm/openvz_ip_list.php | 1 +
interface/web/vm/openvz_ostemplate_del.php | 1 +
interface/web/vm/openvz_ostemplate_edit.php | 1 +
interface/web/vm/openvz_ostemplate_list.php | 1 +
interface/web/vm/openvz_template_del.php | 1 +
interface/web/vm/openvz_template_edit.php | 1 +
interface/web/vm/openvz_template_list.php | 1 +
server/cron_daily.php | 21 +++++++++++++++------
14 files changed, 34 insertions(+), 8 deletions(-)
create mode 100644 install/sql/incremental/upd_0015.sql
diff --git a/install/sql/incremental/upd_0015.sql b/install/sql/incremental/upd_0015.sql
new file mode 100644
index 0000000000..e0aa23afd6
--- /dev/null
+++ b/install/sql/incremental/upd_0015.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `cron` CHANGE `command` `command` TEXT NOT NULL;
+ALTER TABLE `client` ADD `limit_openvz_vm` int(11) NOT NULL DEFAULT '0' AFTER `limit_mailmailinglist` ,
+ADD `limit_openvz_vm_template_id` int(11) NOT NULL DEFAULT '0' AFTER `limit_openvz_vm`;
\ No newline at end of file
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 93793cfa03..498d86b1cd 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -130,6 +130,8 @@ CREATE TABLE `client` (
`limit_traffic_quota` int(11) NOT NULL DEFAULT '-1',
`limit_client` int(11) NOT NULL DEFAULT '0',
`limit_mailmailinglist` int(11) NOT NULL DEFAULT '-1',
+ `limit_openvz_vm` int(11) NOT NULL DEFAULT '0',
+ `limit_openvz_vm_template` int(11) NOT NULL DEFAULT '0',
`parent_client_id` int(11) unsigned NOT NULL DEFAULT '0',
`username` varchar(64) DEFAULT NULL,
`password` varchar(64) DEFAULT NULL,
@@ -222,7 +224,7 @@ CREATE TABLE `cron` (
`server_id` int(11) unsigned NOT NULL default '0',
`parent_domain_id` int(11) unsigned NOT NULL default '0',
`type` enum('url','chrooted','full') NOT NULL default 'url',
- `command` varchar(255) NOT NULL,
+ `command` TEXT NOT NULL,
`run_min` varchar(100) NULL,
`run_hour` varchar(100) NULL,
`run_mday` varchar(100) NULL,
diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php
index 0077ef28d3..3a93fb1f06 100644
--- a/interface/web/vm/form/openvz_vm.tform.php
+++ b/interface/web/vm/form/openvz_vm.tform.php
@@ -164,6 +164,7 @@ $form["tabs"]['main'] = array (
)
);
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
$form["tabs"]['advanced'] = array (
'title' => "Advanced",
'width' => 100,
@@ -292,6 +293,7 @@ $form["tabs"]['advanced'] = array (
##################################
)
);
+}
?>
\ No newline at end of file
diff --git a/interface/web/vm/lib/module.conf.php b/interface/web/vm/lib/module.conf.php
index 5d0e2c80a7..6d0ffec717 100644
--- a/interface/web/vm/lib/module.conf.php
+++ b/interface/web/vm/lib/module.conf.php
@@ -14,6 +14,7 @@ $items[] = array( 'title' => 'Virtual Servers',
'link' => 'vm/openvz_vm_list.php',
'html_id' => 'openvz_vm_list');
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
$items[] = array( 'title' => 'OS Templates',
'target' => 'content',
'link' => 'vm/openvz_ostemplate_list.php',
@@ -28,7 +29,7 @@ $items[] = array( 'title' => 'IP addresses',
'target' => 'content',
'link' => 'vm/openvz_ip_list.php',
'html_id' => 'openvz_ip_list');
-
+}
if(count($items))
{
$module['nav'][] = array( 'title' => 'OpenVZ',
diff --git a/interface/web/vm/openvz_ip_del.php b/interface/web/vm/openvz_ip_del.php
index ce4ce276eb..bd97041be1 100644
--- a/interface/web/vm/openvz_ip_del.php
+++ b/interface/web/vm/openvz_ip_del.php
@@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
$app->uses('tpl,tform');
$app->load('tform_actions');
diff --git a/interface/web/vm/openvz_ip_edit.php b/interface/web/vm/openvz_ip_edit.php
index 7a792448ef..8fbd0f2721 100644
--- a/interface/web/vm/openvz_ip_edit.php
+++ b/interface/web/vm/openvz_ip_edit.php
@@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
// Loading classes
$app->uses('tpl,tform');
diff --git a/interface/web/vm/openvz_ip_list.php b/interface/web/vm/openvz_ip_list.php
index 7f67ceca42..2a63788076 100644
--- a/interface/web/vm/openvz_ip_list.php
+++ b/interface/web/vm/openvz_ip_list.php
