From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.
---
install/dist/lib/opensuse.lib.php | 438 ++++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 369 insertions(+), 69 deletions(-)
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index ae5dc76..248cf61 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -66,6 +66,9 @@
//* mysql-virtual_relaydomains.cf
$this->process_postfix_config('mysql-virtual_relaydomains.cf');
+
+ //* mysql-virtual_relayrecipientmaps.cf
+ $this->process_postfix_config('mysql-virtual_relayrecipientmaps.cf');
//* Changing mode and group of the new created config files.
caselog('chmod o= '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
@@ -73,17 +76,29 @@
caselog('chgrp '.$cf['group'].' '.$config_dir.'/mysql-virtual_*.cf* &> /dev/null',
__FILE__, __LINE__, 'chgrp on mysql-virtual_*.cf*', 'chgrp on mysql-virtual_*.cf* failed');
+ if(!is_dir($cf['vmail_mailbox_base'])) mkdir($cf['vmail_mailbox_base']);
+
//* Creating virtual mail user and group
- $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
- if(!is_group($cf['vmail_groupname'])) caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
- $command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
- if(!is_user($cf['vmail_username'])) caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
-
+ if(is_group($cf['vmail_groupname'])) {
+ $command = 'groupmod -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ } else {
+ $command = 'groupadd -g '.$cf['vmail_groupid'].' '.$cf['vmail_groupname'];
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ }
+
+ if(is_user($cf['vmail_username'])) {
+ $command = 'usermod -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' -d '.$cf['vmail_mailbox_base'].' -s /bin/bash '.$cf['vmail_username'];
+ caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ } else {
+ $command = 'useradd -g '.$cf['vmail_groupname'].' -u '.$cf['vmail_userid'].' '.$cf['vmail_username'].' -d '.$cf['vmail_mailbox_base'].' -m';
+ caselog("$command &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ }
+
+ if($cf['vmail_mailbox_base'] != '' && strlen($cf['vmail_mailbox_base']) >= 10 && $this->is_update === false) exec('chown -R '.$cf['vmail_username'].':'.$cf['vmail_groupname'].' '.$cf['vmail_mailbox_base']);
+
+ //* These postconf commands will be executed on installation and update
$postconf_commands = array (
- 'myhostname = '.$conf['hostname'],
- 'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
- 'mynetworks = 127.0.0.0/8 [::1]/128',
'virtual_alias_domains =',
'virtual_alias_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_forwardings.cf, mysql:'.$config_dir.'/mysql-virtual_email2email.cf',
'virtual_mailbox_domains = proxy:mysql:'.$config_dir.'/mysql-virtual_domains.cf',
@@ -101,12 +116,7 @@
'smtpd_tls_key_file = '.$config_dir.'/smtpd.key',
'transport_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_transports.cf',
'relay_domains = mysql:'.$config_dir.'/mysql-virtual_relaydomains.cf',
- 'virtual_create_maildirsize = yes',
- 'virtual_maildir_extended = yes',
- 'virtual_mailbox_limit_maps = proxy:mysql:'.$config_dir.'/mysql-virtual_mailbox_limit_maps.cf',
- 'virtual_mailbox_limit_override = yes',
- 'virtual_maildir_limit_message = "The user you are trying to reach is over quota."',
- 'virtual_overquota_bounce = yes',
+ 'relay_recipient_maps = mysql:'.$config_dir.'/mysql-virtual_relayrecipientmaps.cf',
'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps',
'smtpd_sender_restrictions = check_sender_access mysql:'.$config_dir.'/mysql-virtual_sender.cf',
'smtpd_client_restrictions = check_client_access mysql:'.$config_dir.'/mysql-virtual_client.cf',
@@ -119,6 +129,15 @@
'body_checks = regexp:'.$config_dir.'/body_checks',
'inet_interfaces = all'
);
+
+ //* These postconf commands will be executed on installation only
+ if($this->is_update == false) {
+ $postconf_commands = array_merge($postconf_commands,array(
+ 'myhostname = '.$conf['hostname'],
+ 'mydestination = '.$conf['hostname'].', localhost, localhost.localdomain',
+ 'mynetworks = 127.0.0.0/8 [::1]/128'
+ ));
+ }
//* Create the header and body check files
touch($config_dir.'/header_checks');
@@ -161,12 +180,15 @@
$content = rf($configfile);
$content = str_replace(' flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}',
- ' flags=R user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
+ ' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
$content);
$content = str_replace(' flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}',
- ' flags=R user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
+ ' flags=DRhu user='.$cf['vmail_username'].' argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender}',
$content);
+
+ // enable tlsmanager
+ $content = str_replace('#tlsmgr unix - - n 1000? 1 tlsmgr','tlsmgr unix - - n 1000? 1 tlsmgr',$content);
wf($configfile, $content);
@@ -231,7 +253,7 @@
$content = str_replace('/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1','/sbin/startproc $AUTHD_BIN $SASLAUTHD_PARAMS -r -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS > /dev/null 2>&1',$content);
- wf($configfile,$content);
+ if(is_file($configfile)) wf($configfile,$content);
@@ -252,6 +274,8 @@
$content = str_replace('{mysql_server_database}', $conf['mysql']['database'], $content);
$content = str_replace('{mysql_server_ip}', $conf['mysql']['ip'], $content);
wf("$pam/smtp", $content);
+ // On some OSes smtp is world readable which allows for reading database information. Removing world readable rights should have no effect.
