From 2c7ee0fd03f12841c2a6dbb1f3a574e28ed7a1e7 Mon Sep 17 00:00:00 2001
From: mcramer <m.cramer@pixcept.de>
Date: Tue, 23 Jun 2009 12:42:04 -0400
Subject: [PATCH] Fixed: Correct chroot handling of cron jobs Changed: separate crontab files for chrooted and other cron jobs
---
server/plugins-available/shelluser_base_plugin.inc.php | 44 +++++++++++++++++++++++++++++++-------------
1 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 76fdf0e..3f86b42 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -77,22 +77,28 @@
$uid = intval($app->system->getuid($data['new']['puser']));
if($uid > $this->min_uid) {
$command = 'useradd';
- $command .= ' --home '.escapeshellcmd($data['new']['dir']);
- $command .= ' --gid '.escapeshellcmd($data['new']['pgroup']);
- $command .= ' --non-unique ';
- $command .= ' --password '.escapeshellcmd($data['new']['password']);
- $command .= ' --shell '.escapeshellcmd($data['new']['shell']);
- $command .= ' --uid '.escapeshellcmd($uid);
+ $command .= ' -d '.escapeshellcmd($data['new']['dir']);
+ $command .= ' -g '.escapeshellcmd($data['new']['pgroup']);
+ $command .= ' -o '; // non unique
+ if($data['new']['password'] != '') $command .= ' -p '.escapeshellcmd($data['new']['password']);
+ $command .= ' -s '.escapeshellcmd($data['new']['shell']);
+ $command .= ' -u '.escapeshellcmd($uid);
$command .= ' '.escapeshellcmd($data['new']['username']);
exec($command);
+ $app->log("Executed command: ".$command,LOGLEVEL_DEBUG);
$app->log("Added shelluser: ".$data['new']['username'],LOGLEVEL_DEBUG);
+
+ //* Create .bash_history file
+ exec('touch '.escapeshellcmd($data['new']['dir']).'/.bash_history');
+ exec('chmod 755 '.escapeshellcmd($data['new']['dir']).'/.bash_history');
+ exec('chown '.escapeshellcmd($data['new']['username']).':'.escapeshellcmd($data['new']['pgroup']).' '.escapeshellcmd($data['new']['dir']).'/.bash_history');
//* Disable shell user temporarily if we use jailkit
if($data['new']['chroot'] == 'jailkit') {
- $command = 'usermod --lock '.escapeshellcmd($data['new']['username']);
+ $command = 'usermod -L '.escapeshellcmd($data['new']['username']);
exec($command);
- $app->log("Disabling shelluser temporarily: ".$data['new']['username'],LOGLEVEL_DEBUG);
+ $app->log("Disabling shelluser temporarily: ".$command,LOGLEVEL_DEBUG);
}
} else {
@@ -125,8 +131,17 @@
$command .= ' '.escapeshellcmd($data['old']['username']);
exec($command);
- // $app->log("Updated shelluser: $command ",LOGLEVEL_DEBUG);
+ $app->log("Executed command: $command ",LOGLEVEL_DEBUG);
$app->log("Updated shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
+
+
+ //* Create .bash_history file
+ if(!is_file($data['new']['dir']).'/.bash_history') {
+ exec('touch '.escapeshellcmd($data['new']['dir']).'/.bash_history');
+ exec('chmod 755 '.escapeshellcmd($data['new']['dir']).'/.bash_history');
+ exec('chown '.escapeshellcmd($data['new']['username']).':'.escapeshellcmd($data['new']['pgroup']).' '.escapeshellcmd($data['new']['dir']).'/.bash_history');
+ }
+
} else {
// The user does not exist, so we insert it now
$this->insert($event_name,$data);
@@ -148,11 +163,14 @@
// Get the UID of the user
$userid = intval($app->system->getuid($data['old']['username']));
if($userid > $this->min_uid) {
- $command = 'userdel -f -r';
- $command .= ' '.escapeshellcmd($data['old']['username']);
+ // We delete only non jailkit users, jailkit users will be deleted by the jailkit plugin.
+ if ($data['old']['chroot'] != "jailkit") {
+ $command = 'userdel -f';
+ $command .= ' '.escapeshellcmd($data['old']['username']);
- exec($command);
- $app->log("Deleted shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
+ exec($command);
+ $app->log("Deleted shelluser: ".$data['old']['username'],LOGLEVEL_DEBUG);
+ }
} else {
$app->log("UID = $userid for shelluser:".$data['old']['username']." not allowed.",LOGLEVEL_ERROR);
--
Gitblit v1.9.1