ftimme
2012-01-03 504203fc885d07cb31952cc48b9c17b186ae0dc7
server/plugins-available/nginx_plugin.inc.php
@@ -531,18 +531,17 @@
      if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
         // Chown and chmod the directories below the document root
         $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
         $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
         // The document root itself has to be owned by root in normal level and by the web owner in security level 20
         if($web_config['security_level'] == 20) {
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
         } else {
            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
         }
      }
      //* If the security level is set to high
      if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
      if($web_config['security_level'] == 20) {
         $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
@@ -575,7 +574,13 @@
         //* add the nginx user to the client group
         $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));
            //* Chown all default directories
         $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
            $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
         /*
         * Workaround for jailkit: If jailkit is enabled for the site, the 
@@ -594,11 +599,21 @@
      } else {
         $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
         $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
         $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/log'));
            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));
            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/web'));
         // make temp directory writable for nginx and the website users
         $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/log'));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
         }
      }
      // Change the ownership of the error log to the owner of the website
@@ -924,7 +939,13 @@
         if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {
            $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);
            copy($vhost_file,$vhost_file.'.err');
            if(is_file($vhost_file.'~')) {
               //* Copy back the last backup file
            copy($vhost_file.'~',$vhost_file);
            } else {
               //* There is no backup file, so we create a empty vhost file with a warning message inside
               file_put_contents($vhost_file,"# nginx did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");
            }
            $app->services->restartService('httpd','restart');
         }
      } else {
@@ -1118,12 +1139,18 @@
      }
      
      //* Create the folder path, if it does not exist
      if(!is_dir($folder_path)) exec('mkdir -p '.$folder_path);
      if(!is_dir($folder_path)) {
         exec('mkdir -p '.$folder_path);
         chown($folder_path,$website['system_user']);
         chgrp($folder_path,$website['system_group']);
      }
      
      //* Create empty .htpasswd file, if it does not exist
      if(!is_file($folder_path.'.htpasswd')) {
         touch($folder_path.'.htpasswd');
         chmod($folder_path.'.htpasswd',0755);
         chown($folder_path.'.htpasswd',$website['system_user']);
         chgrp($folder_path.'.htpasswd',$website['system_group']);
         $app->log('Created file'.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
      }