+ if(is_file("$pam/smtp")) exec("chmod o= $pam/smtp");
//exec("chmod 660 $pam/smtp");
//exec("chown root:root $pam/smtp");
@@ -290,12 +314,93 @@
wf($configfile, $content);
}
+ public function configure_dovecot()
+ {
+ global $conf;
+
+ $config_dir = $conf['dovecot']['config_dir'];
+
+ //* Configure master.cf and add a line for deliver
+ if(is_file($config_dir.'/master.cf')){
+ copy($config_dir.'/master.cf', $config_dir.'/master.cf~2');
+ }
+ if(is_file($config_dir.'/master.cf~')){
+ exec('chmod 400 '.$config_dir.'/master.cf~2');
+ }
+ $content = rf($conf["postfix"]["config_dir"].'/master.cf');
+ // Only add the content if we had not addded it before
+ if(!stristr($content,"dovecot/deliver")) {
+ $deliver_content = 'dovecot unix - n n - - pipe'."\n".' flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}';
+ af($conf["postfix"]["config_dir"].'/master.cf',$deliver_content);
+ }
+ unset($content);
+ unset($deliver_content);
+
+
+ //* Reconfigure postfix to use dovecot authentication
+ // Adding the amavisd commands to the postfix configuration
+ $postconf_commands = array (
+ 'dovecot_destination_recipient_limit = 1',
+ 'virtual_transport = dovecot',
+ 'smtpd_sasl_type = dovecot',
+ 'smtpd_sasl_path = private/auth',
+ 'receive_override_options = no_address_mappings'
+ );
+
+ // Make a backup copy of the main.cf file
+ copy($conf["postfix"]["config_dir"].'/main.cf',$conf["postfix"]["config_dir"].'/main.cf~3');
+
+ // Executing the postconf commands
+ foreach($postconf_commands as $cmd) {
+ $command = "postconf -e '$cmd'";
+ caselog($command." &> /dev/null", __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ }
+
+ //* backup dovecot.conf
+ $configfile = 'dovecot.conf';
+ if(is_file("$config_dir/$configfile")){
+ copy("$config_dir/$configfile", "$config_dir/$configfile~");
+ }
+
+ //* Get the dovecot version
+ exec('dovecot --version',$tmp);
+ $parts = explode('.',trim($tmp[0]));
+ $dovecot_version = $parts[0];
+ unset($tmp);
+ unset($parts);
+
+ //* Copy dovecot configuration file
+ if($dovecot_version == 2) {
+ copy('tpl/opensuse_dovecot2.conf.master',$config_dir.'/'.$configfile);
+ } else {
+ copy('tpl/opensuse_dovecot.conf.master',$config_dir.'/'.$configfile);
+ }
+
+ //* dovecot-sql.conf
+ $configfile = 'dovecot-sql.conf';
+ if(is_file("$config_dir/$configfile")){
+ copy("$config_dir/$configfile", "$config_dir/$configfile~");
+ exec("chmod 400 $config_dir/$configfile~");
+ }
+
+ $content = rf("tpl/opensuse_dovecot-sql.conf.master");
+ $content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
+ $content = str_replace('{mysql_server_ispconfig_password}',$conf['mysql']['ispconfig_password'], $content);
+ $content = str_replace('{mysql_server_database}',$conf['mysql']['database'],$content);
+ $content = str_replace('{mysql_server_host}',$conf['mysql']['host'],$content);
+ wf("$config_dir/$configfile", $content);
+
+ exec("chmod 600 $config_dir/$configfile");
+ exec("chown root:root $config_dir/$configfile");
+
+ }
+
public function configure_amavis() {
global $conf;
// amavisd user config file
$configfile = 'opensuse_amavisd_conf';
- if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) copy($conf["amavis"]["config_dir"].'/amavisd.conf',$conf["courier"]["config_dir"].'/amavisd.conf~');
+ if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf')) @copy($conf["amavis"]["config_dir"].'/amavisd.conf',$conf["amavis"]["config_dir"].'/amavisd.conf~');
