From f5ea1b4fc06009b47d0647ca36d6bf8f1081680b Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 08 Sep 2011 10:28:07 -0400
Subject: [PATCH] Implemented: FS#1418 - Change optionally the owner of the backup dir to the website user - Added Limit fields for openvz in the database - Limited several vm functions to be used by admin only.

---
 interface/web/vm/openvz_template_del.php    |    1 +
 interface/web/vm/openvz_ostemplate_edit.php |    1 +
 interface/web/vm/openvz_ip_del.php          |    1 +
 interface/web/vm/form/openvz_vm.tform.php   |    2 ++
 interface/web/vm/openvz_template_list.php   |    1 +
 install/sql/ispconfig3.sql                  |    4 +++-
 interface/web/vm/lib/module.conf.php        |    3 ++-
 interface/web/vm/openvz_template_edit.php   |    1 +
 interface/web/vm/openvz_ip_edit.php         |    1 +
 interface/web/vm/openvz_ostemplate_del.php  |    1 +
 interface/web/vm/openvz_ostemplate_list.php |    1 +
 install/sql/incremental/upd_0015.sql        |    3 +++
 interface/web/vm/openvz_ip_list.php         |    1 +
 server/cron_daily.php                       |   21 +++++++++++++++------
 14 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/install/sql/incremental/upd_0015.sql b/install/sql/incremental/upd_0015.sql
new file mode 100644
index 0000000..e0aa23a
--- /dev/null
+++ b/install/sql/incremental/upd_0015.sql
@@ -0,0 +1,3 @@
+ALTER TABLE  `cron` CHANGE  `command`  `command` TEXT NOT NULL;
+ALTER TABLE  `client` ADD  `limit_openvz_vm` int(11) NOT NULL DEFAULT '0' AFTER  `limit_mailmailinglist` ,
+ADD  `limit_openvz_vm_template_id` int(11) NOT NULL DEFAULT '0' AFTER  `limit_openvz_vm`;
\ No newline at end of file
diff --git a/install/sql/ispconfig3.sql b/install/sql/ispconfig3.sql
index 93793cf..498d86b 100644
--- a/install/sql/ispconfig3.sql
+++ b/install/sql/ispconfig3.sql
@@ -130,6 +130,8 @@
   `limit_traffic_quota` int(11) NOT NULL DEFAULT '-1',
   `limit_client` int(11) NOT NULL DEFAULT '0',
   `limit_mailmailinglist` int(11) NOT NULL DEFAULT '-1',
+  `limit_openvz_vm` int(11) NOT NULL DEFAULT '0',
+  `limit_openvz_vm_template` int(11) NOT NULL DEFAULT '0',
   `parent_client_id` int(11) unsigned NOT NULL DEFAULT '0',
   `username` varchar(64) DEFAULT NULL,
   `password` varchar(64) DEFAULT NULL,
@@ -222,7 +224,7 @@
   `server_id` int(11) unsigned NOT NULL default '0',
   `parent_domain_id` int(11) unsigned NOT NULL default '0',
   `type` enum('url','chrooted','full') NOT NULL default 'url',
-  `command` varchar(255) NOT NULL,
+  `command` TEXT NOT NULL,
   `run_min` varchar(100) NULL,
   `run_hour` varchar(100) NULL,
   `run_mday` varchar(100) NULL,
diff --git a/interface/web/vm/form/openvz_vm.tform.php b/interface/web/vm/form/openvz_vm.tform.php
index 0077ef2..3a93fb1 100644
--- a/interface/web/vm/form/openvz_vm.tform.php
+++ b/interface/web/vm/form/openvz_vm.tform.php
@@ -164,6 +164,7 @@
 	)
 );
 
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
 $form["tabs"]['advanced'] = array (
 	'title' 	=> "Advanced",
 	'width' 	=> 100,
@@ -292,6 +293,7 @@
 	##################################
 	)
 );
+}
 
 
 ?>
\ No newline at end of file
diff --git a/interface/web/vm/lib/module.conf.php b/interface/web/vm/lib/module.conf.php
index 5d0e2c8..6d0ffec 100644
--- a/interface/web/vm/lib/module.conf.php
+++ b/interface/web/vm/lib/module.conf.php
@@ -14,6 +14,7 @@
 				  'link'	=> 'vm/openvz_vm_list.php',
 				  'html_id' => 'openvz_vm_list');
 
