| install/autoupdate.php | ●●●●● patch | view | raw | blame | history | |
| install/dist/lib/fedora.lib.php | ●●●●● patch | view | raw | blame | history | |
| install/dist/lib/gentoo.lib.php | ●●●●● patch | view | raw | blame | history | |
| install/dist/lib/opensuse.lib.php | ●●●●● patch | view | raw | blame | history | |
| install/lib/installer_base.lib.php | ●●●●● patch | view | raw | blame | history | |
| install/update.php | ●●●●● patch | view | raw | blame | history | |
| interface/web/monitor/tools.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/plugins-available/apache2_plugin.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/plugins-available/shelluser_base_plugin.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/plugins-available/shelluser_jailkit_plugin.inc.php | ●●●●● patch | view | raw | blame | history | |
| server/scripts/create_jailkit_chroot.sh | ●●●●● patch | view | raw | blame | history |
install/autoupdate.php
@@ -144,6 +144,11 @@ die("internal error - MYSQL-Root passord not known"); } //** Test mysql root connection if(!@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) { die("internal error - MYSQL-Root passord wrong"); } /* * Check all tables */ install/dist/lib/fedora.lib.php
@@ -1029,6 +1029,11 @@ // Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail replaceLine('/etc/sudoers','Defaults requiretty','#Defaults requiretty',0,0); if(is_file($install_dir.'/interface/invoices')) { chmod($install_dir.'/interface/invoices', 0770); chown($install_dir.'/interface/invoices', 'ispconfig'); chgrp($install_dir.'/interface/invoices', 'ispconfig'); } }
@@ -866,6 +866,12 @@ chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root'); } if(is_file($install_dir.'/interface/invoices')) { chmod($install_dir.'/interface/invoices', 0770); chown($install_dir.'/interface/invoices', 'ispconfig'); chgrp($install_dir.'/interface/invoices', 'ispconfig'); } // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing // and must be fixed as this will allow the apache user to read the ispconfig files. // Later this must run as own apache server or via suexec! install/dist/lib/opensuse.lib.php
@@ -1060,6 +1060,12 @@ exec('chmod 744 /usr/local/bin/run-getmail.sh'); } if(is_file($install_dir.'/interface/invoices')) { chmod($install_dir.'/interface/invoices', 0770); chown($install_dir.'/interface/invoices', 'ispconfig'); chgrp($install_dir.'/interface/invoices', 'ispconfig'); } }
@@ -514,6 +514,10 @@ copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init); copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh); } //* help jailkit fo find its ini files if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini'); if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini'); } @@ -1938,6 +1942,12 @@ chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600); chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root'); chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root'); if(is_file($install_dir.'/interface/invoices')) { chmod($install_dir.'/interface/invoices', 0770); chown($install_dir.'/interface/invoices', 'ispconfig'); chgrp($install_dir.'/interface/invoices', 'ispconfig'); } }
@@ -139,11 +139,17 @@ $clientdb_user = ''; $clientdb_password = ''; //** Ask user for mysql admin_password if empty if( empty($conf["mysql"]["admin_password"]) ) { $conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']); } //** Test mysql root connection $finished = false; do { if(@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) { $finished = true; } else { swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error()); $conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']); } } while ($finished == false); unset($finished); /* * Prepare the dump of the database interface/web/monitor/tools.inc.php
@@ -314,7 +314,7 @@ } else { $data = unserialize($record['data']); $html .= nl2br($data['output']); $html .= nl2br(html_entity_decode($data['output'])); } $html .= '</div></div>'; } else { server/plugins-available/apache2_plugin.inc.php
@@ -541,74 +541,76 @@ if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) { // Chown and chmod the directories below the document root $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web'); // The document root itself has to be owned by root in normal level and by the web owner in security level 20 if($web_config['security_level'] == 20) { $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web'); } else { $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web'); } } //* If the security level is set to high if($web_config['security_level'] == 20) { if($this->action == 'insert' && $data['new']['type'] == 'vhost') { if($web_config['security_level'] == 20) { $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*'); $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web')); $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*'); $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web')); // make tmp directory writable for Apache and the website users $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp')); // make tmp directory writable for Apache and the website users $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp')); // Set Log symlink to 755 to make the logs accessible by the FTP user $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log"); // Set Log symlink to 755 to make the logs accessible by the FTP user $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log"); $command = 'usermod'; $command .= ' --groups sshusers'; $command .= ' '.escapeshellcmd($data['new']['system_user']); $this->_exec($command); $command = 'usermod'; $command .= ' --groups sshusers'; $command .= ' '.escapeshellcmd($data['new']['system_user']); $this->_exec($command); //* if we have a chrooted Apache environment if($apache_chrooted) { $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command); //* if we have a chrooted Apache environment if($apache_chrooted) { $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command); //* add the apache user to the client group in the chroot environment $tmp_groupfile = $app->system->server_conf['group_datei']; $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group'; //* add the apache user to the client group in the chroot environment $tmp_groupfile = $app->system->server_conf['group_datei']; $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group'; $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); $app->system->server_conf['group_datei'] = $tmp_groupfile; unset($tmp_groupfile); } //* add the Apache user to the client group $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); $app->system->server_conf['group_datei'] = $tmp_groupfile; unset($tmp_groupfile); } //* add the Apache user to the client group $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user'])); $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'])); /* * Workaround for jailkit: If jailkit is enabled for the site, the * website root has to be owned by the root user and we have to chmod it to 755 then */ /* * Workaround for jailkit: If jailkit is enabled for the site, the * website root has to be owned by the root user and we have to chmod it to 755 then */ //* Check if there is a jailkit user for this site $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'"); if($tmp['number'] > 0) { $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'])); } unset($tmp); //* Check if there is a jailkit user for this site $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'"); if($tmp['number'] > 0) { // If the security Level is set to medium } else { $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*')); $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'])); // make temp directory writable for Apache and the website users $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp')); } unset($tmp); // If the security Level is set to medium } else { $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'])); $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*')); $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'])); // make temp directory writable for Apache and the website users $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp')); } // Change the ownership of the error log to the owner of the website server/plugins-available/shelluser_base_plugin.inc.php
@@ -235,7 +235,7 @@ if (!file_exists($sshkeys)){ // add root's key $app->file->mkdirs($sshdir, '0755'); file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys')); if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys')); // Remove duplicate keys $existing_keys = file($sshkeys); server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -404,7 +404,7 @@ if (!file_exists($sshkeys)){ // add root's key $app->file->mkdirs($sshdir, '0755'); file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys')); if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys')); // Remove duplicate keys $existing_keys = file($sshkeys); @@ -442,7 +442,7 @@ $this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG); } // set proper file permissions exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir); // exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir); exec("chmod 600 '$sshkeys'"); } server/scripts/create_jailkit_chroot.sh
@@ -21,7 +21,7 @@ chown root:root $CHROOT_HOMEDIR ## Initialize the chroot into the specified directory with the specified applications jk_init -f -k -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS jk_init -f -k -c /etc/jailkit/jk_init.ini -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS ## Create the temp directory if [ ! -d "$CHROOT_HOMEDIR/tmp" ]
