From 88273a930b0d36fb17ba64b5db6ff1052df5da89 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 15 Nov 2011 03:58:16 -0500
Subject: [PATCH] - Added code to preserve permissions of invoices folder in the installer. - Fixed a problem with german umlauts in monitor. - Added code to update.php and autoupdate.php that checks the mysql root password before the update starts. - Fixed: FS#1848 - changing password of ssh user >>> rights in webXX are changed
---
interface/web/monitor/tools.inc.php | 2
server/plugins-available/shelluser_base_plugin.inc.php | 2
install/lib/installer_base.lib.php | 10 +++
install/dist/lib/fedora.lib.php | 5 +
server/plugins-available/shelluser_jailkit_plugin.inc.php | 4
server/plugins-available/apache2_plugin.inc.php | 92 +++++++++++++++---------------
server/scripts/create_jailkit_chroot.sh | 2
install/dist/lib/gentoo.lib.php | 6 ++
install/dist/lib/opensuse.lib.php | 6 ++
install/update.php | 16 +++-
install/autoupdate.php | 5 +
11 files changed, 95 insertions(+), 55 deletions(-)
diff --git a/install/autoupdate.php b/install/autoupdate.php
index b77ff49..ba5b1a1 100644
--- a/install/autoupdate.php
+++ b/install/autoupdate.php
@@ -144,6 +144,11 @@
die("internal error - MYSQL-Root passord not known");
}
+//** Test mysql root connection
+if(!@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) {
+ die("internal error - MYSQL-Root passord wrong");
+}
+
/*
* Check all tables
*/
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index 4efb6fc..51f2dff 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -1029,6 +1029,11 @@
// Edit the file Edit the file /etc/sudoers and comment out the requiregetty line, otherwise the backup function will fail
replaceLine('/etc/sudoers','Defaults requiretty','#Defaults requiretty',0,0);
+ if(is_file($install_dir.'/interface/invoices')) {
+ chmod($install_dir.'/interface/invoices', 0770);
+ chown($install_dir.'/interface/invoices', 'ispconfig');
+ chgrp($install_dir.'/interface/invoices', 'ispconfig');
+ }
}
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index ffe5ef2..c5fdad0 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -866,6 +866,12 @@
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
}
+ if(is_file($install_dir.'/interface/invoices')) {
+ chmod($install_dir.'/interface/invoices', 0770);
+ chown($install_dir.'/interface/invoices', 'ispconfig');
+ chgrp($install_dir.'/interface/invoices', 'ispconfig');
+ }
+
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
// Later this must run as own apache server or via suexec!
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index 22438cc..eed2226 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -1060,6 +1060,12 @@
exec('chmod 744 /usr/local/bin/run-getmail.sh');
}
+ if(is_file($install_dir.'/interface/invoices')) {
+ chmod($install_dir.'/interface/invoices', 0770);
+ chown($install_dir.'/interface/invoices', 'ispconfig');
+ chgrp($install_dir.'/interface/invoices', 'ispconfig');
+ }
+
}
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index c3d40b2..2bf5651 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -514,6 +514,10 @@
copy('tpl/'.$jk_init.'.master', $config_dir.'/'.$jk_init);
copy('tpl/'.$jk_chrootsh.'.master', $config_dir.'/'.$jk_chrootsh);
}
+
+ //* help jailkit fo find its ini files
+ if(!is_link('/usr/jk_socketd.ini')) exec('ln -s /etc/jailkit/jk_socketd.ini /usr/jk_socketd.ini');
+ if(!is_link('/usr/jk_init.ini')) exec('ln -s /etc/jailkit/jk_init.ini /usr/jk_init.ini');
}
@@ -1938,6 +1942,12 @@
chmod($install_dir.'/server/lib/mysql_clientdb.conf', 0600);
chown($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
chgrp($install_dir.'/server/lib/mysql_clientdb.conf', 'root');
+
+ if(is_file($install_dir.'/interface/invoices')) {
+ chmod($install_dir.'/interface/invoices', 0770);
+ chown($install_dir.'/interface/invoices', 'ispconfig');
+ chgrp($install_dir.'/interface/invoices', 'ispconfig');
+ }
}
diff --git a/install/update.php b/install/update.php
index 58b366f..769cdce 100644
--- a/install/update.php
+++ b/install/update.php
@@ -139,11 +139,17 @@
$clientdb_user = '';
$clientdb_password = '';
-//** Ask user for mysql admin_password if empty
-if( empty($conf["mysql"]["admin_password"]) ) {
-
- $conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']);
-}
+//** Test mysql root connection
+$finished = false;
+do {
+ if(@mysql_connect($conf["mysql"]["host"],$conf["mysql"]["admin_user"],$conf["mysql"]["admin_password"])) {
+ $finished = true;
+ } else {
+ swriteln($inst->lng('Unable to connect to mysql server').' '.mysql_error());
+ $conf["mysql"]["admin_password"] = $inst->free_query('MySQL root password', $conf['mysql']['admin_password']);
+ }
+} while ($finished == false);
+unset($finished);
/*
* Prepare the dump of the database
diff --git a/interface/web/monitor/tools.inc.php b/interface/web/monitor/tools.inc.php
index 46ccaad..60d006a 100644
--- a/interface/web/monitor/tools.inc.php
+++ b/interface/web/monitor/tools.inc.php
@@ -314,7 +314,7 @@
}
else {
$data = unserialize($record['data']);
- $html .= nl2br($data['output']);
+ $html .= nl2br(html_entity_decode($data['output']));
}
$html .= '</div></div>';
} else {
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index eacf943..7dc07fe 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -541,74 +541,76 @@
if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {
// Chown and chmod the directories below the document root
- $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
// The document root itself has to be owned by root in normal level and by the web owner in security level 20
if($web_config['security_level'] == 20) {
- $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');
} else {
- $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');
}
}
//* If the security level is set to high
- if($web_config['security_level'] == 20) {
