- Added code to preserve permissions of invoices folder in the installer. -...

tbrehm

2011-11-15 88273a930b0d36fb17ba64b5db6ff1052df5da89

- Added code to preserve permissions of invoices folder in the installer.
- Fixed a problem with german umlauts in monitor.
- Added code to update.php and autoupdate.php that checks the mysql root password before the update starts.
- Fixed: FS#1848 - changing password of ssh user >>> rights in webXX are changed

 install/autoupdate.php

@@ -144,6 +144,11 @@
    die("internal error - MYSQL-Root passord not known");
}

//** Test mysql root connection
if(!@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) {
    die("internal error - MYSQL-Root passord wrong");
}

/*
 *  Check all tables
*/

 install/dist/lib/fedora.lib.php

@@ -1029,6 +1029,11 @@
        // Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
        replaceLine('/etc/sudoers','Defaults    requiretty','#Defaults    requiretty',0,0);
        
        if(is_file($install_dir.'/interface/invoices')) {
            chmod($install_dir.'/interface/invoices', 0770);
            chown($install_dir.'/interface/invoices', 'ispconfig');
            chgrp($install_dir.'/interface/invoices', 'ispconfig');
        }
        
    }
    

 install/dist/lib/gentoo.lib.php

@@ -866,6 +866,12 @@
            chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
        }
        
        if(is_file($install_dir.'/interface/invoices')) {
            chmod($install_dir.'/interface/invoices', 0770);
            chown($install_dir.'/interface/invoices', 'ispconfig');
            chgrp($install_dir.'/interface/invoices', 'ispconfig');
        }
		
        // TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
        // and must be fixed as this will allow the apache user to read the ispconfig files.
        // Later this must run as own apache server or via suexec!

 install/dist/lib/opensuse.lib.php

@@ -1060,6 +1060,12 @@
            exec('chmod 744 /usr/local/bin/run-getmail.sh');
        }
        
        if(is_file($install_dir.'/interface/invoices')) {
            chmod($install_dir.'/interface/invoices', 0770);
            chown($install_dir.'/interface/invoices', 'ispconfig');
            chgrp($install_dir.'/interface/invoices', 'ispconfig');
        }
		
        
    }
    

 install/lib/installer_base.lib.php

@@ -515,6 +515,10 @@
            copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
        }

        //* help jailkit fo find its ini files
        if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
        if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');

    }
    
    public function configure_mailman($status = 'insert') {
@@ -1939,6 +1943,12 @@
        chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
        chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');

        if(is_file($install_dir.'/interface/invoices')) {
            chmod($install_dir.'/interface/invoices', 0770);
            chown($install_dir.'/interface/invoices', 'ispconfig');
            chgrp($install_dir.'/interface/invoices', 'ispconfig');
        }		

    }

    public function install_crontab() {

 install/update.php

@@ -139,11 +139,17 @@
$clientdb_user            = '';
$clientdb_password        = '';

//** Ask user for mysql admin_password if empty
if( empty($conf["mysql"]["admin_password"]) ) {

//** Test mysql root connection
$finished = false;
do {
    if(@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) {
        $finished = true;
    } else {
        swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
    $conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']);
}
} while ($finished == false);
unset($finished);

/*
 *  Prepare the dump of the database 

 interface/web/monitor/tools.inc.php

@@ -314,7 +314,7 @@
        }
        else {
            $data = unserialize($record['data']);
            $html .= nl2br($data['output']);
            $html .= nl2br(html_entity_decode($data['output']));
        }
        $html .= '</div></div>';
    } else {

 server/plugins-available/apache2_plugin.inc.php

@@ -541,18 +541,19 @@

        if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
            // Chown and chmod the directories below the document root
            $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
            $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
            // The document root itself has to be owned by root in normal level and by the web owner in security level 20
            if($web_config['security_level'] == 20) {
                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
            } else {
                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
            }
        }



        //* If the security level is set to high
        if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
        if($web_config['security_level'] == 20) {

            $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
@@ -610,6 +611,7 @@
            // make temp directory writable for Apache and the website users
            $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
        }
        }

        // Change the ownership of the error log to the owner of the website
        if(!@is_file($data['new']['document_root'].'/log/error.log')) exec('touch '.escapeshellcmd($data['new']['document_root']).'/log/error.log');

 server/plugins-available/shelluser_base_plugin.inc.php

@@ -235,7 +235,7 @@
        if (!file_exists($sshkeys)){
            // add root's key
            $app->file->mkdirs($sshdir, '0755');
            file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
            if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
        
            // Remove duplicate keys
            $existing_keys = file($sshkeys);

 server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -404,7 +404,7 @@
        if (!file_exists($sshkeys)){
            // add root's key
            $app->file->mkdirs($sshdir, '0755');
            file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
            if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
        
            // Remove duplicate keys
            $existing_keys = file($sshkeys);
@@ -442,7 +442,7 @@
            $this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
        }
        // set proper file permissions
        exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
        // exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
        exec("chmod 600 '$sshkeys'");
        
    }

 server/scripts/create_jailkit_chroot.sh

@@ -21,7 +21,7 @@
chown root:root $CHROOT_HOMEDIR

## Initialize the chroot into the specified directory with the specified applications
jk_init -f -k -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS
jk_init -f -k -c /etc/jailkit/jk_init.ini -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS

## Create the temp directory
if [ ! -d "$CHROOT_HOMEDIR/tmp" ]