From 05354759ae5feb624c9ded249dabfc7ebf123781 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 02 Jan 2012 13:54:33 -0500
Subject: [PATCH] Fixed: FS#1952 - Folders created by folder protection function belong to the root user
---
server/plugins-available/apache2_plugin.inc.php | 45 +++++++++++++++++++++++++++++++++++----------
1 files changed, 35 insertions(+), 10 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 7849aca..e721a08 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -553,7 +553,7 @@
//* If the security level is set to high
- if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
+ if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
if($web_config['security_level'] == 20) {
$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
@@ -585,8 +585,14 @@
//* add the Apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
-
+
+ //* Chown all default directories
$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+ $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
/*
* Workaround for jailkit: If jailkit is enabled for the site, the
@@ -605,11 +611,20 @@
} else {
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
- $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
-
+ $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+ $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/log'));
+ $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+ $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/web'));
+
// make temp directory writable for Apache and the website users
$this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+
+ $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+ $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/log'));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
}
}
@@ -730,7 +745,7 @@
'rewrite_target_ssl' => $rewrite_target_ssl);
break;
case '*':
- $rewrite_rules[] = array( 'rewrite_domain' => $data['new']['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$data['new']['domain'],
'rewrite_type' => ($data['new']['redirect_type'] == 'no')?'':'['.$data['new']['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl);
@@ -796,7 +811,7 @@
'rewrite_target_ssl' => $rewrite_target_ssl);
break;
case '*':
- $rewrite_rules[] = array( 'rewrite_domain' => $alias['domain'],
+ $rewrite_rules[] = array( 'rewrite_domain' => '(^|\.)'.$alias['domain'],
'rewrite_type' => ($alias['redirect_type'] == 'no')?'':'['.$alias['redirect_type'].']',
'rewrite_target' => $rewrite_target,
'rewrite_target_ssl' => $rewrite_target_ssl);
@@ -1320,12 +1335,18 @@
}
//* Create the folder path, if it does not exist
- if(!is_dir($folder_path)) exec('mkdir -p '.$folder_path);
+ if(!is_dir($folder_path)) {
+ exec('mkdir -p '.$folder_path);
+ chown($folder_path,$website['system_user']);
+ chgrp($folder_path,$website['system_group']);
+ }
//* Create empty .htpasswd file, if it does not exist
if(!is_file($folder_path.'.htpasswd')) {
touch($folder_path.'.htpasswd');
chmod($folder_path.'.htpasswd',0755);
+ chown($folder_path.'.htpasswd',$website['system_user']);
+ chgrp($folder_path.'.htpasswd',$website['system_group']);
$app->log('Created file '.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);
}
@@ -1363,7 +1384,9 @@
//if(!is_file($folder_path.'.htaccess')) {
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$folder_path.".htpasswd\nrequire valid-user";
file_put_contents($folder_path.'.htaccess',$ht_file);
- chmod($folder_path.'.htpasswd',0755);
+ chmod($folder_path.'.htaccess',0755);
+ chown($folder_path.'.htaccess',$website['system_user']);
+ chgrp($folder_path.'.htaccess',$website['system_group']);
$app->log('Created file '.$folder_path.'.htaccess',LOGLEVEL_DEBUG);
//}
@@ -1475,7 +1498,9 @@
$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$new_folder_path.".htpasswd\nrequire valid-user";
file_put_contents($new_folder_path.'.htaccess',$ht_file);
chmod($new_folder_path.'.htpasswd',0755);
- $app->log('Created file '.$new_folder_path.'.htaccess',LOGLEVEL_DEBUG);
+ chown($folder_path.'.htpasswd',$website['system_user']);
+ chgrp($folder_path.'.htpasswd',$website['system_group']);
+ $app->log('Created file '.$new_folder_path.'.htpasswd',LOGLEVEL_DEBUG);
}
//* Remove .htaccess file
--
Gitblit v1.9.1