if(is_file($conf["amavis"]["config_dir"].'/amavisd.conf~')) exec('chmod 400 '.$conf["amavis"]["config_dir"].'/amavisd.conf~');
$content = rf("tpl/".$configfile.".master");
$content = str_replace('{mysql_server_ispconfig_user}',$conf['mysql']['ispconfig_user'],$content);
@@ -426,16 +531,22 @@
{
global $conf;
+ if($conf['apache']['installed'] == false) return;
//* Create the logging directory for the vhost logfiles
exec('mkdir -p /var/log/ispconfig/httpd');
//if(is_file('/etc/suphp.conf')) {
- replaceLine('/etc/suphp.conf','php=php','x-httpd-suphp=php:/srv/www/cgi-bin/php5',0,0);
+ replaceLine('/etc/suphp.conf','php=php','x-httpd-suphp="php:/srv/www/cgi-bin/php5"',0,0);
+ replaceLine('/etc/suphp.conf','php="php','x-httpd-suphp="php:/srv/www/cgi-bin/php5"',0,0);
replaceLine('/etc/suphp.conf','docroot=','docroot=/srv/www',0,0);
replaceLine('/etc/suphp.conf','umask=0077','umask=0022',0);
//}
- // Sites enabled and avaulable dirs
+ if(!file_exists('/srv/www/cgi-bin/php5') && file_exists('/srv/www/cgi-bin/php')) {
+ symlink('/srv/www/cgi-bin/php','/srv/www/cgi-bin/php5');
+ }
+
+ // Sites enabled and available dirs
exec('mkdir -p '.$conf['apache']['vhost_conf_enabled_dir']);
exec('mkdir -p '.$conf['apache']['vhost_conf_dir']);
@@ -450,14 +561,28 @@
$vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
//copy('tpl/apache_ispconfig.conf.master',$vhost_conf_dir.'/ispconfig.conf');
- $content = rf("tpl/apache_ispconfig.conf.master");
- $records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
- if(count($records) > 0) {
+ $content = rf('tpl/apache_ispconfig.conf.master');
+ $records = $this->db->queryAllRecords('SELECT * FROM '.$conf['mysql']['master_database'].'.server_ip WHERE server_id = '.$conf['server_id']." AND virtualhost = 'y'");
+
+ if(is_array($records) && count($records) > 0) {
foreach($records as $rec) {
- $content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
- $content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
+ if($rec['ip_type'] == 'IPv6') {
+ $ip_address = '['.$rec['ip_address'].']';
+ } else {
+ $ip_address = $rec['ip_address'];
+ }
+ $ports = explode(',',$rec['virtualhost_port']);
+ if(is_array($ports)) {
+ foreach($ports as $port) {
+ $port = intval($port);
+ if($port > 0 && $port < 65536 && $ip_address != '') {
+ $content .= 'NameVirtualHost '.$ip_address.":".$port."\n";
+ }
+ }
+ }
}
}
+
$content .= "\n";
wf($vhost_conf_dir.'/ispconfig.conf',$content);
@@ -465,10 +590,83 @@
exec("ln -s ".$vhost_conf_dir."/ispconfig.conf ".$vhost_conf_enabled_dir."/000-ispconfig.conf");
}
+ //* make sure that webalizer finds its config file when it is directly in /etc
+ if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
+ exec('mkdir /etc/webalizer');
+ exec('ln -s /etc/webalizer.conf /etc/webalizer/webalizer.conf');
+ }
+
+ if(is_file('/etc/webalizer/webalizer.conf')) {
+ // Change webalizer mode to incremental
+ replaceLine('/etc/webalizer/webalizer.conf','#IncrementalName','IncrementalName webalizer.current',0,0);
+ replaceLine('/etc/webalizer/webalizer.conf','#Incremental','Incremental yes',0,0);
+ replaceLine('/etc/webalizer/webalizer.conf','#HistoryName','HistoryName webalizer.hist',0,0);
+ }
+
//* add a sshusers group
$command = 'groupadd sshusers';
if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ }
+
+ public function configure_nginx(){
+ global $conf;
+
+ if($conf['nginx']['installed'] == false) return;
+ //* Create the logging directory for the vhost logfiles
