From 366e0f6061588a0728d2735a5eeac8e5f77625bc Mon Sep 17 00:00:00 2001 From: "Michael Kaufmann (d00p)" Date: Mon, 22 Dec 2014 09:51:55 +0100 Subject: [PATCH] various permission fixes when using fcgid / fpm and customerdocroots having 0770 and sockets are 0660 Signed-off-by: Michael Kaufmann (d00p) --- admin_customers.php | 14 ++++++++++++++ scripts/jobs/cron_tasks.php | 16 ++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/admin_customers.php b/admin_customers.php index 1fd7f772..3c3a0c6e 100644 --- a/admin_customers.php +++ b/admin_customers.php @@ -833,7 +833,21 @@ if ($page == 'customers' 'guid' => $guid, 'members' => $loginname.','.Settings::Get('system.httpuser') ); + + // also, add froxlor-local user to ftp-group (if exists!) to + // allow access to customer-directories from within the panel, which + // is necessary when pathedit = Dropdown + if ((int)Settings::Get('system.mod_fcgid_ownvhost') == 1 || (int)Settings::Get('phpfpm.enabled_ownvhost') == 1) { + if ((int)Settings::Get('system.mod_fcgid') == 1) { + $local_user = Settings::Get('system.mod_fcgid_httpuser'); + } else { + $local_user = Settings::Get('phpfpm.vhost_httpuser'); + } + $ins_data['members'] .= ','.$local_user; + } + Database::pexecute($ins_stmt, $ins_data); + // FTP-Quotatallies $ins_stmt = Database::prepare(" INSERT INTO `" . TABLE_FTP_QUOTATALLIES . "` SET `name` = :name, `quota_type` = 'user', `bytes_in_used` = '0', diff --git a/scripts/jobs/cron_tasks.php b/scripts/jobs/cron_tasks.php index 2d8bcb38..8d9e763a 100644 --- a/scripts/jobs/cron_tasks.php +++ b/scripts/jobs/cron_tasks.php @@ -86,6 +86,22 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) { } else { echo "Please check you Webserver settings\n"; } + + // if we use php-fpm and have a local user for froxlor, we need to + // add the webserver-user to the local-group in order to allow the webserver + // to access the fpm-socket + if (Settings::Get('phpfpm.enabled') == 1 && function_exists("posix_getgrnam")) { + // get group info about the local-user's group (e.g. froxlorlocal) + $groupinfo = posix_getgrnam(Settings::Get('phpfpm.vhost_httpgroup')); + // check group members + if (isset($groupinfo['members']) + && !in_array(Settings::Get('system.httpuser'), $groupinfo['members']) + ) { + // webserver has no access, add it + safe_exec('usermod -aG ' . escapeshellarg(Settings::Get('phpfpm.vhost_httpgroup')." ".Settings::Get('system.httpuser'))); + } + } + } /**