diff --git a/actions/admin/settings/130.webserver.php b/actions/admin/settings/130.webserver.php index fa385c49..b5c7917b 100644 --- a/actions/admin/settings/130.webserver.php +++ b/actions/admin/settings/130.webserver.php @@ -186,14 +186,6 @@ return array( 'option_options_method' => 'getRedirectCodes', 'save_method' => 'storeSettingField', ), - 'perl_path' => array( - 'label' => $lng['serversettings']['perl_path'], - 'settinggroup' => 'system', - 'varname' => 'perl_path', - 'type' => 'string', - 'default' => '/usr/bin/perl', - 'save_method' => 'storeSettingField', - ), ), ), 'ssl' => array( diff --git a/actions/admin/settings/137.perl.php b/actions/admin/settings/137.perl.php new file mode 100644 index 00000000..2c2ebf6a --- /dev/null +++ b/actions/admin/settings/137.perl.php @@ -0,0 +1,52 @@ + (2010-) + * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt + * @package Settings + * @version $Id$ + */ + +return array( + 'groups' => array( + 'perl' => array( + 'title' => $lng['admin']['perl_settings'], + 'fields' => array( + 'perl_path' => array( + 'label' => $lng['serversettings']['perl_path'], + 'settinggroup' => 'system', + 'varname' => 'perl_path', + 'type' => 'string', + 'default' => '/usr/bin/perl', + 'save_method' => 'storeSettingField', + ), + 'system_perl_suexecworkaround' => array( + 'label' => $lng['serversettings']['perl']['suexecworkaround'], + 'settinggroup' => 'perl', + 'varname' => 'suexecworkaround', + 'type' => 'bool', + 'default' => false, + 'save_method' => 'storeSettingField', + ), + 'system_perl_suexeccgipath' => array( + 'label' => $lng['serversettings']['perl']['suexeccgipath'], + 'settinggroup' => 'perl', + 'varname' => 'suexecpath', + 'type' => 'string', + 'default' => '/var/www/cgi-bin/', + 'save_method' => 'storeSettingField', + ), + ), + ), + ), + ); + +?> diff --git a/admin_settings.php b/admin_settings.php index 52ecd7a7..7f2d719a 100644 --- a/admin_settings.php +++ b/admin_settings.php @@ -214,6 +214,4 @@ elseif($page == 'enforcequotas' { ask_yesno('admin_quotas_reallyenforce', $filename, array('page' => $page)); } -} - -?> \ No newline at end of file +} \ No newline at end of file diff --git a/install/froxlor.sql b/install/froxlor.sql index 04c5222c..c543a779 100644 --- a/install/froxlor.sql +++ b/install/froxlor.sql @@ -454,7 +454,7 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (18, 'system', 'vmail_homedir', '/var/customers/mail/'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (19, 'system', 'bindconf_directory', '/etc/bind/'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (20, 'system', 'bindreload_command', '/etc/init.d/bind9 reload'); -INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.12-svn1'); +INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (22, 'panel', 'version', '0.9.12-svn2'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (23, 'system', 'hostname', 'SERVERNAME'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (24, 'login', 'maxloginattempts', '3'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (25, 'login', 'deactivatetime', '900'); @@ -580,6 +580,8 @@ INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) V INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (146, 'system', 'mod_fcgid_ownvhost', '0'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (147, 'system', 'mod_fcgid_httpuser', 'froxlorlocal'); INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (148, 'system', 'mod_fcgid_httpgroup', 'froxlorlocal'); +INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (149, 'perl', 'suexecworkaround', '0'); +INSERT INTO `panel_settings` (`settingid`, `settinggroup`, `varname`, `value`) VALUES (150, 'perl', 'suexecpath', '/var/www/cgi-bin/'); # -------------------------------------------------------- diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php