ISPConfig3 devel
parent: 911dbe82 | patch | commit | show whitespace
ftimme
2012-01-03 504203fc885d07cb31952cc48b9c17b186ae0dc7 
nginx Plugin:
=============
- Improved check for vhosts created with the remote API FS#1950
- Fixed: FS#1952 - Folders created by folder protection function belong to the root user
- Fixed website permission settings.
- Add option "set_folder_permissions_on_update" in server config to configure if folder permissions should be forced on web update.
- Fixed: FS#1934 - CentOS 6.1: cgi-bin: wrong folder permissions.
- Fixed: FS#1931 - Domain Rename Causes Vhost error.
- Fixed: FS#1831 - SSL Certificate setup fails unless you've visited the SSL tab in that session.
- Fixed a warning in nginx plugin.
1 files modified
43 ■■■■ changed files
server/plugins-available/nginx_plugin.inc.php 43 ●●●● patch | view | raw | blame | history 
 server/plugins-available/nginx_plugin.inc.php


@@ -531,18 +531,17 @@




        if($this->action == 'insert' || $data["new"]["system_user"] != $data["old"]["system_user"]) {


            // Chown and chmod the directories below the document root


            $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');


            // The document root itself has to be owned by root in normal level and by the web owner in security level 20


            if($web_config['security_level'] == 20) {


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']).'/web');


            } else {


                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']).'/web');


            }


        }








        //* If the security level is set to high


        if(($this->action == 'insert' && $data['new']['type'] == 'vhost') or ($web_config['set_folder_permissions_on_update'] == 'y' && $data['new']['type'] == 'vhost')) {


        if($web_config['security_level'] == 20) {




            $this->_exec('chmod 751 '.escapeshellcmd($data['new']['document_root']));


@@ -575,7 +574,13 @@


            //* add the nginx user to the client group


            $app->system->add_user_to_group($groupname, escapeshellcmd($web_config['nginx_user']));




                //* Chown all default directories


            $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root']));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/log'));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));


                $this->_exec('chown -R '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));




            /*


            * Workaround for jailkit: If jailkit is enabled for the site, the 


@@ -594,11 +599,21 @@


        } else {




            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root']));


            $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/*'));


            $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


                $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));


                $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/log'));


                $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/ssl'));


                $this->_exec('chmod 755 '.escapeshellcmd($data['new']['document_root'].'/web'));




            // make temp directory writable for nginx and the website users


            $this->_exec('chmod 777 '.escapeshellcmd($data['new']['document_root'].'/tmp'));


				


                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root']));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/cgi-bin'));


                $this->_exec('chown root:root '.escapeshellcmd($data['new']['document_root'].'/log'));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/tmp'));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/ssl'));


                $this->_exec('chown '.$username.':'.$groupname.' '.escapeshellcmd($data['new']['document_root'].'/web'));


            }


        }




        // Change the ownership of the error log to the owner of the website


@@ -924,7 +939,13 @@


            if($nginx_online_status_before_restart && !$nginx_online_status_after_restart) {


                $app->log('nginx did not restart after the configuration change for website '.$data['new']['domain'].' Reverting the configuration. Saved non-working config as '.$vhost_file.'.err',LOGLEVEL_WARN);


                copy($vhost_file,$vhost_file.'.err');


                if(is_file($vhost_file.'~')) {


                    //* Copy back the last backup file


                copy($vhost_file.'~',$vhost_file);


                } else {


                    //* There is no backup file, so we create a empty vhost file with a warning message inside


                    file_put_contents($vhost_file,"# nginx did not start after modifying this vhost file.\n# Please check file $vhost_file.err for syntax errors.");


                }


                $app->services->restartService('httpd','restart');


            }


        } else {


@@ -1118,12 +1139,18 @@


        }


        


        //* Create the folder path, if it does not exist


        if(!is_dir($folder_path)) exec('mkdir -p '.$folder_path);


        if(!is_dir($folder_path)) {


            exec('mkdir -p '.$folder_path);


            chown($folder_path,$website['system_user']);


            chgrp($folder_path,$website['system_group']);


        }


        


        //* Create empty .htpasswd file, if it does not exist


        if(!is_file($folder_path.'.htpasswd')) {


            touch($folder_path.'.htpasswd');


            chmod($folder_path.'.htpasswd',0755);


            chown($folder_path.'.htpasswd',$website['system_user']);


            chgrp($folder_path.'.htpasswd',$website['system_group']);


            $app->log('Created file'.$folder_path.'.htpasswd',LOGLEVEL_DEBUG);


        }