maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

first work on permission-improvements by adding webserver-user to ftp-group of customer and therefore make it possible to chown the user-docroot to 750 keeping 'others' out, refs #532

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-12-08 11:13:43 +01:00
parent 0f80e66a01
commit bf4c16b063
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin_customers.php
View File

@@ -809,7 +809,7 @@ if ($page == 'customers'
'customerid' => $customerid, 'customerid' => $customerid,
'groupname' => $loginname, 'groupname' => $loginname,
'guid' => $guid, 'guid' => $guid,
'members' => $loginname 'members' => $loginname.','.$settings['system']['httpuser']
); );
Database::pexecute($ins_stmt, $ins_data); Database::pexecute($ins_stmt, $ins_data);
// FTP-Quotatallies // FTP-Quotatallies

6
install/updates/froxlor/0.9/update_0.9.inc.php
View File

@@ -2537,7 +2537,7 @@ if (isFroxlorVersion('0.9.31-rc1')) {
if (isFroxlorVersion('0.9.31-rc2')) { if (isFroxlorVersion('0.9.31-rc2')) {
showUpdateStep("Updating from 0.9.31-rc1 to 0.9.31-rc99"); showUpdateStep("Updating from 0.9.31-rc2 to 0.9.31-rc99");
lastStepStatus(0); lastStepStatus(0);
showUpdateStep("Removing APS-module (deprecated)"); showUpdateStep("Removing APS-module (deprecated)");
@@ -2582,5 +2582,9 @@ if (isFroxlorVersion('0.9.31-rc2')) {
Database::query("DROP TABLE IF EXISTS `mail_autoresponder`;"); Database::query("DROP TABLE IF EXISTS `mail_autoresponder`;");
lastStepStatus(0); lastStepStatus(0);
showUpdateStep("Updating ftp-groups entries");
Database::query("UPDATE `".TABLE_FTP_GROUPS."` SET `members` = CONCAT(`members`, ',".$settings['system']['httpuser']."');");
lastStepStatus(0);
updateToVersion('0.9.31-rc99'); updateToVersion('0.9.31-rc99');
} }

2
scripts/jobs/cron_tasks.php
View File

@@ -143,6 +143,8 @@ while ($row = $result_tasks_stmt->fetch(PDO::FETCH_ASSOC)) {
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir)); $cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));
safe_exec('chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir)); safe_exec('chown -R ' . (int)$row['data']['uid'] . ':' . (int)$row['data']['gid'] . ' ' . escapeshellarg($userhomedir));
// don't allow others to access the directory (webserver will be in the users' group)
safe_exec('chmod 0750 ' . escapeshellarg($userhomedir));
$cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$settings['system']['vmail_uid'] . ':' . (int)$settings['system']['vmail_gid'] . ' ' . escapeshellarg($usermaildir)); $cronlog->logAction(CRON_ACTION, LOG_NOTICE, 'Running: chown -R ' . (int)$settings['system']['vmail_uid'] . ':' . (int)$settings['system']['vmail_gid'] . ' ' . escapeshellarg($usermaildir));
safe_exec('chown -R ' . (int)$settings['system']['vmail_uid'] . ':' . (int)$settings['system']['vmail_gid'] . ' ' . escapeshellarg($usermaildir)); safe_exec('chown -R ' . (int)$settings['system']['vmail_uid'] . ':' . (int)$settings['system']['vmail_gid'] . ' ' . escapeshellarg($usermaildir));
} }