+ if(!@is_dir($conf['ispconfig_log_dir'].'/httpd')) mkdir($conf['ispconfig_log_dir'].'/httpd', 0755, true);
+
+ // Sites enabled and available dirs
+ exec('mkdir -p '.$conf['nginx']['vhost_conf_enabled_dir']);
+ exec('mkdir -p '.$conf['nginx']['vhost_conf_dir']);
+
+ $content = rf('/etc/nginx/nginx.conf');
+ if(stripos($content, 'include /etc/nginx/sites-enabled/*.vhost;') === false){
+ $content = trim($content);
+ $content = substr($content,0,-1)."\n include /etc/nginx/sites-enabled/*.vhost;\n}";
+ wf('/etc/nginx/nginx.conf',$content);
+ }
+ unset($content);
+
+ // create PHP-FPM pool dir
+ exec('mkdir -p '.$conf['nginx']['php_fpm_pool_dir']);
+
+ $content = rf('/etc/php5/fpm/php-fpm.conf');
+ if(stripos($content, 'include=/etc/php5/fpm/pool.d/*.conf') === false){
+ af('/etc/php5/fpm/php-fpm.conf',"\ninclude=/etc/php5/fpm/pool.d/*.conf");
+ }
+ unset($content);
+ if(!@is_file($conf['nginx']['php_fpm_ini_path'])){
+ if(@is_file('/etc/php5/cli/php.ini')){
+ exec('cp -f /etc/php5/cli/php.ini '.$conf['nginx']['php_fpm_ini_path']);
+ } elseif(@is_file('/etc/php5/fastcgi/php.ini')){
+ exec('cp -f /etc/php5/fastcgi/php.ini '.$conf['nginx']['php_fpm_ini_path']);
+ } elseif(@is_file('/etc/php5/apache2/php.ini')){
+ exec('cp -f /etc/php5/apache2/php.ini '.$conf['nginx']['php_fpm_ini_path']);
+ }
+ }
+
+ //* make sure that webalizer finds its config file when it is directly in /etc
+ if(@is_file('/etc/webalizer.conf') && !@is_dir('/etc/webalizer')) {
+ mkdir('/etc/webalizer');
+ symlink('/etc/webalizer.conf','/etc/webalizer/webalizer.conf');
+ }
+
+ if(is_file('/etc/webalizer/webalizer.conf')) {
+ // Change webalizer mode to incremental
+ replaceLine('/etc/webalizer/webalizer.conf','#IncrementalName','IncrementalName webalizer.current',0,0);
+ replaceLine('/etc/webalizer/webalizer.conf','#Incremental','Incremental yes',0,0);
+ replaceLine('/etc/webalizer/webalizer.conf','#HistoryName','HistoryName webalizer.hist',0,0);
+ }
+
+ // Check the awsatst script
+ if(!is_dir('/usr/share/awstats/tools')) exec('mkdir -p /usr/share/awstats/tools');
+ if(!file_exists('/usr/share/awstats/tools/awstats_buildstaticpages.pl') && file_exists('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl')) symlink('/usr/share/doc/awstats/examples/awstats_buildstaticpages.pl','/usr/share/awstats/tools/awstats_buildstaticpages.pl');
+ if(file_exists('/etc/awstats/awstats.conf.local')) replaceLine('/etc/awstats/awstats.conf.local','LogFormat=4','LogFormat=1',0,1);
+
+ //* add a sshusers group
+ $command = 'groupadd sshusers';
+ if(!is_group('sshusers')) caselog($command.' &> /dev/null 2> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
}
public function configure_firewall()
@@ -489,7 +687,7 @@
$tcp_public_services = '';
$udp_public_services = '';
- $row = $this->db->queryOneRecord("SELECT * FROM firewall WHERE server_id = ".intval($conf['server_id']));
+ $row = $this->db->queryOneRecord('SELECT * FROM '.$conf["mysql"]["database"].'.firewall WHERE server_id = '.intval($conf['server_id']));
if(trim($row["tcp_port"]) != '' || trim($row["udp_port"]) != ''){
$tcp_public_services = trim(str_replace(',',' ',$row["tcp_port"]));
@@ -531,8 +729,7 @@
unset($iptables_location);
}
-
-
+
public function install_ispconfig()
{
global $conf;
@@ -584,6 +781,7 @@
$content = str_replace('{server_id}', $conf['server_id'], $content);
$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
$content = str_replace('{language}', $conf['language'], $content);
+ $content = str_replace('{timezone}', $conf['timezone'], $content);
