gitlabFork/ISPConfig3.git - Solinfo Gitblit

			@@ -463,13 +463,17 @@
			// Chown and chmod the directories below the document root
			exec("chown -R $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));

			// The document root itself has to be owned by root
			// The document root itself has to be owned by root in normal level and by the web owner in security level 20
			if($web_config['security_level'] == 20) {
			exec("chown $username:$groupname ".escapeshellcmd($data["new"]["document_root"]));
			} else {
			exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]));
			}
			}



			// If the security level is set to high
			//* If the security level is set to high
			if($web_config['security_level'] == 20) {

			exec("chmod 751 ".escapeshellcmd($data["new"]["document_root"]."/"));
			@@ -487,11 +491,25 @@
			//* add the apache user to the client group
			$app->system->add_user_to_group($groupname, escapeshellcmd($web_config['user']));

			/*
			* Workaround for jailkit: If jailkit is enabled for the site, the
			* website root has to be owned by the root user and we have to chmod it to 755 then
			*/

			//* Check if there is a jailkit user for this site
			$tmp = $app->db->queryOneRecord("SELECT count(shell_user_id) as number FROM shell_user WHERE parent_domain_id = ".$data["new"]["domain_id"]." AND chroot = 'jailkit'");
			if($tmp['number'] > 0) {
			exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
			exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/"));
			}
			unset($tmp);

			// If the security Level is set to medium
			} else {

			exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/"));
			exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"]."/*"));
			exec("chown root:root ".escapeshellcmd($data["new"]["document_root"]."/"));

			// make temp direcory writable for the apache user and the website user
			exec("chmod 777 ".escapeshellcmd($data["new"]["document_root"]."/tmp"));

			@@ -85,6 +85,8 @@
			$this->app = $app;
			$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');

			$this->_update_website_security_level();

			$this->_setup_jailkit_chroot();

			$command .= 'usermod -U '.escapeshellcmd($data['new']['username']);
			@@ -119,6 +121,8 @@
			$this->data = $data;
			$this->app = $app;
			$this->jailkit_config = $app->getconf->get_server_config($conf["server_id"], 'jailkit');

			$this->_update_website_security_level();

			$this->_setup_jailkit_chroot();
			$this->_add_jailkit_user();
			@@ -263,6 +267,25 @@
			$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
			}

			//* Update the website root directory permissions depending on the security level
			function _update_website_security_level() {
			global $app,$conf;

			// load the server configuration options
			$app->uses("getconf");
			$web_config = $app->getconf->get_server_config($conf["server_id"], 'web');

			// Get the parent website of this shell user
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$this->data['new']['parent_domain_id']);

			//* If the security level is set to high
			if($web_config['security_level'] == 20) {
			exec("chmod 755 ".escapeshellcmd($web["document_root"]."/"));
			exec("chown root:root ".escapeshellcmd($web["document_root"]."/"));
			}

			}



			} // end class

	server/plugins-available/apache2_plugin.inc.php	22 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_jailkit_plugin.inc.php	23 ●●●●● patch \| view \| raw \| blame \| history