From f5ea1b4fc06009b47d0647ca36d6bf8f1081680b Mon Sep 17 00:00:00 2001 From: tbrehm Date: Thu, 8 Sep 2011 14:28:07 +0000 Subject: [PATCH] Implemented: FS#1418 - Change optionally the owner of the backup dir to the website user - Added Limit fields for openvz in the database - Limited several vm functions to be used by admin only. --- install/sql/incremental/upd_0015.sql | 3 +++ install/sql/ispconfig3.sql | 4 +++- interface/web/vm/form/openvz_vm.tform.php | 2 ++ interface/web/vm/lib/module.conf.php | 3 ++- interface/web/vm/openvz_ip_del.php | 1 + interface/web/vm/openvz_ip_edit.php | 1 + interface/web/vm/openvz_ip_list.php | 1 + interface/web/vm/openvz_ostemplate_del.php | 1 + interface/web/vm/openvz_ostemplate_edit.php | 1 + interface/web/vm/openvz_ostemplate_list.php | 1 + interface/web/vm/openvz_template_del.php | 1 + interface/web/vm/openvz_template_edit.php | 1 + interface/web/vm/openvz_template_list.php | 1 + server/cron_daily.php | 21 +++++++++++++++------ 14 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 install/sql/incremental/upd_0015.sql diff --git a/install/sql/incremental/upd_0015.sql b/install/sql/incremental/upd_0015.sql new file mode 100644 index 0000000000..e0aa23afd6 --- /dev/null +++ b/install/sql/incremental/upd_0015.sql @@ -0,0 +1,3 @@ +ALTER TABLE `cron` CHANGE `command` `command` TEXT NOT NULL; +ALTER TABLE `client` ADD `limit_openvz_vm` int(11) NOT NULL DEFAULT '0' AFTER `limit_mailmailinglist` , +ADD `limit_openvz_vm_template_id` int(11) NOT NULL DEFAULT '0' AFTER `limit_openvz_vm`; \ No newline at end of file diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index 93793cfa03..498d86b1cd 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -130,6 +130,8 @@ CREATE TABLE `client` ( `limit_traffic_quota` int(11) NOT NULL DEFAULT '-1', `limit_client` int(11) NOT NULL DEFAULT '0', `limit_mailmailinglist` int(11) NOT NULL DEFAULT '-1', + `limit_openvz_vm` int(11) NOT NULL DEFAULT '0', + `limit_openvz_vm_template` int(11) NOT NULL DEFAULT '0', `parent_client_id` int(11) unsigned NOT NULL DEFAULT '0', `username` varchar(64) DEFAULT NULL, `password` varchar(64) DEFAULT NULL, @@ -222,7 +224,7 @@ CREATE TABLE `cron` ( `server_id` int(11) unsigned NOT NULL default '0', `parent_domain_id` int(11) unsigned NOT NULL default '0', `type` enum('url','chrooted','full') NOT NULL default 'url', - `command` varchar(255) NOT NULL, + `command` TEXT NOT NULL, `run_min` varchar(100) NULL, `run_hour` varchar(100) NULL, `run_mday` varchar(100) NULL, diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php index 0077ef28d3..3a93fb1f06 100644 --- a/interface/web/vm/form/openvz_vm.tform.php +++ b/interface/web/vm/form/openvz_vm.tform.php @@ -164,6 +164,7 @@ $form["tabs"]['main'] = array ( ) ); +if($_SESSION["s"]["user"]["typ"] == 'admin') { $form["tabs"]['advanced'] = array ( 'title' => "Advanced", 'width' => 100, @@ -292,6 +293,7 @@ $form["tabs"]['advanced'] = array ( ################################## ) ); +} ?> \ No newline at end of file diff --git a/interface/web/vm/lib/module.conf.php b/interface/web/vm/lib/module.conf.php index 5d0e2c80a7..6d0ffec717 100644 --- a/interface/web/vm/lib/module.conf.php +++ b/interface/web/vm/lib/module.conf.php @@ -14,6 +14,7 @@ $items[] = array( 'title' => 'Virtual Servers', 'link' => 'vm/openvz_vm_list.php', 'html_id' => 'openvz_vm_list'); +if($_SESSION["s"]["user"]["typ"] == 'admin') { $items[] = array( 'title' => 'OS Templates', 'target' => 'content', 'link' => 'vm/openvz_ostemplate_list.php', @@ -28,7 +29,7 @@ $items[] = array( 'title' => 'IP addresses', 'target' => 'content', 'link' => 'vm/openvz_ip_list.php', 'html_id' => 'openvz_ip_list'); - +} if(count($items)) { $module['nav'][] = array( 'title' => 'OpenVZ', diff --git a/interface/web/vm/openvz_ip_del.php b/interface/web/vm/openvz_ip_del.php index ce4ce276eb..bd97041be1 100644 --- a/interface/web/vm/openvz_ip_del.php +++ b/interface/web/vm/openvz_ip_del.php @@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('tpl,tform'); $app->load('tform_actions'); diff --git a/interface/web/vm/openvz_ip_edit.php b/interface/web/vm/openvz_ip_edit.php index 7a792448ef..8fbd0f2721 100644 --- a/interface/web/vm/openvz_ip_edit.php +++ b/interface/web/vm/openvz_ip_edit.php @@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); // Loading classes $app->uses('tpl,tform'); diff --git a/interface/web/vm/openvz_ip_list.php b/interface/web/vm/openvz_ip_list.php index 7f67ceca42..2a63788076 100644 --- a/interface/web/vm/openvz_ip_list.php +++ b/interface/web/vm/openvz_ip_list.php @@ -43,6 +43,7 @@ $list_def_file = "list/openvz_ip.list.php"; //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('listform_actions'); diff --git a/interface/web/vm/openvz_ostemplate_del.php b/interface/web/vm/openvz_ostemplate_del.php index dec96f5418..cc54dbd50f 100644 --- a/interface/web/vm/openvz_ostemplate_del.php +++ b/interface/web/vm/openvz_ostemplate_del.php @@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('tpl,tform'); $app->load('tform_actions'); diff --git a/interface/web/vm/openvz_ostemplate_edit.php b/interface/web/vm/openvz_ostemplate_edit.php index 09a959811c..697ab4cbda 100644 --- a/interface/web/vm/openvz_ostemplate_edit.php +++ b/interface/web/vm/openvz_ostemplate_edit.php @@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); // Loading classes $app->uses('tpl,tform'); diff --git a/interface/web/vm/openvz_ostemplate_list.php b/interface/web/vm/openvz_ostemplate_list.php index f6f2a70622..00d2ee4d94 100644 --- a/interface/web/vm/openvz_ostemplate_list.php +++ b/interface/web/vm/openvz_ostemplate_list.php @@ -43,6 +43,7 @@ $list_def_file = "list/openvz_ostemplate.list.php"; //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('listform_actions'); diff --git a/interface/web/vm/openvz_template_del.php b/interface/web/vm/openvz_template_del.php index 3b672e7dd6..09584e3520 100644 --- a/interface/web/vm/openvz_template_del.php +++ b/interface/web/vm/openvz_template_del.php @@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('tpl,tform'); $app->load('tform_actions'); diff --git a/interface/web/vm/openvz_template_edit.php b/interface/web/vm/openvz_template_edit.php index 2c1247a299..c0740022cc 100644 --- a/interface/web/vm/openvz_template_edit.php +++ b/interface/web/vm/openvz_template_edit.php @@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); // Loading classes $app->uses('tpl,tform'); diff --git a/interface/web/vm/openvz_template_list.php b/interface/web/vm/openvz_template_list.php index 0f47764316..15bd9075e6 100644 --- a/interface/web/vm/openvz_template_list.php +++ b/interface/web/vm/openvz_template_list.php @@ -43,6 +43,7 @@ $list_def_file = "list/openvz_template.list.php"; //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('listform_actions'); diff --git a/server/cron_daily.php b/server/cron_daily.php index d8a7b647c2..c62923b5f2 100644 --- a/server/cron_daily.php +++ b/server/cron_daily.php @@ -501,12 +501,19 @@ if($backup_dir != '') { $web_group = $rec['system_group']; $web_id = $rec['domain_id']; $web_backup_dir = $backup_dir.'/web'.$web_id; - if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0755); - - chmod($web_backup_dir, 0755); - chown($web_backup_dir, 'root'); - chgrp($web_backup_dir, 'root'); + if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750); + chmod($web_backup_dir, 0750); + if(isset($server_config['backup_dir_ftpread']) && $server_config['backup_dir_ftpread'] == 'y') { + chown($web_backup_dir, $rec['system_user']); + chgrp($web_backup_dir, $rec['system_group']); + } else { + chown($web_backup_dir, 'root'); + chgrp($web_backup_dir, 'root'); + } exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print | zip -y '.escapeshellarg($web_backup_dir.'/web.zip').' -@'); + chown($web_backup_dir.'/web.zip', $rec['system_user']); + chgrp($web_backup_dir.'/web.zip', $rec['system_group']); + chmod($web_backup_dir.'/web.zip', 0750); // Rename or remove old backups $backup_copies = intval($rec['backup_copies']); @@ -527,7 +534,9 @@ if($backup_dir != '') { // Create backupdir symlink if(is_link($web_path.'/backup')) unlink($web_path.'/backup'); symlink($web_backup_dir,$web_path.'/backup'); - chmod($web_path.'/backup', 0755); + // chmod($web_path.'/backup', 0755); + chown($web_path.'/backup', $rec['system_user']); + chgrp($web_path.'/backup', $rec['system_group']); } -- GitLab