wf("$install_dir/interface/lib/$configfile", $content);
@@ -606,9 +804,16 @@
$content = str_replace('{server_id}', $conf['server_id'], $content);
$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
$content = str_replace('{language}', $conf['language'], $content);
+ $content = str_replace('{timezone}', $conf['timezone'], $content);
wf("$install_dir/server/lib/$configfile", $content);
+ //* Create the config file for remote-actions (but only, if it does not exist, because
+ // the value is a autoinc-value and so changed by the remoteaction_core_module
+ if (!file_exists($install_dir.'/server/lib/remote_action.inc.php')) {
+ $content = '<?php' . "\n" . '$maxid_remote_action = 0;' . "\n" . '?>';
+ wf($install_dir.'/server/lib/remote_action.inc.php', $content);
+ }
//* Enable the server modules and plugins.
// TODO: Implement a selector which modules and plugins shall be enabled.
@@ -637,6 +842,8 @@
if (is_dir($dir)) {
if ($dh = opendir($dir)) {
while (($file = readdir($dh)) !== false) {
+ if($conf['apache']['installed'] == true && $file == 'nginx_plugin.inc.php') continue;
+ if($conf['nginx']['installed'] == true && $file == 'apache2_plugin.inc.php') continue;
if($file != '.' && $file != '..' && substr($file,-8,8) == '.inc.php') {
include_once($install_dir.'/server/plugins-available/'.$file);
$plugin_name = substr($file,0,-8);
@@ -700,6 +907,10 @@
}
}
+ //* Make the APS directories group writable
+ exec("chmod -R 770 $install_dir/interface/web/sites/aps_meta_packages");
+ exec("chmod -R 770 $install_dir/server/aps_packages");
+
//* make sure that the server config file (not the interface one) is only readable by the root user
exec("chmod 600 $install_dir/server/lib/$configfile");
exec("chown root:root $install_dir/server/lib/$configfile");
@@ -711,57 +922,134 @@
// TODO: FIXME: add the www-data user to the ispconfig group. This is just for testing
// and must be fixed as this will allow the apache user to read the ispconfig files.
// Later this must run as own apache server or via suexec!
- $command = 'groupmod --add-user wwwrun ispconfig';
- caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ if($conf['apache']['installed'] == true){
+ $command = 'groupmod --add-user '.$conf['apache']['user'].' ispconfig';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ if(is_group('ispapps')){
+ $command = 'groupmod --add-user '.$conf['apache']['user'].' ispapps';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ }
+ }
+ if($conf['nginx']['installed'] == true){
+ $command = 'groupmod --add-user '.$conf['nginx']['user'].' ispconfig';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ if(is_group('ispapps')){
+ $command = 'groupmod --add-user '.$conf['nginx']['user'].' ispapps';
+ caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
+ }
+ }
//* Make the shell scripts executable
$command = "chmod +x $install_dir/server/scripts/*.sh";
caselog($command.' &> /dev/null', __FILE__, __LINE__, "EXECUTED: $command", "Failed to execute the command $command");
- //* Copy the ISPConfig vhost for the controlpanel
- // TODO: These are missing! should they be "vhost_dist_*_dir" ?
- $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
- $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
+
+ if($conf['apache']['installed'] == true && $this->install_ispconfig_interface == true){
+ //* Copy the ISPConfig vhost for the controlpanel
+ // TODO: These are missing! should they be "vhost_dist_*_dir" ?
