From 9942894815c8cd8428964a01f93750a613607635 Mon Sep 17 00:00:00 2001 From: "Dr. Yves Kreis" Date: Sat, 9 Sep 2023 14:04:17 +0300 Subject: [PATCH 1/2] All ISPConfig files have execute bit set after installation. This is unnecessary and confusing. --- install/lib/installer_base.lib.php | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 72f226ed6a..14ae218409 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -3566,7 +3566,7 @@ class installer_base extends stdClass { caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); //* Chmod the files and directories in the install dir - $command = 'chmod -R 750 '.$install_dir.'/*'; + $command = 'chmod -R u=rwx,g=rx,-x+X,o= '.$install_dir.'/*'; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); //* chown the interface files to the ispconfig user and group @@ -3574,7 +3574,7 @@ class installer_base extends stdClass { caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); //* Chmod the files and directories in the acme dir - $command = 'chmod -R 755 '.$install_dir.'/interface/acme'; + $command = 'chmod -R o+rX '.$install_dir.'/interface/acme'; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); //* chown the server files to the root user and group @@ -3600,10 +3600,10 @@ class installer_base extends stdClass { caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); //* Make the global language file directory group writable - exec("chmod -R 770 $install_dir/interface/lib/lang"); + exec("chmod -R g+w $install_dir/interface/lib/lang"); //* Make the temp directory for language file exports writable - if(is_dir($install_dir.'/interface/web/temp')) exec("chmod -R 770 $install_dir/interface/web/temp"); + if(is_dir($install_dir.'/interface/web/temp')) exec("chmod -R g+w $install_dir/interface/web/temp"); //* Make all interface language file directories group writable $handle = @opendir($install_dir.'/interface/web'); @@ -3614,7 +3614,7 @@ class installer_base extends stdClass { chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang', 0770); while ($lang_file = @readdir($handle2)) { if ($lang_file != '.' && $lang_file != '..') { - chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0770); + chmod($install_dir.'/interface/web'.'/'.$file.'/lib/lang/'.$lang_file, 0660); } } } @@ -3622,8 +3622,8 @@ class installer_base extends stdClass { } //* Make the APS directories group writable - exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages"); - exec("chmod -R 770 $install_dir/server/aps_packages"); + exec("chmod -R g+w $install_dir/interface/web/sites/aps_meta_packages"); + exec("chmod -R g+w $install_dir/server/aps_packages"); //* make sure that the server config file (not the interface one) is only readable by the root user chmod($install_dir.'/server/lib/config.inc.php', 0600); @@ -3634,6 +3634,11 @@ class installer_base extends stdClass { chmod($install_dir.'/interface/lib/config.inc.php', 0600); chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig'); chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig'); + if(is_dir($install_dir.'/interface/lib/config.inc.php~')) { + chmod($install_dir.'/interface/lib/config.inc.php~', 0600); + chown($install_dir.'/interface/lib/config.inc.php~', 'ispconfig'); + chgrp($install_dir.'/interface/lib/config.inc.php~', 'ispconfig'); + } chmod($install_dir.'/server/lib/remote_action.inc.php', 0600); chown($install_dir.'/server/lib/remote_action.inc.php', 'root'); @@ -3646,7 +3651,7 @@ class installer_base extends stdClass { } if(is_dir($install_dir.'/interface/invoices')) { - exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices')); + exec('chmod -R g+w '.escapeshellarg($install_dir.'/interface/invoices')); exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices')); } @@ -3685,7 +3690,7 @@ class installer_base extends stdClass { } //* Make the shell scripts executable - $command = "chmod +x $install_dir/server/scripts/*.sh"; + $command = "chmod +x $install_dir/server/scripts/*.sh $install_dir/server/scripts/ispconfig_patch $install_dir/server/scripts/vlogger"; caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command"); if ($this->install_ispconfig_interface == true && isset($conf['interface_password']) && $conf['interface_password']!='admin') { -- GitLab From e56adcf1c1fd012c8c037909dbd0131dd025136a Mon Sep 17 00:00:00 2001 From: "Dr. Yves Kreis" Date: Sat, 9 Sep 2023 15:34:43 +0300 Subject: [PATCH 2/2] Correct is_dir to is_file. --- install/lib/installer_base.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php index 14ae218409..e6343487e4 100644 --- a/install/lib/installer_base.lib.php +++ b/install/lib/installer_base.lib.php @@ -3634,7 +3634,7 @@ class installer_base extends stdClass { chmod($install_dir.'/interface/lib/config.inc.php', 0600); chown($install_dir.'/interface/lib/config.inc.php', 'ispconfig'); chgrp($install_dir.'/interface/lib/config.inc.php', 'ispconfig'); - if(is_dir($install_dir.'/interface/lib/config.inc.php~')) { + if(is_file($install_dir.'/interface/lib/config.inc.php~')) { chmod($install_dir.'/interface/lib/config.inc.php~', 0600); chown($install_dir.'/interface/lib/config.inc.php~', 'ispconfig'); chgrp($install_dir.'/interface/lib/config.inc.php~', 'ispconfig'); -- GitLab