index d16ced78..5ab97fe3 100644 --- a/install/updates/froxlor/0.9/update_0.9.inc.php +++ b/install/updates/froxlor/0.9/update_0.9.inc.php @@ -954,3 +954,22 @@ if(isFroxlorVersion('0.9.11')) updateToVersion('0.9.12-svn1'); } + +if(isFroxlorVersion('0.9.12-svn1')) +{ + showUpdateStep("Updating from 0.9.12-svn1 to 0.9.12-svn2", false); + + $update_perl_suexecworkaround = isset($_POST['update_perl_suexecworkaround']) ? (int)$_POST['update_perl_suexecworkaround'] : '0'; + $update_perl_suexecpath = isset($_POST['update_perl_suexecpath']) ? $_POST['update_perl_suexecpath'] : '/var/www/cgi-bin/'; + + if($update_perl_suexecpath == '') { + $update_perl_suexecpath = '/var/www/cgi-bin/'; + } + + showUpdateStep("Adding new settings for perl/CGI"); + $db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('perl', 'suexecworkaround', '".$db->escape($update_perl_suexecworkaround)."');"); + $db->query("INSERT INTO `" . TABLE_PANEL_SETTINGS . "` (`settinggroup`, `varname`, `value`) VALUES ('perl', 'suexecpath', '".$db->escape($update_perl_suexecpath)."');"); + lastStepStatus(0); + + updateToVersion('0.9.12-svn2'); +} diff --git a/install/updates/preconfig/0.9/preconfig_0.9.inc.php b/install/updates/preconfig/0.9/preconfig_0.9.inc.php index 74c5fca9..705c7c49 100644 --- a/install/updates/preconfig/0.9/preconfig_0.9.inc.php +++ b/install/updates/preconfig/0.9/preconfig_0.9.inc.php @@ -255,4 +255,16 @@ function parseAndOutputPreconfig(&$has_preconfig, &$return, $current_version) eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";"); } } + + if(versionInUpdate($current_version, '0.9.12-svn2')) + { + $has_preconfig = true; + $description = 'Many apache user will have problems using perl/CGI as the customer docroots are not within the suexec path. Froxlor provides a simple workaround for that.'; + $question = 'Enable Apache/SuExec/Perl workaround?: '; + $question.= makeyesno('update_perl_suexecworkaround', '1', '0', '0').'

'; + $question.= 'If \'yes\', please specify a path within the suexec path where Froxlor will create symlinks to customer perl-enabled paths:

'; + $question.= 'Path for symlinks (must be within suexec path): '; + $question.= '
'; + eval("\$return.=\"" . getTemplate("update/preconfigitem") . "\";"); + } } diff --git a/lib/tables.inc.php b/lib/tables.inc.php index d68c10a4..420cd697 100644 --- a/lib/tables.inc.php +++ b/lib/tables.inc.php @@ -72,7 +72,7 @@ define('PACKAGE_ENABLED', 2); // VERSION INFO -$version = '0.9.12-svn1'; +$version = '0.9.12-svn2'; $dbversion = '2'; $branding = ''; diff --git a/lng/english.lng.php b/lng/english.lng.php index fd6595f1..74dda352 100644 --- a/lng/english.lng.php +++ b/lng/english.lng.php @@ -1458,4 +1458,11 @@ $lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'If enabled, Froxl $lng['admin']['mod_fcgid_user'] = 'Local user to use for FCGID (Froxlor vhost)'; $lng['admin']['mod_fcgid_group'] = 'Local group to use for FCGID (Froxlor vhost)'; +// ADDED IN FROXLOR 0.9.12-svn2 +$lng['admin']['perl_settings'] = 'Perl/CGI'; +$lng['serversettings']['perl']['suexecworkaround']['title'] = 'Enable SuExec workaround (Apache only)'; +$lng['serversettings']['perl']['suexecworkaround']['description'] = 'Enable only if customer docroots are not within the apache suexec path.
If enabled, Froxlor will generate a symlink from the customers perl-enabled directory + /cgi-bin/ to the given path.
Note that perl will then only work in the folders subdirectory /cgi-bin/ and not in the folder itself (as it does without this fix!)'; +$lng['serversettings']['perl']['suexeccgipath']['title'] = 'Path for customer perl-enabled directory symlinks'; +$lng['serversettings']['perl']['suexeccgipath']['description'] = 'You only need to set this if the SuExec-workaround is enabled.