+ $vhost_conf_dir = $conf['apache']['vhost_conf_dir'];
+ $vhost_conf_enabled_dir = $conf['apache']['vhost_conf_enabled_dir'];
- // Dont just copy over the virtualhost template but add some custom settings
+ // Dont just copy over the virtualhost template but add some custom settings
- $content = rf("tpl/apache_ispconfig.vhost.master");
- $content = str_replace('{vhost_port}', $conf['apache']['vhost_port'], $content);
+ $content = rf("tpl/apache_ispconfig.vhost.master");
+ $content = str_replace('{vhost_port}', $conf['apache']['vhost_port'], $content);
- // comment out the listen directive if port is 80 or 443
- if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
- $content = str_replace('{vhost_port_listen}', '#', $content);
- } else {
- $content = str_replace('{vhost_port_listen}', '', $content);
- }
+ // comment out the listen directive if port is 80 or 443
+ if($conf['apache']['vhost_port'] == 80 or $conf['apache']['vhost_port'] == 443) {
+ $content = str_replace('{vhost_port_listen}', '#', $content);
+ } else {
+ $content = str_replace('{vhost_port_listen}', '', $content);
+ }
- $content = str_replace('/var/www/', '/srv/www/', $content);
+ if(is_file('/usr/local/ispconfig/interface/ssl/ispserver.crt') && is_file('/usr/local/ispconfig/interface/ssl/ispserver.key')) {
+ $content = str_replace('{ssl_comment}', '', $content);
+ } else {
+ $content = str_replace('{ssl_comment}', '#', $content);
+ }
- wf("$vhost_conf_dir/ispconfig.vhost", $content);
+ $content = str_replace('/var/www/', '/srv/www/', $content);
- if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
- exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
- exec('cp tpl/apache_ispconfig_fcgi_starter.master /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
- exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
- exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
- exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
+ wf("$vhost_conf_dir/ispconfig.vhost", $content);
+
+ if(!is_file('/srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter')) {
+ exec('mkdir -p /srv/www/php-fcgi-scripts/ispconfig');
+ exec('cp tpl/apache_ispconfig_fcgi_starter.master /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
+ exec('chmod +x /srv/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter');
+ exec('ln -s /usr/local/ispconfig/interface/web /srv/www/ispconfig');
+ exec('chown -R ispconfig:ispconfig /srv/www/php-fcgi-scripts/ispconfig');
- }
+ }
- //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
- //* and create the symlink
- if($this->install_ispconfig_interface == true && $this->is_update == false) {
- if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
- if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
- exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
+ //copy('tpl/apache_ispconfig.vhost.master', "$vhost_conf_dir/ispconfig.vhost");
+ //* and create the symlink
+ if($this->is_update == false) {
+ if(@is_link("$vhost_conf_enabled_dir/ispconfig.vhost")) unlink("$vhost_conf_enabled_dir/ispconfig.vhost");
+ if(!@is_link("$vhost_conf_enabled_dir/000-ispconfig.vhost")) {
+ exec("ln -s $vhost_conf_dir/ispconfig.vhost $vhost_conf_enabled_dir/000-ispconfig.vhost");
+ }
+
+ }
+
+ // Fix a setting in vhost master file for suse
+ replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master',"suPHP_UserGroup"," suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>",0);
+ }
+
+ if($conf['nginx']['installed'] == true && $this->install_ispconfig_interface == true){
+ //* Copy the ISPConfig vhost for the controlpanel
+ $vhost_conf_dir = $conf['nginx']['vhost_conf_dir'];
+ $vhost_conf_enabled_dir = $conf['nginx']['vhost_conf_enabled_dir'];
+
+ // Dont just copy over the virtualhost template but add some custom settings
+ $content = rf('tpl/nginx_ispconfig.vhost.master');
+ $content = str_replace('{vhost_port}', $conf['nginx']['vhost_port'], $content);
+
+ if(is_file($install_dir.'/interface/ssl/ispserver.crt') && is_file($install_dir.'/interface/ssl/ispserver.key')) {