+if($_SESSION["s"]["user"]["typ"] == 'admin') {
 $items[] = array( 'title' 	=> 'OS Templates',
 				  'target' 	=> 'content',
 				  'link'	=> 'vm/openvz_ostemplate_list.php',
@@ -28,7 +29,7 @@
 				  'target' 	=> 'content',
 				  'link'	=> 'vm/openvz_ip_list.php',
 				  'html_id' => 'openvz_ip_list');
-
+}
 if(count($items))
 {
 	$module['nav'][] = array(	'title'	=> 'OpenVZ',
diff --git a/interface/web/vm/openvz_ip_del.php b/interface/web/vm/openvz_ip_del.php
index ce4ce27..bd97041 100644
--- a/interface/web/vm/openvz_ip_del.php
+++ b/interface/web/vm/openvz_ip_del.php
@@ -44,6 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');
diff --git a/interface/web/vm/openvz_ip_edit.php b/interface/web/vm/openvz_ip_edit.php
index 7a79244..8fbd0f2 100644
--- a/interface/web/vm/openvz_ip_edit.php
+++ b/interface/web/vm/openvz_ip_edit.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 // Loading classes
 $app->uses('tpl,tform');
diff --git a/interface/web/vm/openvz_ip_list.php b/interface/web/vm/openvz_ip_list.php
index 7f67cec..2a63788 100644
--- a/interface/web/vm/openvz_ip_list.php
+++ b/interface/web/vm/openvz_ip_list.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 $app->uses('listform_actions');
 
diff --git a/interface/web/vm/openvz_ostemplate_del.php b/interface/web/vm/openvz_ostemplate_del.php
index dec96f5..cc54dbd 100644
--- a/interface/web/vm/openvz_ostemplate_del.php
+++ b/interface/web/vm/openvz_ostemplate_del.php
@@ -44,6 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');
diff --git a/interface/web/vm/openvz_ostemplate_edit.php b/interface/web/vm/openvz_ostemplate_edit.php
index 09a9598..697ab4c 100644
--- a/interface/web/vm/openvz_ostemplate_edit.php
+++ b/interface/web/vm/openvz_ostemplate_edit.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 // Loading classes
 $app->uses('tpl,tform');
diff --git a/interface/web/vm/openvz_ostemplate_list.php b/interface/web/vm/openvz_ostemplate_list.php
index f6f2a70..00d2ee4 100644
--- a/interface/web/vm/openvz_ostemplate_list.php
+++ b/interface/web/vm/openvz_ostemplate_list.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 $app->uses('listform_actions');
 
diff --git a/interface/web/vm/openvz_template_del.php b/interface/web/vm/openvz_template_del.php
index 3b672e7..09584e3 100644
--- a/interface/web/vm/openvz_template_del.php
+++ b/interface/web/vm/openvz_template_del.php
@@ -44,6 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');
diff --git a/interface/web/vm/openvz_template_edit.php b/interface/web/vm/openvz_template_edit.php
index 2c1247a..c074002 100644
--- a/interface/web/vm/openvz_template_edit.php
+++ b/interface/web/vm/openvz_template_edit.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 // Loading classes
 $app->uses('tpl,tform');
diff --git a/interface/web/vm/openvz_template_list.php b/interface/web/vm/openvz_template_list.php
index 0f47764..15bd907 100644
--- a/interface/web/vm/openvz_template_list.php
+++ b/interface/web/vm/openvz_template_list.php
@@ -43,6 +43,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('vm');
+if($_SESSION["s"]["user"]["typ"] != 'admin') die('permission denied');
 
 $app->uses('listform_actions');
 
diff --git a/server/cron_daily.php b/server/cron_daily.php
index d8a7b64..c62923b 100644
--- a/server/cron_daily.php
+++ b/server/cron_daily.php
@@ -501,12 +501,19 @@
 				$web_group = $rec['system_group'];
 				$web_id = $rec['domain_id'];
 				$web_backup_dir = $backup_dir.'/web'.$web_id;
-				if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0755);
-				
-				chmod($web_backup_dir, 0755);
-				chown($web_backup_dir, 'root');
-				chgrp($web_backup_dir, 'root');
+				if(!is_dir($web_backup_dir)) mkdir($web_backup_dir, 0750);
+				chmod($web_backup_dir, 0750); 
+				if(isset($server_config['backup_dir_ftpread']) && $server_config['backup_dir_ftpread'] == 'y') {
+					chown($web_backup_dir, $rec['system_user']); 
+					chgrp($web_backup_dir, $rec['system_group']);
+				} else {
+					chown($web_backup_dir, 'root');
+					chgrp($web_backup_dir, 'root');
+				}
 				exec('cd '.escapeshellarg($web_path).' && sudo -u '.escapeshellarg($web_user).' find . -group '.escapeshellarg($web_group).' -print | zip -y '.escapeshellarg($web_backup_dir.'/web.zip').' -@');
+				chown($web_backup_dir.'/web.zip', $rec['system_user']); 
+				chgrp($web_backup_dir.'/web.zip', $rec['system_group']);
+				chmod($web_backup_dir.'/web.zip', 0750);
 				
 				// Rename or remove old backups
 				$backup_copies = intval($rec['backup_copies']);
@@ -527,7 +534,9 @@
 				// Create backupdir symlink
 				if(is_link($web_path.'/backup')) unlink($web_path.'/backup');
 				symlink($web_backup_dir,$web_path.'/backup');
-				chmod($web_path.'/backup', 0755);
+				// chmod($web_path.'/backup', 0755);
+				chown($web_path.'/backup', $rec['system_user']); 
+				chgrp($web_path.'/backup', $rec['system_group']);
 				
 			}
 			

--
Gitblit v1.9.1