From e98bb168681760e194512f9332af7a61b152aaaf Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Thu, 30 Jul 2020 14:12:15 +0200 Subject: [PATCH 1/3] Fixes #5681 mysql-verify_recipients.cf owner/permissions --- install/dist/lib/fedora.lib.php | 6 ------ install/dist/lib/opensuse.lib.php | 6 ------ install/lib/installer_base.lib.php | 16 ++++++++++------ 3 files changed, 10 insertions(+), 18 deletions(-) diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php index 9ffc7d0ef4..0cf2141f72 100644 --- a/install/dist/lib/fedora.lib.php +++ b/install/dist/lib/fedora.lib.php @@ -121,12 +121,6 @@ class installer_dist extends installer_base { $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master'); wf($full_file_name, $content); - //* Changing mode and group of the new created config files. - caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', - __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed'); - caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', - __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed'); - //* Creating virtual mail user and group $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname']; if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php index 15ab5b6e91..1401614c3f 100644 --- a/install/dist/lib/opensuse.lib.php +++ b/install/dist/lib/opensuse.lib.php @@ -118,12 +118,6 @@ class installer_dist extends installer_base { $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/postfix-'.$filename.'.master', 'tpl/postfix-'.$filename.'.master'); wf($full_file_name, $content); - //* Changing mode and group of the new created config files. - caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', - __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed'); - caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', - __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed'); - if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']); //* Creating virtual mail user and group diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 2121eadeb1..c88851acad 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -742,6 +742,9 @@ class installer_base { if(is_file($full_file_name)) { copy($full_file_name, $config_dir.$configfile.'~'); } + chmod($config_dir.$configfile.'~',0600); + + //* Replace variables in config file template $content = rfsel($conf['ispconfig_install_dir'].'/server/conf-custom/install/'.$configfile.'.master', 'tpl/'.$configfile.'.master'); $content = str_replace('{mysql_server_ispconfig_user}', $conf['mysql']['ispconfig_user'], $content); $content = str_replace('{mysql_server_ispconfig_password}', $conf['mysql']['ispconfig_password'], $content); @@ -749,6 +752,13 @@ class installer_base { $content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content); $content = str_replace('{server_id}', $conf['server_id'], $content); wf($full_file_name, $content); + + //* Changing mode and group of the new created config file + caselog('chmod u=rw,g=r,o= '.$config_dir.'/'.$full_file_name.' &> /dev/null', + __FILE__, __LINE__, 'chmod on '.$full_file_name, 'chmod on '.$full_file_name.' failed'); + caselog('chgrp '.$cf['group'].' '.$config_dir.'/'.$full_file_name.' &> /dev/null', + __FILE__, __LINE__, 'chgrp on '.$full_file_name, 'chgrp on '.$full_file_name.' failed'); + } public function configure_jailkit() { @@ -1028,12 +1038,6 @@ class installer_base { } wf($full_file_name, $content); - //* Changing mode and group of the new created config files. - caselog('chmod u=rw,g=r,o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', - __FILE__, __LINE__, 'chmod on mysql-virtual_*.cf*', 'chmod on mysql-virtual_*.cf* failed'); - caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null', - __FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed'); - //* Creating virtual mail user and group $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname']; if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); -- GitLab From 2d374afb035093a6b78880c74e936267614d7289 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Thu, 30 Jul 2020 14:20:59 +0200 Subject: [PATCH 2/3] Fixed file paths and group in #5681 --- install/lib/installer_base.lib.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index c88851acad..a3e68fcb8d 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -737,6 +737,7 @@ class installer_base { global $conf; $config_dir = $conf['postfix']['config_dir'].'/'; + $postfix_group = $conf['postfix']['group']; $full_file_name = $config_dir.$configfile; //* Backup exiting file if(is_file($full_file_name)) { @@ -754,9 +755,9 @@ class installer_base { wf($full_file_name, $content); //* Changing mode and group of the new created config file - caselog('chmod u=rw,g=r,o= '.$config_dir.'/'.$full_file_name.' &> /dev/null', + caselog('chmod u=rw,g=r,o= '.$full_file_name.' &> /dev/null', __FILE__, __LINE__, 'chmod on '.$full_file_name, 'chmod on '.$full_file_name.' failed'); - caselog('chgrp '.$cf['group'].' '.$config_dir.'/'.$full_file_name.' &> /dev/null', + caselog('chgrp '.$postfix_group.' '.$full_file_name.' &> /dev/null', __FILE__, __LINE__, 'chgrp on '.$full_file_name, 'chgrp on '.$full_file_name.' failed'); } -- GitLab From 572668e3184bfedb622e188b7bf8ac8766845145 Mon Sep 17 00:00:00 2001 From: Till Brehm Date: Thu, 30 Jul 2020 14:34:49 +0200 Subject: [PATCH 3/3] Added escapeshellarg to postfix config file chown and chgrp in installer. --- install/lib/installer_base.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index a3e68fcb8d..6094a527ce 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -755,9 +755,9 @@ class installer_base { wf($full_file_name, $content); //* Changing mode and group of the new created config file - caselog('chmod u=rw,g=r,o= '.$full_file_name.' &> /dev/null', + caselog('chmod u=rw,g=r,o= '.escapeshellarg($full_file_name).' &> /dev/null', __FILE__, __LINE__, 'chmod on '.$full_file_name, 'chmod on '.$full_file_name.' failed'); - caselog('chgrp '.$postfix_group.' '.$full_file_name.' &> /dev/null', + caselog('chgrp '.escapeshellarg($postfix_group).' '.escapeshellarg($full_file_name).' &> /dev/null', __FILE__, __LINE__, 'chgrp on '.$full_file_name, 'chgrp on '.$full_file_name.' failed'); } -- GitLab