@@ -43,6 +43,7 @@ $list_def_file = "list/openvz_ip.list.php";
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
$app->uses('listform_actions');
diff --git a/interface/web/vm/openvz_ostemplate_del.php b/interface/web/vm/openvz_ostemplate_del.php
index dec96f5418..cc54dbd50f 100644
--- a/interface/web/vm/openvz_ostemplate_del.php
+++ b/interface/web/vm/openvz_ostemplate_del.php
@@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
$app->uses('tpl,tform');
$app->load('tform_actions');
diff --git a/interface/web/vm/openvz_ostemplate_edit.php b/interface/web/vm/openvz_ostemplate_edit.php
index 09a959811c..697ab4cbda 100644
--- a/interface/web/vm/openvz_ostemplate_edit.php
+++ b/interface/web/vm/openvz_ostemplate_edit.php
@@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
// Loading classes
$app->uses('tpl,tform');
diff --git a/interface/web/vm/openvz_ostemplate_list.php b/interface/web/vm/openvz_ostemplate_list.php
index f6f2a70622..00d2ee4d94 100644
--- a/interface/web/vm/openvz_ostemplate_list.php
+++ b/interface/web/vm/openvz_ostemplate_list.php
@@ -43,6 +43,7 @@ $list_def_file = "list/openvz_ostemplate.list.php";
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
$app->uses('listform_actions');
diff --git a/interface/web/vm/openvz_template_del.php b/interface/web/vm/openvz_template_del.php
index 3b672e7dd6..09584e3520 100644
--- a/interface/web/vm/openvz_template_del.php
+++ b/interface/web/vm/openvz_template_del.php
@@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
$app->uses('tpl,tform');
$app->load('tform_actions');
diff --git a/interface/web/vm/openvz_template_edit.php b/interface/web/vm/openvz_template_edit.php
index 2c1247a299..c0740022cc 100644
--- a/interface/web/vm/openvz_template_edit.php
+++ b/interface/web/vm/openvz_template_edit.php
@@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php');
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
// Loading classes
$app->uses('tpl,tform');
diff --git a/interface/web/vm/openvz_template_list.php b/interface/web/vm/openvz_template_list.php
index 0f47764316..15bd9075e6 100644
--- a/interface/web/vm/openvz_template_list.php
+++ b/interface/web/vm/openvz_template_list.php
@@ -43,6 +43,7 @@ $list_def_file = "list/openvz_template.list.php";
//* Check permissions for module
$app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
$app->uses('listform_actions');
diff --git a/server/cron_daily.php b/server/cron_daily.php
index d8a7b647c2..c62923b5f2 100644
--- a/server/cron_daily.php
+++ b/server/cron_daily.php
@@ -501,12 +501,19 @@ if($backup_dir != '') {
$web_group = $rec['system_group'];
$web_id = $rec['domain_id'];
$web_backup_dir = $backup_dir.'/web'.$web_id;
- if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0755);
-
- chmod($web_backup_dir, 0755);
- chown($web_backup_dir, 'root');
- chgrp($web_backup_dir, 'root');
+ if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750);
+ chmod($web_backup_dir, 0750);
+ if(isset($server_config['backup_dir_ftpread']) && $server_config['backup_dir_ftpread'] == 'y') {
+ chown($web_backup_dir, $rec['system_user']);
+ chgrp($web_backup_dir, $rec['system_group']);
+ } else {
+ chown($web_backup_dir, 'root');
+ chgrp($web_backup_dir, 'root');
+ }
exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print | zip -y '.escapeshellarg($web_backup_dir.'/web.zip').' -@');
+ chown($web_backup_dir.'/web.zip', $rec['system_user']);
+ chgrp($web_backup_dir.'/web.zip', $rec['system_group']);
+ chmod($web_backup_dir.'/web.zip', 0750);
// Rename or remove old backups
$backup_copies = intval($rec['backup_copies']);
@@ -527,7 +534,9 @@ if($backup_dir != '') {
// Create backupdir symlink
if(is_link($web_path.'/backup')) unlink($web_path.'/backup');
symlink($web_backup_dir,$web_path.'/backup');
- chmod($web_path.'/backup', 0755);
+ // chmod($web_path.'/backup', 0755);
+ chown($web_path.'/backup', $rec['system_user']);
+ chgrp($web_path.'/backup', $rec['system_group']);
}
--
GitLab