+ $content = str_replace('{ssl_on}', ' ssl', $content);
+ $content = str_replace('{ssl_comment}', '', $content);
+ $content = str_replace('{fastcgi_ssl}', 'on', $content);
+ } else {
+ $content = str_replace('{ssl_on}', '', $content);
+ $content = str_replace('{ssl_comment}', '#', $content);
+ $content = str_replace('{fastcgi_ssl}', 'off', $content);
}
+ $socket_dir = escapeshellcmd($conf['nginx']['php_fpm_socket_dir']);
+ if(substr($socket_dir,-1) != '/') $socket_dir .= '/';
+ if(!is_dir($socket_dir)) exec('mkdir -p '.$socket_dir);
+ $fpm_socket = $socket_dir.'ispconfig.sock';
+
+ //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
+ $content = str_replace('{fpm_socket}', $fpm_socket, $content);
+
+ wf($vhost_conf_dir.'/ispconfig.vhost', $content);
+
+ unset($content);
+
+ // PHP-FPM
+ // Dont just copy over the php-fpm pool template but add some custom settings
+ $content = rf('tpl/php_fpm_pool.conf.master');
+ $content = str_replace('{fpm_pool}', 'ispconfig', $content);
+ //$content = str_replace('{fpm_port}', $conf['nginx']['php_fpm_start_port'], $content);
+ $content = str_replace('{fpm_socket}', $fpm_socket, $content);
+ $content = str_replace('{fpm_user}', 'ispconfig', $content);
+ $content = str_replace('{fpm_group}', 'ispconfig', $content);
+ wf($conf['nginx']['php_fpm_pool_dir'].'/ispconfig.conf', $content);
+
+ //copy('tpl/nginx_ispconfig.vhost.master', $vhost_conf_dir.'/ispconfig.vhost');
+ //* and create the symlink
+ if($this->is_update == false) {
+ if(@is_link($vhost_conf_enabled_dir.'/ispconfig.vhost')) unlink($vhost_conf_enabled_dir.'/ispconfig.vhost');
+ if(!@is_link($vhost_conf_enabled_dir.'/000-ispconfig.vhost')) {
+ symlink($vhost_conf_dir.'/ispconfig.vhost',$vhost_conf_enabled_dir.'/000-ispconfig.vhost');
+ }
+ }
+
+ // create symlinks from /usr/share to phpMyAdmin and SquirrelMail, if they are installed
+ if(!@file_exists('/usr/share/phpmyadmin') && @is_dir('/srv/www/htdocs/phpMyAdmin')) symlink('/srv/www/htdocs/phpMyAdmin/','/usr/share/phpmyadmin');
+ if(!@file_exists('/usr/share/squirrelmail') && @is_dir('/srv/www/htdocs/squirrelmail')) symlink('/srv/www/htdocs/squirrelmail/','/usr/share/squirrelmail');
}
-
- // Fix a setting in vhost master file for suse
- replaceLine('/usr/local/ispconfig/server/conf/vhost.conf.master',"suPHP_UserGroup"," suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>",0);
-
// Make the Clamav log files readable by ISPConfig
@@ -794,12 +1082,19 @@
exec('chmod a+rx /usr/local/ispconfig/interface/web');
//* Create the ispconfig log directory
- if(!is_dir('/var/log/ispconfig')) mkdir('/var/log/ispconfig');
- if(!is_file('/var/log/ispconfig/ispconfig.log')) exec('touch /var/log/ispconfig/ispconfig.log');
+ if(!is_dir($conf['ispconfig_log_dir'])) mkdir($conf['ispconfig_log_dir']);
+ if(!is_file($conf['ispconfig_log_dir'].'/ispconfig.log')) exec('touch '.$conf['ispconfig_log_dir'].'/ispconfig.log');
- exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
- exec('chown getmail /usr/local/bin/run-getmail.sh');
- exec('chmod 744 /usr/local/bin/run-getmail.sh');
+ if(is_user('getmail')) {
+ exec('mv /usr/local/ispconfig/server/scripts/run-getmail.sh /usr/local/bin/run-getmail.sh');
+ exec('chown getmail /usr/local/bin/run-getmail.sh');
+ exec('chmod 744 /usr/local/bin/run-getmail.sh');
+ }
+
+ if(is_dir($install_dir.'/interface/invoices')) {
+ exec('chmod -R 770 '.escapeshellarg($install_dir.'/interface/invoices'));
+ exec('chown -R ispconfig:ispconfig '.escapeshellarg($install_dir.'/interface/invoices'));
+ }
}
@@ -845,6 +1140,11 @@
'* * * * * /usr/local/ispconfig/server/server.sh &> /dev/null',
'30 00 * * * /usr/local/ispconfig/server/cron_daily.sh &> /dev/null'
);
+
+ if ($conf['nginx']['installed'] == true) {
+ $root_cron_jobs[] = "0 0 * * * /usr/local/ispconfig/server/scripts/create_daily_nginx_access_logs.sh &> /dev/null";
+ }
+
foreach($root_cron_jobs as $cron_job) {
if(!in_array($cron_job."\n", $existing_root_cron_jobs)) {
$existing_root_cron_jobs[] = $cron_job."\n";
@@ -885,4 +1185,4 @@
}
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1