+ if($this->action == 'insert' && $data['new']['type'] == 'vhost') {
+ if($web_config['security_level'] == 20) {
- $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
- $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
+ $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']).'/*');
+ $this->_exec('chmod 710 '.escapeshellcmd($data['new']['document_root'].'/web'));
- // make tmp directory writable for Apache and the website users
- $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
+ // make tmp directory writable for Apache and the website users
+ $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
- // Set Log symlink to 755 to make the logs accessible by the FTP user
- $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
+ // Set Log symlink to 755 to make the logs accessible by the FTP user
+ $this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
- $command = 'usermod';
- $command .= ' --groups sshusers';
- $command .= ' '.escapeshellcmd($data['new']['system_user']);
- $this->_exec($command);
+ $command = 'usermod';
+ $command .= ' --groups sshusers';
+ $command .= ' '.escapeshellcmd($data['new']['system_user']);
+ $this->_exec($command);
- //* if we have a chrooted Apache environment
- if($apache_chrooted) {
- $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
+ //* if we have a chrooted Apache environment
+ if($apache_chrooted) {
+ $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' '.$command);
- //* add the apache user to the client group in the chroot environment
- $tmp_groupfile = $app->system->server_conf['group_datei'];
- $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
+ //* add the apache user to the client group in the chroot environment
+ $tmp_groupfile = $app->system->server_conf['group_datei'];
+ $app->system->server_conf['group_datei'] = $web_config['website_basedir'].'/etc/group';
+ $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+ $app->system->server_conf['group_datei'] = $tmp_groupfile;
+ unset($tmp_groupfile);
+ }
+
+ //* add the Apache user to the client group
$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
- $app->system->server_conf['group_datei'] = $tmp_groupfile;
- unset($tmp_groupfile);
- }
- //* add the Apache user to the client group
- $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+ $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));
+ /*
+ * Workaround for jailkit: If jailkit is enabled for the site, the
+ * website root has to be owned by the root user and we have to chmod it to 755 then
+ */
- /*
- * Workaround for jailkit: If jailkit is enabled for the site, the
- * website root has to be owned by the root user and we have to chmod it to 755 then
- */
+ //* Check if there is a jailkit user for this site
+ $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
+ if($tmp['number'] > 0) {
+ $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+ }
+ unset($tmp);
- //* Check if there is a jailkit user for this site
- $tmp = $app->db->queryOneRecord('SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = '.$data['new']['domain_id']." AND chroot = 'jailkit'");
- if($tmp['number'] > 0) {
+ // If the security Level is set to medium
+ } else {
+
$this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
+ $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
$this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
+
+ // make temp directory writable for Apache and the website users
+ $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
}
- unset($tmp);
-
- // If the security Level is set to medium
- } else {
-
- $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));
- $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));
- $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));
-
- // make temp directory writable for Apache and the website users
- $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));
}
// Change the ownership of the error log to the owner of the website
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index 946aaaa..e420293 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -235,7 +235,7 @@
if (!file_exists($sshkeys)){
// add root's key
$app->file->mkdirs($sshdir, '0755');
- file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
+ if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
// Remove duplicate keys
$existing_keys = file($sshkeys);
diff --git a/server/plugins-available/shelluser_jailkit_plugin.inc.php b/server/plugins-available/shelluser_jailkit_plugin.inc.php
index c1e2b2c..b695d51 100755
--- a/server/plugins-available/shelluser_jailkit_plugin.inc.php
+++ b/server/plugins-available/shelluser_jailkit_plugin.inc.php
@@ -404,7 +404,7 @@
if (!file_exists($sshkeys)){
// add root's key
$app->file->mkdirs($sshdir, '0755');
- file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
+ if(is_file('/root/.ssh/authorized_keys')) file_put_contents($sshkeys, file_get_contents('/root/.ssh/authorized_keys'));
// Remove duplicate keys
$existing_keys = file($sshkeys);
@@ -442,7 +442,7 @@
$this->app->log("ssh-rsa key updated in ".$sshkeys,LOGLEVEL_DEBUG);
}
// set proper file permissions
- exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
+ // exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);
exec("chmod 600 '$sshkeys'");
}
diff --git a/server/scripts/create_jailkit_chroot.sh b/server/scripts/create_jailkit_chroot.sh
index 312148d..6ffa889 100755
--- a/server/scripts/create_jailkit_chroot.sh
+++ b/server/scripts/create_jailkit_chroot.sh
@@ -21,7 +21,7 @@
chown root:root $CHROOT_HOMEDIR
## Initialize the chroot into the specified directory with the specified applications
-jk_init -f -k -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS
+jk_init -f -k -c /etc/jailkit/jk_init.ini -j $CHROOT_HOMEDIR $CHROOT_APP_SECTIONS
## Create the temp directory
if [ ! -d "$CHROOT_HOMEDIR/tmp" ]
--
Gitblit v1.9.1