From 8d49ef2096c16994d2e7d38f022ec368c4cc998c Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 04 Jan 2012 08:43:41 -0500
Subject: [PATCH] Fixed: FS#1518 - uid/gid difference when mirroring mode Fixed: FS#1900 - Check if the membership of the web user in the sshusers group affects pure-ftpd virtualchroot
---
interface/web/admin/templates/server_config_web_edit.htm | 22 +++++++++-
server/plugins-available/apache2_plugin.inc.php | 33 ++++++++++++----
interface/web/admin/lib/lang/en_server_config.lng | 3 +
install/tpl/server.ini.master | 3 +
interface/web/admin/form/server_config.tform.php | 23 +++++++++++
5 files changed, 73 insertions(+), 11 deletions(-)
diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 36ec98d..deebcac 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -69,6 +69,9 @@
php_fpm_start_port=9010
php_fpm_socket_dir=/var/lib/php5-fpm
set_folder_permissions_on_update=y
+add_web_users_to_sshusers_group=y
+connect_userid_to_webid=n
+connect_userid_to_webid_start=10000
[dns]
bind_user=root
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 07aa128..b1e1d94 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -438,6 +438,12 @@
'default' => 'y',
'value' => array(0 => 'n', 1 => 'y')
),
+ 'add_web_users_to_sshusers_group' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'y',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
'check_apache_config' => array(
'datatype' => 'VARCHAR',
'formtype' => 'CHECKBOX',
@@ -472,6 +478,23 @@
'width' => '40',
'maxlength' => '255'
),
+ 'connect_userid_to_webid' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'CHECKBOX',
+ 'default' => 'n',
+ 'value' => array(0 => 'n', 1 => 'y')
+ ),
+ 'connect_userid_to_webid_start' => array(
+ 'datatype' => 'VARCHAR',
+ 'formtype' => 'TEXT',
+ 'default' => '10000',
+ 'validators' => array(0 => array('type' => 'ISINT',
+ 'errmsg' => 'connect_userid_to_webid_startid_isint'),
+ ),
+ 'value' => '',
+ 'width' => '40',
+ 'maxlength' => '255'
+ ),
'nginx_user' => array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 49fdc1d..b128c67 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -150,5 +150,8 @@
$wb["rescue_description_txt"] = '<b>Information:</b> If you want to shut down mysql you have to select the "Disable MySQL monitor" checkbox and then wait 2-3 minutes.<br>If you do not wait 2-3 minutes, rescue will try to restart mysql!';
$wb["enable_sni_txt"] = 'Enable SNI';
$wb["set_folder_permissions_on_update_txt"] = 'Set folder permissions on update';
+$wb["add_web_users_to_sshusers_group_txt"] = 'Add web users to -sshusers- group';
+$wb["connect_userid_to_webid_txt"] = 'Connect Linux userid to webid';
+$wb["connect_userid_to_webid_start_txt"] = 'Start ID for userid/webid connect';
?>
\ No newline at end of file
diff --git a/interface/web/admin/templates/server_config_web_edit.htm b/interface/web/admin/templates/server_config_web_edit.htm
index 944065a..da93a2e 100644
--- a/interface/web/admin/templates/server_config_web_edit.htm
+++ b/interface/web/admin/templates/server_config_web_edit.htm
@@ -69,19 +69,35 @@
{tmpl_var name='check_apache_config'}
</div>
</div>
+ <div class="ctrlHolder">
+ <p class="label">{tmpl_var name='enable_sni_txt'}</p>
+ <div class="multiField">
+ {tmpl_var name='enable_sni'}
+ </div>
+ </div>
<div class="ctrlHolder apache">
<p class="label">{tmpl_var name='set_folder_permissions_on_update_txt'}</p>
<div class="multiField">
{tmpl_var name='set_folder_permissions_on_update'}
</div>
</div>
- <div class="ctrlHolder">
- <p class="label">{tmpl_var name='enable_sni_txt'}</p>
+ <div class="ctrlHolder apache">
+ <p class="label">{tmpl_var name='add_web_users_to_sshusers_group_txt'}</p>
<div class="multiField">
- {tmpl_var name='enable_sni'}
+ {tmpl_var name='add_web_users_to_sshusers_group'}
</div>
</div>
<div class="ctrlHolder apache">
+ <p class="label">{tmpl_var name='connect_userid_to_webid_txt'}</p>
+ <div class="multiField">
+ {tmpl_var name='connect_userid_to_webid'}
+ </div>
+ </div>
+ <div class="ctrlHolder apache">
+ <label for="connect_userid_to_webid_start">{tmpl_var name='connect_userid_to_webid_start_txt'}</label>
+ <input name="connect_userid_to_webid_start" id="connect_userid_to_webid_start" value="{tmpl_var name='connect_userid_to_webid_start'}" size="40" maxlength="255" type="text" class="textInput" />
+ </div>
+ <div class="ctrlHolder apache">
<label for="user">{tmpl_var name='web_user_txt'}</label>
<input name="user" id="user" value="{tmpl_var name='user'}" size="40" maxlength="255" type="text" class="textInput" />
</div>
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 3cba835..ea215e4 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -291,18 +291,33 @@
// Create group and user, if not exist
$app->uses('system');
+
+ if($web_config['connect_userid_to_webid'] == 'y') {
+ $connect_userid_to_webid_start = ($web_config['connect_userid_to_webid_start'] < 1000)?1000:intval($web_config['connect_userid_to_webid_start']);
+ $fixed_uid_gid = intval($connect_userid_to_webid_start + $data['new']['domain_id']);
+ $fixed_uid_param = '--uid '.$fixed_uid_gid;
+ $fixed_gid_param = '--gid '.$fixed_uid_gid;
+ } else {
+ $fixed_uid_param = '';
+ $fixed_gid_param = '';
+ }
$groupname = escapeshellcmd($data['new']['system_group']);
if($data['new']['system_group'] != '' && !$app->system->is_group($data['new']['system_group'])) {
- exec('groupadd '.$groupname);
+ exec('groupadd '.$fixed_gid_param.' '.$groupname);
if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' groupadd '.$groupname);
$app->log('Adding the group: '.$groupname,LOGLEVEL_DEBUG);
}
$username = escapeshellcmd($data['new']['system_user']);
if($data['new']['system_user'] != '' && !$app->system->is_user($data['new']['system_user'])) {
- exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname -G sshusers $username -s /bin/false");
- if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname -G sshusers $username -s /bin/false");
+ if($web_config['add_web_users_to_sshusers_group'] == 'y') {
+ exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
+ if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param -G sshusers $username -s /bin/false");
+ } else {
+ exec('useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
+ if($apache_chrooted) $this->_exec('chroot '.escapeshellcmd($web_config['website_basedir']).' useradd -d '.escapeshellcmd($data['new']['document_root'])." -g $groupname $fixed_uid_param $username -s /bin/false");
+ }
$app->log('Adding the user: '.$username,LOGLEVEL_DEBUG);
}
@@ -565,11 +580,13 @@
// Set Log symlink to 755 to make the logs accessible by the FTP user
$this->_exec("chmod 755 ".escapeshellcmd($data["new"]["document_root"])."/log");
-
- $command = 'usermod';
- $command .= ' --groups sshusers';
- $command .= ' '.escapeshellcmd($data['new']['system_user']);
- $this->_exec($command);
+
+ if($web_config['add_web_users_to_sshusers_group'] == 'y') {
+ $command = 'usermod';
+ $command .= ' --groups sshusers';
+ $command .= ' '.escapeshellcmd($data['new']['system_user']);
+ $this->_exec($command);
+ }
//* if we have a chrooted Apache environment
if($apache_chrooted) {
--
Gitblit v1.9.1