Commit 7c37edb2 authored by Till Brehm's avatar Till Brehm

Changed mode of web folder from 0710 to 0711 to make it comaptibe with servers...

Changed mode of web folder from 0710 to 0711 to make it comaptibe with servers that use NFS for /var/www.
parent 85204d6c
......@@ -689,7 +689,7 @@ class apache2_plugin {
if($web_config['security_level'] == 20) {
$app->system->chmod($data['new']['document_root'], 0755);
$app->system->chmod($data['new']['document_root'].'/web', 0710);
$app->system->chmod($data['new']['document_root'].'/web', 0711);
$app->system->chmod($data['new']['document_root'].'/webdav', 0710);
$app->system->chmod($data['new']['document_root'].'/private', 0710);
$app->system->chmod($data['new']['document_root'].'/ssl', 0755);
......
......@@ -693,7 +693,7 @@ class nginx_plugin {
if($web_config['security_level'] == 20) {
$app->system->chmod($data['new']['document_root'], 0755);
$app->system->chmod($data['new']['document_root'].'/web', 0710);
$app->system->chmod($data['new']['document_root'].'/web', 0711);
//$app->system->chmod($data['new']['document_root'].'/webdav',0710);
$app->system->chmod($data['new']['document_root'].'/private', 0710);
$app->system->chmod($data['new']['document_root'].'/ssl', 0755);
......
  • Can I just suggest that the chmod of the docroot of 711 makes other websites php scripts able to run shell commands and see website content of other vhosts.

    I installed a r57 php shell for testing and ran basic bash commands from there and was able to guess file names and cat the contents. Changing this to 0710 fixed it. I see that you have a setting inside the control panel to select 'Network Filesystem', so perhaps this needs to be selected if someone needs this workaround with 0711 for NFS (even though it's horrible security wise).

    Ideas?

  • I agree that we should add a config option for that. Beside that, in the master branch, there is support for chrooted PHP-fpm also. This feature will be officially available in ISPConfig 3.2.

Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment