From af81be948dec1a0d01ea0a35b8b64401cf37336a Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 23 Jul 2009 10:56:53 -0400
Subject: [PATCH] Fixed database permission problem in multiuser setups.

---
 server/plugins-available/apache2_plugin.inc.php |   44 ++++++++++++++++++++++++++++++++++++++------
 1 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index db4266f..1a962ec 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -261,7 +261,7 @@
 					// Remove trailing slash
 					if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
 					// create the symlinks, if not exist
-					if(!is_link($tmp_symlink)) {
+					if(is_link($tmp_symlink)) {
 						exec("rm -f ".escapeshellcmd($tmp_symlink));
 						$app->log("Removed Symlink: rm -f ".$tmp_symlink,LOGLEVEL_DEBUG);
 					}
@@ -443,7 +443,7 @@
 		
 		$username = escapeshellcmd($data["new"]["system_user"]);
 		if($data["new"]["system_user"] != '' && !$app->system->is_user($data["new"]["system_user"])) {
-			exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname $username -s /bin/false");
+			exec("useradd -d ".escapeshellcmd($data["new"]["document_root"])." -g $groupname -G sshusers $username -s /bin/false");
 			$app->log("Adding the user: $username",LOGLEVEL_DEBUG);
 		}
 		
@@ -459,7 +459,6 @@
 			exec("setquota -T -u $username 604800 604800 -a &> /dev/null");
 		}
 		
-		
 		if($this->action == 'insert') {
 			// Chown and chmod the directories below the document root
 			exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));
@@ -468,8 +467,35 @@
 			exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]));
 		}
 		
-		// make temp direcory writable for the apache user and the website user
-		exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
+		
+		
+		// If the security level is set to high
+		if($web_config['security_level'] == 20) {
+			
+			exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"]."/"));
+			exec("chmod 711 ".escapeshellcmd($data["new"]["document_root"])."/*");
+			exec("chmod 710 ".escapeshellcmd($data["new"]["document_root"]."/web"));
+			
+			// make temp direcory writable for the apache user and the website user
+			exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
+			
+			$command = 'usermod';
+			$command .= ' --groups sshusers';
+			$command .= ' '.escapeshellcmd($data["new"]["system_user"]);
+			exec($command);
+			
+			//* add the apache user to the client group
+			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));
+			
+		// If the security Level is set to medium
+		} else {
+		
+			exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
+			exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*"));
+		
+			// make temp direcory writable for the apache user and the website user
+			exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));
+		}
 		
 		
 		// Create the vhost config file
@@ -482,6 +508,7 @@
 		$vhost_data["web_document_root"] = $data["new"]["document_root"]."/web";
 		$vhost_data["web_document_root_www"] = $web_config["website_basedir"]."/".$data["new"]["domain"]."/web";
 		$vhost_data["web_basedir"] = $web_config["website_basedir"];
+		$vhost_data["security_level"] = $web_config["security_level"];
 		
 		// Check if a SSL cert exists
 		$ssl_dir = $data["new"]["document_root"]."/ssl";
@@ -631,6 +658,7 @@
 			$fcgi_tpl->setVar('php_fcgi_children',$fastcgi_config["fastcgi_children"]);
 			$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
 			$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
+			$fcgi_tpl->setVar('security_level',$web_config["security_level"]);
 				
 			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
 			file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
@@ -682,6 +710,7 @@
 			// This will NOT work!
 			//$cgi_tpl->setVar('open_basedir', "/var/www/" . $data["new"]["domain"]);
 			$cgi_tpl->setVar('php_cgi_bin',$cgi_config["cgi_bin"]);
+			$cgi_tpl->setVar('security_level',$web_config["security_level"]);
 
 			$cgi_starter_script = escapeshellcmd($cgi_starter_path.$cgi_config["cgi_starter_script"]);
 			file_put_contents($cgi_starter_script,$cgi_tpl->grab());
@@ -727,7 +756,7 @@
 		}
 		
 		//* Create .htaccess and .htpasswd file for website statistics
-		if(!is_file($data["new"]["document_root"].'/web/stats/.htaccess')) {
+		if(!is_file($data["new"]["document_root"].'/web/stats/.htaccess') or $data["old"]["document_root"] != $data["new"]["document_root"]) {
 			if(!is_dir($data["new"]["document_root"].'/web/stats')) mkdir($data["new"]["document_root"].'/web/stats');
 			$ht_file = "AuthType Basic\nAuthName \"Members Only\"\nAuthUserFile ".$data["new"]["document_root"]."/.htpasswd_stats\n<limit GET PUT POST>\nrequire valid-user\n</limit>";
 			file_put_contents($data["new"]["document_root"].'/web/stats/.htaccess',$ht_file);
@@ -749,6 +778,9 @@
 		// request a httpd reload when all records have been processed
 		$app->services->restartServiceDelayed('httpd','reload');
 		
+		//* Unset action to clean it for next processed vhost.
+		$this->action = '';
+		
 	}
 	
 	function delete($event_name,$data) {

--
Gitblit v1.9.1