From ab256189ee0accdbcb17b030f5bfb9eceb60818d Mon Sep 17 00:00:00 2001 From: Jan Thiel Date: Mon, 15 Feb 2021 12:24:29 +0100 Subject: [PATCH 1/3] Fixes https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/6052 Skip possible IO extensive operations for vhostalias creation on "web" document root --- server/plugins-available/nginx_plugin.inc.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index bec59fddc4..1c0032b500 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -819,7 +819,11 @@ class nginx_plugin { } } } - $app->system->exec_safe('chmod -R a+r ?', $data['new']['document_root'].'/' . $web_folder . '/'); + // Set the a+r mod to the web_folder. + // Skip this for vhostalias if the web_folder is "web". In this case, everything is setup already from the vhost setup + if ($data['new']['type'] != 'vhostalias' || $web_folder != "web") { + $app->system->exec_safe('chmod -R a+r ?', $data['new']['document_root'].'/' . $web_folder . '/'); + } //** Copy the error documents on update when the error document checkbox has been activated and was deactivated before } elseif ($this->action == 'update' && ($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain' || $data['new']['type'] == 'vhostalias') && $data['old']['errordocs'] == 0 && $data['new']['errordocs'] == 1) { @@ -874,7 +878,10 @@ class nginx_plugin { if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) { // Chown and chmod the directories below the document root - $app->system->exec_safe('chown -R ?:? ?', $username, $groupname, $data['new']['document_root'].'/' . $web_folder); + // Skip this for vhostalias if the web_folder is "web". In this case, everything is setup already from the vhost setup + if ($data['new']['type'] != 'vhostalias' || $web_folder != "web") { + $app->system->exec_safe( 'chown -R ?:? ?', $username, $groupname, $data['new']['document_root'] . '/' . $web_folder ); + } // The document root itself has to be owned by root in normal level and by the web owner in security level 20 if($web_config['security_level'] == 20) { $app->system->exec_safe('chown ?:? ?', $username, $groupname, $data['new']['document_root'].'/' . $web_folder); -- GitLab From 9f4a5807b3a15d9fdb6a0aa7e3bf25458ef15fbc Mon Sep 17 00:00:00 2001 From: Jan Thiel Date: Mon, 15 Feb 2021 12:26:14 +0100 Subject: [PATCH 2/3] Codestyle fixes --- server/plugins-available/nginx_plugin.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index 1c0032b500..c4073fa3f5 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -821,7 +821,7 @@ class nginx_plugin { } // Set the a+r mod to the web_folder. // Skip this for vhostalias if the web_folder is "web". In this case, everything is setup already from the vhost setup - if ($data['new']['type'] != 'vhostalias' || $web_folder != "web") { + if ($data['new']['type'] != 'vhostalias' || $web_folder != 'web') { $app->system->exec_safe('chmod -R a+r ?', $data['new']['document_root'].'/' . $web_folder . '/'); } @@ -879,7 +879,7 @@ class nginx_plugin { if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) { // Chown and chmod the directories below the document root // Skip this for vhostalias if the web_folder is "web". In this case, everything is setup already from the vhost setup - if ($data['new']['type'] != 'vhostalias' || $web_folder != "web") { + if ($data['new']['type'] != 'vhostalias' || $web_folder != 'web') { $app->system->exec_safe( 'chown -R ?:? ?', $username, $groupname, $data['new']['document_root'] . '/' . $web_folder ); } // The document root itself has to be owned by root in normal level and by the web owner in security level 20 -- GitLab From 783ebe6f4ecd6e822d29972516425bd5a89d56c0 Mon Sep 17 00:00:00 2001 From: Jan Thiel Date: Mon, 1 Mar 2021 09:16:06 +0100 Subject: [PATCH 3/3] Exclude the io expensive calls on vhostsubdomain as well. --- server/plugins-available/nginx_plugin.inc.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php index c4073fa3f5..92d8bac7f9 100644 --- a/server/plugins-available/nginx_plugin.inc.php +++ b/server/plugins-available/nginx_plugin.inc.php @@ -820,8 +820,8 @@ class nginx_plugin { } } // Set the a+r mod to the web_folder. - // Skip this for vhostalias if the web_folder is "web". In this case, everything is setup already from the vhost setup - if ($data['new']['type'] != 'vhostalias' || $web_folder != 'web') { + // Skip this for types where the target vhost already exists if the web_folder is "web". In this case, everything is setup already from the vhost setup + if ( ( $data['new']['type'] != 'vhostalias' && $data['new']['type'] != 'vhostsubdomain' ) || $web_folder != 'web') { $app->system->exec_safe('chmod -R a+r ?', $data['new']['document_root'].'/' . $web_folder . '/'); } @@ -878,8 +878,8 @@ class nginx_plugin { if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) { // Chown and chmod the directories below the document root - // Skip this for vhostalias if the web_folder is "web". In this case, everything is setup already from the vhost setup - if ($data['new']['type'] != 'vhostalias' || $web_folder != 'web') { + // Skip this for types where the target vhost already exists if the web_folder is "web". In this case, everything is setup already from the vhost setup + if ( ( $data['new']['type'] != 'vhostalias' && $data['new']['type'] != 'vhostsubdomain' ) || $web_folder != 'web') { $app->system->exec_safe( 'chown -R ?:? ?', $username, $groupname, $data['new']['document_root'] . '/' . $web_folder ); } // The document root itself has to be owned by root in normal level and by the web owner in security level 20 -- GitLab