ATTENTION: Be sure this path is within the suexec path or else this workaround is uselsess'; + ?> diff --git a/lng/german.lng.php b/lng/german.lng.php index 0d8e9c65..b63adc7f 100644 --- a/lng/german.lng.php +++ b/lng/german.lng.php @@ -1441,4 +1441,11 @@ $lng['serversettings']['mod_fcgid_ownvhost']['description'] = 'Wenn verwendet, w $lng['admin']['mod_fcgid_user'] = 'Lokaler Benutzer für FCGID (Froxlor Vhost)'; $lng['admin']['mod_fcgid_group'] = 'Lokale Gruppe für FCGID (Froxlor Vhost)'; +// ADDED IN FROXLOR 0.9.12-svn2 +$lng['admin']['perl_settings'] = 'Perl/CGI'; +$lng['serversettings']['perl']['suexecworkaround']['title'] = 'Aktiviere SuExec Workaround (nur f&uumL,r Apache)'; +$lng['serversettings']['perl']['suexecworkaround']['description'] = 'Aktivieren Sie den Workaround nur, wenn die Kunden-Heimatverzeichnise sich nicht unterhalb des suexec-Pfades liegen.
Wenn aktiviert erstellt Froxlor eine Verknüpfung des vom Kunden für Perl aktiviertem Pfad + /cgi-bin/ im angegebenen suexec-Pfad.
Bitte beachten Sie, dass Perl dann nur im Unterordner /cgi-bin/ des Kunden-Ordners funktioniert und nicht direkt in diesem Ordner (wie es ohne den Workaround wäre!)'; +$lng['serversettings']['perl']['suexeccgipath']['title'] = 'Pfad für Verknüpfungen zu Kunden-Perl-Verzeichnis'; +$lng['serversettings']['perl']['suexeccgipath']['description'] = 'Diese Einstellung wird nur benötigt, wenn der SuExec-Workaround aktiviert ist.
ACHTUNG: Stellen Sie sicher, dass sich der angegebene Pfad innerhalb des Suexec-Pfades befindet ansonsten ist der Workaround nutzlos'; + ?> diff --git a/scripts/jobs/cron_tasks.inc.http.10.apache.php b/scripts/jobs/cron_tasks.inc.http.10.apache.php index 68b52b49..bfe23278 100644 --- a/scripts/jobs/cron_tasks.inc.http.10.apache.php +++ b/scripts/jobs/cron_tasks.inc.http.10.apache.php @@ -896,6 +896,51 @@ class apache $this->diroptions_data[$diroptions_filename].= ' Order allow,deny' . "\n"; $this->diroptions_data[$diroptions_filename].= ' Allow from all' . "\n"; fwrite($this->debugHandler, ' cron_tasks: Task3 - Enabling perl execution' . "\n"); + + // check for suexec-workaround, #319 + if((int)$this->settings['perl']['suexecworkaround'] == 1) + { + // symlink this directory to suexec-safe-path + $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); + $suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'].'/'.$loginname.'/'.md5($row_diroptions['path']).'/'); + + if(!file_exists($suexecpath)) + { + safe_exec('mkdir -p '.escapeshellarg($suexecpath)); + safe_exec('chown -R '.escapeshellarg($row_diroptions['guid']).':'.escapeshellarg($row_diroptions['guid']).' '.escapeshellarg($suexecpath)); + } + + // symlink to {$givenpath}/cgi-bin + // NOTE: symlinks are FILES, so do not append a / here + $perlsymlink = makeCorrectFile($row_diroptions['path'].'/cgi-bin'); + if(!file_exists($perlsymlink)) + { + safe_exec('ln -s '.escapeshellarg($suexecpath).' '.escapeshellarg($perlsymlink)); + } + safe_exec('chown '.escapeshellarg($row_diroptions['guid']).':'.escapeshellarg($row_diroptions['guid']).' '.escapeshellarg($perlsymlink)); + } + } + else + { + // if no perl-execution is enabled but the workaround is, + // we have to remove the symlink and folder in suexecpath + if((int)$this->settings['perl']['suexecworkaround'] == 1) + { + $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); + $suexecpath = makeCorrectDir($this->settings['perl']['suexecpath'].'/'.$loginname.'/'.md5($row_diroptions['path']).'/'); + $perlsymlink = makeCorrectFile($row_diroptions['path'].'/cgi-bin'); + + // remove symlink + if(file_exists($perlsymlink)) + { + safe_exec('rm -f '.escapeshellarg($perlsymlink)); + } + // remove folder in suexec-path + if(file_exists($suexecpath)) + { + safe_exec('rm -rf '.escapeshellarg($suexecpath)); + } + } } if(count($row_diroptions['htpasswds']) > 0)