From bf4c16b0635c2ee8207758b7a83b751624a8df95 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Sun, 8 Dec 2013 11:13:43 +0100
Subject: [PATCH] first work on permission-improvements by adding
 webserver-user to ftp-group of customer and therefore make it possible to
 chown the user-docroot to 750 keeping 'others' out, refs #532

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 admin_customers.php                            | 2 +-
 install/updates/froxlor/0.9/update_0.9.inc.php | 6 +++++-
 scripts/jobs/cron_tasks.php                    | 2 ++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/admin_customers.php b/admin_customers.php
index 39ee45e0..87c7f0d4 100644
--- a/admin_customers.php
+++ b/admin_customers.php
@@ -809,7 +809,7 @@ if ($page == 'customers'
 							'customerid' => $customerid,
 							'groupname' => $loginname,
 							'guid' => $guid,
-							'members' => $loginname
+							'members' => $loginname.','.$settings['system']['httpuser']
 					);
 					Database::pexecute($ins_stmt, $ins_data);
 					// FTP-Quotatallies
diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index 330e326d..39f24133 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -2537,7 +2537,7 @@ if (isFroxlorVersion('0.9.31-rc1')) {
 
 if (isFroxlorVersion('0.9.31-rc2')) {
 
-	showUpdateStep("Updating from 0.9.31-rc1 to 0.9.31-rc99");
+	showUpdateStep("Updating from 0.9.31-rc2 to 0.9.31-rc99");
 	lastStepStatus(0);
 
 	showUpdateStep("Removing APS-module (deprecated)");
@@ -2582,5 +2582,9 @@ if (isFroxlorVersion('0.9.31-rc2')) {
 	Database::query("DROP TABLE IF EXISTS `mail_autoresponder`;");
 	lastStepStatus(0);
 
+	showUpdateStep("Updating ftp-groups entries");
+	Database::query("UPDATE `".TABLE_FTP_GROUPS."` SET `members` = CONCAT(`members`, ',".$settings['system']['httpuser']."');");
+	lastStepStatus(0);
+
 	updateToVersion('0.9.31-rc99');
 }
diff --git a/scripts/jobs/cron_tasks.php b/scripts/jobs/cron_tasks.php
index 4bbd991f..2ec26564 100644
--- a/scripts/jobs/cron_tasks.php
+++ b/scripts/jobs/cron_tasks.php
@@ -143,6 +143,8 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
 
 			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));
 			safe_exec('chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));
+			// don't allow others to access the directory (webserver will be in the users' group)
+			safe_exec('chmod 0750 ' . escapeshellarg($userhomedir));
 			$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$settings['system']['vmail_uid'] . ':' . (int)$settings['system']['vmail_gid'] . ' ' . escapeshellarg($usermaildir));
 			safe_exec('chown -R ' . (int)$settings['system']['vmail_uid'] . ':' . (int)$settings['system']['vmail_gid'] . ' ' . escapeshellarg($usermaildir));
 		}