ISPConfig3 devel
blame | history | patch | commit | commitdiff | show whitespace
ftimme
2012-01-03 504203fc885d07cb31952cc48b9c17b186ae0dc7 
 server/plugins-available/nginx_plugin.inc.php


@@ -531,18 +531,17 @@




      if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {


         // Chown and chmod the directories below the document root


         $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


         $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');


         // The document root itself has to be owned by root in normal level and by the web owner in security level 20


         if($web_config['security_level'] == 20) {


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');


         } else {


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');


         }


      }








      //* If the security level is set to high


      if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {


      if($web_config['security_level'] == 20) {




         $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));


@@ -575,7 +574,13 @@


         //* add the nginx user to the client group


         $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));




            //* Chown all default directories


         $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));


            $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));




         /*


         * Workaround for jailkit: If jailkit is enabled for the site, the 


@@ -594,11 +599,21 @@


      } else {




         $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));


         $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));


         $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));


            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/log'));


            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));


            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/web'));




         // make temp directory writable for nginx and the website users


         $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));


				


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/log'));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));


         }


      }




      // Change the ownership of the error log to the owner of the website


@@ -924,7 +939,13 @@


         if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {


            $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);


            copy($vhost_file,$vhost_file.'.err');


            if(is_file($vhost_file.'~')) {


               //* Copy back the last backup file


            copy($vhost_file.'~',$vhost_file);


            } else {


               //* There is no backup file, so we create a empty vhost file with a warning message inside


               file_put_contents($vhost_file,"# nginx did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");


            }


            $app->services->restartService('httpd','restart');


         }


      } else {


@@ -1118,12 +1139,18 @@


      }


      


      //* Create the folder path, if it does not exist


      if(!is_dir($folder_path)) exec('mkdir -p '.$folder_path);


      if(!is_dir($folder_path)) {


         exec('mkdir -p '.$folder_path);


         chown($folder_path,$website['system_user']);


         chgrp($folder_path,$website['system_group']);


      }


      


      //* Create empty .htpasswd file, if it does not exist


      if(!is_file($folder_path.'.htpasswd')) {


         touch($folder_path.'.htpasswd');


         chmod($folder_path.'.htpasswd',0755);


         chown($folder_path.'.htpasswd',$website['system_user']);


         chgrp($folder_path.'.htpasswd',$website['system_group']);


         $app->log('Created file'.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);


      }