Added openbasedir restriction to fcgi starter script.

tbrehm

2009-07-05 abd9b232ad25496f8eeee6b133f27e44e068a7c5

 server/plugins-available/apache2_plugin.inc.php

@@ -443,7 +443,7 @@
      
      $username = escapeshellcmd($data["new"]["system_user"]);
      if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) {
         exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname $username -s /bin/false");
         exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false");
         $app->log("Adding the user: $username",LOGLEVEL_DEBUG);
      }
      
@@ -459,7 +459,6 @@
         exec("setquota -T -u $username 604800 604800 -a &> /dev/null");
      }
      
		
      if($this->action == 'insert') {
         // Chown and chmod the directories below the document root
         exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));
@@ -468,8 +467,27 @@
         exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]));
      }
      
      // make temp direcory writable for the apache user and the website user
      exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
		
		
      // If the security level is set to high
      if($web_config['security_level'] == 20) {
			
         exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"]."/"));
         exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"])."/*");
         exec("chmod 710 ".escapeshellcmd($data["new"]["document_root"]."/web"));
			
         //* add the apache user to the client group
         $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
			
      // If the security Level is set to medium
      } else {
		
         exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
         exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*"));
		
         // make temp direcory writable for the apache user and the website user
         exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
      }
      
      
      // Create the vhost config file
@@ -482,6 +500,7 @@
      $vhost_data["web_document_root"] = $data["new"]["document_root"]."/web";
      $vhost_data["web_document_root_www"] = $web_config["website_basedir"]."/".$data["new"]["domain"]."/web";
      $vhost_data["web_basedir"] = $web_config["website_basedir"];
      $vhost_data["security_level"] = $web_config["security_level"];
      
      // Check if a SSL cert exists
      $ssl_dir = $data["new"]["document_root"]."/ssl";
@@ -506,6 +525,7 @@
      // Rewrite rules
      $rewrite_rules = array();
      if($data["new"]["redirect_type"] != '') {
         if(substr($data["new"]["redirect_path"],-1) != '/') $data["new"]["redirect_path"] .= '/';
         $rewrite_rules[] = array(   'rewrite_domain'    => $data["new"]["domain"],
                              'rewrite_type'       => ($data["new"]["redirect_type"] == 'no')?'':'['.$data["new"]["redirect_type"].']',
                              'rewrite_target'    => $data["new"]["redirect_path"]);
@@ -552,6 +572,7 @@
            $app->log("Add server alias: $alias[domain]",LOGLEVEL_DEBUG);
            // Rewriting
            if($alias["redirect_type"] != '') {
               if(substr($data["new"]["redirect_path"],-1) != '/') $data["new"]["redirect_path"] .= '/';
               $rewrite_rules[] = array(   'rewrite_domain'    => $alias["domain"],
                                    'rewrite_type'       => ($alias["redirect_type"] == 'no')?'':'['.$alias["redirect_type"].']',
                                    'rewrite_target'    => $alias["redirect_path"]);
@@ -747,6 +768,9 @@
      // request a httpd reload when all records have been processed
      $app->services->restartServiceDelayed('httpd','reload');
      
      //* Unset action to clean it for next processed vhost.
      $this->action = '';
		
   }
   
   function delete($event_name,$data) {