Skip to content
Snippets Groups Projects
Commit 2bbc4c77 authored by tbrehm's avatar tbrehm
Browse files

Add the website user and group also to the passwd and group files in chroot enviroment.

parent bbecbc14
No related branches found
No related tags found
2 merge requests!46Master,!21Master
Hide whitespace changes
Inline Side-by-side
server/plugins-available/apache2_plugin.inc.php
+ 30
1
View file @ 2bbc4c77
...@@ -235,6 +235,13 @@ class apache2_plugin { ...@@ -235,6 +235,13 @@ class apache2_plugin {
$app->uses("getconf"); $app->uses("getconf");
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
//* Check if this is a chrooted setup
if($web_config['website_basedir'] != '' && @is_file($web_config['/var/www'].'/etc/passwd')) {
$apache_chrooted = true;
} else {
$apache_chrooted = false;
}
if($data["new"]["document_root"] == '') { if($data["new"]["document_root"] == '') {
$app->log("document_root not set",LOGLEVEL_WARN); $app->log("document_root not set",LOGLEVEL_WARN);
return 0; return 0;
...@@ -292,7 +299,7 @@ class apache2_plugin { ...@@ -292,7 +299,7 @@ class apache2_plugin {
$command .= ' '.escapeshellcmd($data["new"]["system_user"]); $command .= ' '.escapeshellcmd($data["new"]["system_user"]);
exec($command); exec($command);
if($apache_chrooted) exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command);
} }
...@@ -438,12 +445,14 @@ class apache2_plugin { ...@@ -438,12 +445,14 @@ class apache2_plugin {
$groupname = escapeshellcmd($data["new"]["system_group"]); $groupname = escapeshellcmd($data["new"]["system_group"]);
if($data["new"]["system_group"] != '' && !$app->system->is_group($data["new"]["system_group"])) { if($data["new"]["system_group"] != '' && !$app->system->is_group($data["new"]["system_group"])) {
exec("groupadd $groupname"); exec("groupadd $groupname");
if($apache_chrooted) exec("chroot ".escapeshellcmd($web_config['website_basedir'])." groupadd $groupname");
$app->log("Adding the group: $groupname",LOGLEVEL_DEBUG); $app->log("Adding the group: $groupname",LOGLEVEL_DEBUG);
} }
$username = escapeshellcmd($data["new"]["system_user"]); $username = escapeshellcmd($data["new"]["system_user"]);
if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) { if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) {
exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false"); exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false");
if($apache_chrooted) exec("chroot ".escapeshellcmd($web_config['website_basedir'])." "."useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false");
$app->log("Adding the user: $username",LOGLEVEL_DEBUG); $app->log("Adding the user: $username",LOGLEVEL_DEBUG);
} }
...@@ -487,6 +496,18 @@ class apache2_plugin { ...@@ -487,6 +496,18 @@ class apache2_plugin {
$command .= ' '.escapeshellcmd($data["new"]["system_user"]); $command .= ' '.escapeshellcmd($data["new"]["system_user"]);
$this->_exec($command); $this->_exec($command);
//* if we have a chrooted apache enviroment
if($apache_chrooted) {
exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command);
//* add the apache user to the client group in the chroot enviroment
$tmp_groupfile = $app->system->server_conf["group_datei"];
$app->system->server_conf["group_datei"] = $web_config['website_basedir'].'/etc/group';
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
$app->system->server_conf["group_datei"] = $tmp_groupfile;
unset($tmp_groupfile);
}
//* add the apache user to the client group //* add the apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
...@@ -809,6 +830,12 @@ class apache2_plugin { ...@@ -809,6 +830,12 @@ class apache2_plugin {
$app->uses("getconf"); $app->uses("getconf");
$web_config = $app->getconf->get_server_config($conf["server_id"], 'web'); $web_config = $app->getconf->get_server_config($conf["server_id"], 'web');
//* Check if this is a chrooted setup
if($web_config['website_basedir'] != '' && @is_file($web_config['/var/www'].'/etc/passwd')) {
$apache_chrooted = true;
} else {
$apache_chrooted = false;
}
if($data["old"]["type"] != "vhost" && $data["old"]["parent_domain_id"] > 0) { if($data["old"]["type"] != "vhost" && $data["old"]["parent_domain_id"] > 0) {
//* This is a alias domain or subdomain, so we have to update the website instead //* This is a alias domain or subdomain, so we have to update the website instead
...@@ -889,6 +916,8 @@ class apache2_plugin { ...@@ -889,6 +916,8 @@ class apache2_plugin {
$command = 'userdel'; $command = 'userdel';
$command .= ' '.$data["old"]["system_user"]; $command .= ' '.$data["old"]["system_user"];
exec($command); exec($command);
if($apache_chrooted) exec("chroot ".escapeshellcmd($web_config['website_basedir'])." ".$command);
} }
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment