From f5ea1b4fc06009b47d0647ca36d6bf8f1081680b Mon Sep 17 00:00:00 2001 From: tbrehm Date: Thu, 8 Sep 2011 14:28:07 +0000 Subject: [PATCH] Implemented: FS#1418 - Change optionally the owner of the backup dir to the website user - Added Limit fields for openvz in the database - Limited several vm functions to be used by admin only. --- install/sql/incremental/upd_0015.sql | 3 +++ install/sql/ispconfig3.sql | 4 +++- interface/web/vm/form/openvz_vm.tform.php | 2 ++ interface/web/vm/lib/module.conf.php | 3 ++- interface/web/vm/openvz_ip_del.php | 1 + interface/web/vm/openvz_ip_edit.php | 1 + interface/web/vm/openvz_ip_list.php | 1 + interface/web/vm/openvz_ostemplate_del.php | 1 + interface/web/vm/openvz_ostemplate_edit.php | 1 + interface/web/vm/openvz_ostemplate_list.php | 1 + interface/web/vm/openvz_template_del.php | 1 + interface/web/vm/openvz_template_edit.php | 1 + interface/web/vm/openvz_template_list.php | 1 + server/cron_daily.php | 21 +++++++++++++++------ 14 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 install/sql/incremental/upd_0015.sql diff --git a/install/sql/incremental/upd_0015.sql b/install/sql/incremental/upd_0015.sql new file mode 100644 index 000000000..e0aa23afd --- /dev/null +++ b/install/sql/incremental/upd_0015.sql @@ -0,0 +1,3 @@ +ALTER TABLE `cron` CHANGE `command` `command` TEXT NOT NULL; +ALTER TABLE `client` ADD `limit_openvz_vm` int(11) NOT NULL DEFAULT '0' AFTER `limit_mailmailinglist` , +ADD `limit_openvz_vm_template_id` int(11) NOT NULL DEFAULT '0' AFTER `limit_openvz_vm`; \ No newline at end of file diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql index 93793cfa0..498d86b1c 100644 --- a/install/sql/ispconfig3.sql +++ b/install/sql/ispconfig3.sql @@ -130,6 +130,8 @@ CREATE TABLE `client` ( `limit_traffic_quota` int(11) NOT NULL DEFAULT '-1', `limit_client` int(11) NOT NULL DEFAULT '0', `limit_mailmailinglist` int(11) NOT NULL DEFAULT '-1', + `limit_openvz_vm` int(11) NOT NULL DEFAULT '0', + `limit_openvz_vm_template` int(11) NOT NULL DEFAULT '0', `parent_client_id` int(11) unsigned NOT NULL DEFAULT '0', `username` varchar(64) DEFAULT NULL, `password` varchar(64) DEFAULT NULL, @@ -222,7 +224,7 @@ CREATE TABLE `cron` ( `server_id` int(11) unsigned NOT NULL default '0', `parent_domain_id` int(11) unsigned NOT NULL default '0', `type` enum('url','chrooted','full') NOT NULL default 'url', - `command` varchar(255) NOT NULL, + `command` TEXT NOT NULL, `run_min` varchar(100) NULL, `run_hour` varchar(100) NULL, `run_mday` varchar(100) NULL, diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php index 0077ef28d..3a93fb1f0 100644 --- a/interface/web/vm/form/openvz_vm.tform.php +++ b/interface/web/vm/form/openvz_vm.tform.php @@ -164,6 +164,7 @@ $form["tabs"]['main'] = array ( ) ); +if($_SESSION["s"]["user"]["typ"] == 'admin') { $form["tabs"]['advanced'] = array ( 'title' => "Advanced", 'width' => 100, @@ -292,6 +293,7 @@ $form["tabs"]['advanced'] = array ( ################################## ) ); +} ?> \ No newline at end of file diff --git a/interface/web/vm/lib/module.conf.php b/interface/web/vm/lib/module.conf.php index 5d0e2c80a..6d0ffec71 100644 --- a/interface/web/vm/lib/module.conf.php +++ b/interface/web/vm/lib/module.conf.php @@ -14,6 +14,7 @@ $items[] = array( 'title' => 'Virtual Servers', 'link' => 'vm/openvz_vm_list.php', 'html_id' => 'openvz_vm_list'); +if($_SESSION["s"]["user"]["typ"] == 'admin') { $items[] = array( 'title' => 'OS Templates', 'target' => 'content', 'link' => 'vm/openvz_ostemplate_list.php', @@ -28,7 +29,7 @@ $items[] = array( 'title' => 'IP addresses', 'target' => 'content', 'link' => 'vm/openvz_ip_list.php', 'html_id' => 'openvz_ip_list'); - +} if(count($items)) { $module['nav'][] = array( 'title' => 'OpenVZ', diff --git a/interface/web/vm/openvz_ip_del.php b/interface/web/vm/openvz_ip_del.php index ce4ce276e..bd97041be 100644 --- a/interface/web/vm/openvz_ip_del.php +++ b/interface/web/vm/openvz_ip_del.php @@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('tpl,tform'); $app->load('tform_actions'); diff --git a/interface/web/vm/openvz_ip_edit.php b/interface/web/vm/openvz_ip_edit.php index 7a792448e..8fbd0f272 100644 --- a/interface/web/vm/openvz_ip_edit.php +++ b/interface/web/vm/openvz_ip_edit.php @@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); // Loading classes $app->uses('tpl,tform'); diff --git a/interface/web/vm/openvz_ip_list.php b/interface/web/vm/openvz_ip_list.php index 7f67ceca4..2a6378807 100644 --- a/interface/web/vm/openvz_ip_list.php +++ b/interface/web/vm/openvz_ip_list.php @@ -43,6 +43,7 @@ $list_def_file = "list/openvz_ip.list.php"; //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('listform_actions'); diff --git a/interface/web/vm/openvz_ostemplate_del.php b/interface/web/vm/openvz_ostemplate_del.php index dec96f541..cc54dbd50 100644 --- a/interface/web/vm/openvz_ostemplate_del.php +++ b/interface/web/vm/openvz_ostemplate_del.php @@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('tpl,tform'); $app->load('tform_actions'); diff --git a/interface/web/vm/openvz_ostemplate_edit.php b/interface/web/vm/openvz_ostemplate_edit.php index 09a959811..697ab4cbd 100644 --- a/interface/web/vm/openvz_ostemplate_edit.php +++ b/interface/web/vm/openvz_ostemplate_edit.php @@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); // Loading classes $app->uses('tpl,tform'); diff --git a/interface/web/vm/openvz_ostemplate_list.php b/interface/web/vm/openvz_ostemplate_list.php index f6f2a7062..00d2ee4d9 100644 --- a/interface/web/vm/openvz_ostemplate_list.php +++ b/interface/web/vm/openvz_ostemplate_list.php @@ -43,6 +43,7 @@ $list_def_file = "list/openvz_ostemplate.list.php"; //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('listform_actions'); diff --git a/interface/web/vm/openvz_template_del.php b/interface/web/vm/openvz_template_del.php index 3b672e7dd..09584e352 100644 --- a/interface/web/vm/openvz_template_del.php +++ b/interface/web/vm/openvz_template_del.php @@ -44,6 +44,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('tpl,tform'); $app->load('tform_actions'); diff --git a/interface/web/vm/openvz_template_edit.php b/interface/web/vm/openvz_template_edit.php index 2c1247a29..c0740022c 100644 --- a/interface/web/vm/openvz_template_edit.php +++ b/interface/web/vm/openvz_template_edit.php @@ -43,6 +43,7 @@ require_once('../../lib/app.inc.php'); //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); // Loading classes $app->uses('tpl,tform'); diff --git a/interface/web/vm/openvz_template_list.php b/interface/web/vm/openvz_template_list.php index 0f4776431..15bd9075e 100644 --- a/interface/web/vm/openvz_template_list.php +++ b/interface/web/vm/openvz_template_list.php @@ -43,6 +43,7 @@ $list_def_file = "list/openvz_template.list.php"; //* Check permissions for module $app->auth->check_module_permissions('vm'); +if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied'); $app->uses('listform_actions'); diff --git a/server/cron_daily.php b/server/cron_daily.php index d8a7b647c..c62923b5f 100644 --- a/server/cron_daily.php +++ b/server/cron_daily.php @@ -501,12 +501,19 @@ if($backup_dir != '') { $web_group = $rec['system_group']; $web_id = $rec['domain_id']; $web_backup_dir = $backup_dir.'/web'.$web_id; - if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0755); - - chmod($web_backup_dir, 0755); - chown($web_backup_dir, 'root'); - chgrp($web_backup_dir, 'root'); + if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750); + chmod($web_backup_dir, 0750); + if(isset($server_config['backup_dir_ftpread']) && $server_config['backup_dir_ftpread'] == 'y') { + chown($web_backup_dir, $rec['system_user']); + chgrp($web_backup_dir, $rec['system_group']); + } else { + chown($web_backup_dir, 'root'); + chgrp($web_backup_dir, 'root'); + } exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print | zip -y '.escapeshellarg($web_backup_dir.'/web.zip').' -@'); + chown($web_backup_dir.'/web.zip', $rec['system_user']); + chgrp($web_backup_dir.'/web.zip', $rec['system_group']); + chmod($web_backup_dir.'/web.zip', 0750); // Rename or remove old backups $backup_copies = intval($rec['backup_copies']); @@ -527,7 +534,9 @@ if($backup_dir != '') { // Create backupdir symlink if(is_link($web_path.'/backup')) unlink($web_path.'/backup'); symlink($web_backup_dir,$web_path.'/backup'); - chmod($web_path.'/backup', 0755); + // chmod($web_path.'/backup', 0755); + chown($web_path.'/backup', $rec['system_user']); + chgrp($web_path.'/backup', $rec['system_group']); } -- GitLab