From 49a4ebff7c069a34fb1c9967aab06486b75735e0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 02 Jan 2012 07:26:26 -0500
Subject: [PATCH] Add option "set_folder_permissions_on_update" in server config to configure if folder permissions should be forced on web update.

---
 interface/web/admin/templates/server_config_web_edit.htm |    6 ++++++
 server/plugins-available/apache2_plugin.inc.php          |   11 ++++++++---
 interface/web/admin/lib/lang/en_server_config.lng        |    1 +
 install/tpl/server.ini.master                            |    1 +
 interface/web/admin/form/server_config.tform.php         |    6 ++++++
 5 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 8777c64..36ec98d 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -68,6 +68,7 @@
 php_fpm_pool_dir=/etc/php5/fpm/pool.d
 php_fpm_start_port=9010
 php_fpm_socket_dir=/var/lib/php5-fpm
+set_folder_permissions_on_update=y
 
 [dns]
 bind_user=root
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 5c6c12d..07aa128 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -432,6 +432,12 @@
 			'default' => '20',
 			'value' => array('10' => 'Medium', '20' => 'High')
 		),
+		'set_folder_permissions_on_update' => array(
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default' => 'y',
+			'value' => array(0 => 'n', 1 => 'y')
+		),
 		'check_apache_config' => array(
 			'datatype' => 'VARCHAR',
 			'formtype' => 'CHECKBOX',
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 6b5b841..49fdc1d 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -149,5 +149,6 @@
 $wb["do_not_try_rescue_mail_txt"] = 'Disable Email monitoring';
 $wb["rescue_description_txt"] = '<b>Information:</b> If you want to shut down mysql you have to select the "Disable MySQL monitor" checkbox and then wait 2-3 minutes.<br>If you do not wait 2-3 minutes, rescue will try to restart mysql!';
 $wb["enable_sni_txt"] = 'Enable SNI';
+$wb["set_folder_permissions_on_update_txt"] = 'Set folder permissions on update';
 
 ?>
\ No newline at end of file
diff --git a/interface/web/admin/templates/server_config_web_edit.htm b/interface/web/admin/templates/server_config_web_edit.htm
index a2b5f49..944065a 100644
--- a/interface/web/admin/templates/server_config_web_edit.htm
+++ b/interface/web/admin/templates/server_config_web_edit.htm
@@ -69,6 +69,12 @@
 						{tmpl_var name='check_apache_config'}
 					</div>
 			</div>
+	  <div class="ctrlHolder apache">
+				<p class="label">{tmpl_var name='set_folder_permissions_on_update_txt'}</p>
+					<div class="multiField">
+						{tmpl_var name='set_folder_permissions_on_update'}
+					</div>
+			</div>
 	  <div class="ctrlHolder">
 				<p class="label">{tmpl_var name='enable_sni_txt'}</p>
 					<div class="multiField">
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 4958f81..bd93b51 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -553,7 +553,7 @@
 
 
 		//* If the security level is set to high
-		if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
+		if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {
 			if($web_config['security_level'] == 20) {
 
 				$this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
@@ -585,8 +585,13 @@
 
 				//* add the Apache user to the client group
 				$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
-
-				$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+				
+				//* Chown all default directories
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));
+				$this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+				$this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));
 
 				/*
 				* Workaround for jailkit: If jailkit is enabled for the site, the 

--
Gitblit v1.9.1