From 3cebc3a5fc5a6e76b80f712fc4f7a48c2c92d61e Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Fri, 10 Jul 2009 07:33:29 -0400
Subject: [PATCH] Fixed: FS#776 - Client's limits do not apply for it's own client Improved client and reseller limit checks
---
server/plugins-available/apache2_plugin.inc.php | 37 +++++++++++++++++++++++++++++++++----
1 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index db4266f..c734921 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -443,7 +443,7 @@
$username = escapeshellcmd($data["new"]["system_user"]);
if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) {
- exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname $username -s /bin/false");
+ exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false");
$app->log("Adding the user: $username",LOGLEVEL_DEBUG);
}
@@ -459,7 +459,6 @@
exec("setquota -T -u $username 604800 604800 -a &> /dev/null");
}
-
if($this->action == 'insert') {
// Chown and chmod the directories below the document root
exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));
@@ -468,8 +467,32 @@
exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]));
}
- // make temp direcory writable for the apache user and the website user
- exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
+
+
+ // If the security level is set to high
+ if($web_config['security_level'] == 20) {
+
+ exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"]."/"));
+ exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"])."/*");
+ exec("chmod 710 ".escapeshellcmd($data["new"]["document_root"]."/web"));
+
+ $command = 'usermod';
+ $command .= ' --groups sshusers';
+ $command .= ' '.escapeshellcmd($data["new"]["system_user"]);
+ exec($command);
+
+ //* add the apache user to the client group
+ $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+
+ // If the security Level is set to medium
+ } else {
+
+ exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
+ exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*"));
+
+ // make temp direcory writable for the apache user and the website user
+ exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
+ }
// Create the vhost config file
@@ -482,6 +505,7 @@
$vhost_data["web_document_root"] = $data["new"]["document_root"]."/web";
$vhost_data["web_document_root_www"] = $web_config["website_basedir"]."/".$data["new"]["domain"]."/web";
$vhost_data["web_basedir"] = $web_config["website_basedir"];
+ $vhost_data["security_level"] = $web_config["security_level"];
// Check if a SSL cert exists
$ssl_dir = $data["new"]["document_root"]."/ssl";
@@ -631,6 +655,7 @@
$fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]);
$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
+ $fcgi_tpl->setVar('security_level',$web_config["security_level"]);
$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
@@ -682,6 +707,7 @@
// This will NOT work!
//$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]);
$cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]);
+ $cgi_tpl->setVar('security_level',$web_config["security_level"]);
$cgi_starter_script = escapeshellcmd($cgi_starter_path.$cgi_config["cgi_starter_script"]);
file_put_contents($cgi_starter_script,$cgi_tpl->grab());
@@ -749,6 +775,9 @@
// request a httpd reload when all records have been processed
$app->services->restartServiceDelayed('httpd','reload');
+ //* Unset action to clean it for next processed vhost.
+ $this->action = '';
+
}
function delete($event_name,$data) {
--
Gitblit v1.9.1