Setting chmod 600 for all php files

bin/v-change-database-password-for-all-wordpress

@@ -26,7 +26,7 @@ for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
 
     for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
         if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then
-            /usr/local/vesta/bin/v-change-db-password-to-wordpress $domain
+            /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user
             echo "--------------------------------"
         fi
     done

bin/v-change-database-password-for-wordpress

@@ -1,8 +1,8 @@
 #!/bin/bash
-# info: change db password to wordpress database
+# info: change database password for wordpress
 # options:
 #
-# The command is used for changing db password to wordpress database.
+# The command is used for changing database password for wordpress.
 
 
 #----------------------------------------------------------#
@@ -21,7 +21,12 @@ source /etc/profile
 # Argument definition
 domain=$1
 
-user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
 USER=$user
 
 if [ -z "$user" ]; then

bin/v-change-wordpress-admins-pass

@@ -59,14 +59,14 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r PID PLOGIN PEMAIL; do
 done
 
 echo
-echo "For each admin choose: (d) delete, (c) change password, (s) skip."
+echo "For each admin choose: (d) delete, (c) change password, (s) skip, (x) exit."
 
 # interactive loop
-echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do
+while IFS=',' read -r ID LOGIN EMAIL; do
     [ -n "$EMAIL" ] && TARGET="$LOGIN <$EMAIL>" || TARGET="$LOGIN"
     while true; do
         echo "-------------------------------------"
-        read -r -p "Action for \"$TARGET\" [d/c/s]? " ACT < /dev/tty
+        read -r -p "Action for \"$TARGET\" [d/c/s/x]? " ACT < /dev/tty
         case "$ACT" in
             [Dd]* )
                 read -r -p "Really DELETE \"$TARGET\" ?   ('y' or ENTER for yes / 'n' for no) " CONF < /dev/tty
@@ -109,15 +109,20 @@ echo "$ADMIN_LIST_CSV" | while IFS=',' read -r ID LOGIN EMAIL; do
                 echo "Skipping $TARGET."
                 break
                 ;;
-            * ) echo "Please answer d, c, or s." ;;
+            [Xx]* )
+                echo "Exiting."
+                exit 0
+                ;;
+            * ) echo "Please answer d, c, s, or x." ;;
         esac
     done
-done
+done <<< "$ADMIN_LIST_CSV"
 
 #----------------------------------------------------------#
 #        flush cache and refresh all security salts        #
 #----------------------------------------------------------#
 
+echo "-------------------------------------"
 echo
 echo "Flushing cache and refreshing salts..."
 
@@ -129,4 +134,5 @@ echo "Cache flushed and salts refreshed."
 
 echo
 echo "Done."
+
 exit 0

bin/v-desinfect-wordpress

@@ -27,25 +27,15 @@ if [ -z "$user" ]; then
     exit 1
 fi
 
-# choose the correct admin-password script (with or without the “s”)
-if [ -x /usr/local/vesta/bin/v-change-wp-admin-pass ]; then
-    admin_pass_script="/usr/local/vesta/bin/v-change-wp-admin-pass"
-elif [ -x /usr/local/vesta/bin/v-change-wp-admins-pass ]; then
-    admin_pass_script="/usr/local/vesta/bin/v-change-wp-admins-pass"
-else
-    admin_pass_script=""
-fi
-
 # absolute paths to maintenance scripts, in desired order
 declare -a tasks=(
-    "/usr/local/vesta/bin/v-change-db-password-to-wordpress"
-    "/usr/local/vesta/bin/v-fix-wp-core"
+    "/usr/local/vesta/bin/v-change-database-password-for-wordpress"
+    "/usr/local/vesta/bin/v-change-wordpress-admins-pass"
+    "/usr/local/vesta/bin/v-fix-wordpress-core"
     "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
+    "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate"
 )
 
-# append the admin script if we found one
-[ -n "$admin_pass_script" ] && tasks+=("$admin_pass_script")
-
 # -------------------------------------------------------- #
 #                    execution strategy                    #
 # -------------------------------------------------------- #

bin/v-fix-user-permissions

@@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \;
 find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} +
 find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} +
 find /home/$user/web/*/public_html/ -exec chown $user:$user {} \;
+find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} +
 
 echo "Done, permissions fixed for user: $user"
 

bin/v-fix-website-permissions

@@ -18,7 +18,13 @@ source /etc/profile
 # Argument definition
 domain=$1
 
-user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+# Check if number of arguments is 2
+if [ $# -eq 2 ]; then
+    user=$2
+else
+    user=$(/usr/local/vesta/bin/v-search-domain-owner $domain)
+fi
+USER=$user
 
 # Includes
 source /usr/local/vesta/func/main.sh
@@ -27,8 +33,6 @@ if [ -z "$user" ]; then
     check_result $E_NOTEXIST "domain $domain doesn't exist"
 fi
 
-USER=$user
-
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
@@ -54,14 +58,28 @@ fi
 # Going to domain directory
 cd /home/$USER/web/$domain
 
+# Ownership check
+if [ -f "public_html/index.php" ]; then
+    owner=$(stat -c '%U' "public_html/index.php")
+    if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then
+        echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)"
+        exit 1
+    fi
+fi
+
+
 echo "Updating permissions for /home/$USER/web/$domain/public_html/"
 find public_html/ -type d -exec chmod 755 {} +
 find public_html/ -type f -exec chmod 644 {} +
 chown -R $USER:$USER public_html/
 
+# Setting chmod 600 for all php files
+echo "= Setting chmod 600 for all php files"
+find -name "*.php" -type f -exec chmod 600 {} +
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#
 echo "Permissions for $domain have been successfully updated."
 
-exit
+exit 0

bin/v-fix-website-permissions-for-all-websites

@@ -0,0 +1,41 @@
+#!/bin/bash
+# info: fix website permissions for all websites
+# options:
+#
+# The command is used for fixing website permissions for all websites on the server.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Importing system variables
+source /etc/profile
+
+# Includes
+source $VESTA/func/main.sh
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+for user in $(grep '@' /etc/passwd |cut -f1 -d:); do
+    if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then
+        continue;
+    fi
+
+    for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do
+        /usr/local/vesta/bin/v-fix-website-permissions $domain $user
+        echo "--------------------------------"
+    done
+
+done
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

bin/v-unlock-wordpress

@@ -58,6 +58,8 @@ chown -R $user:$user public_html/
 
 rm public_html/wp-content/uploads/.htaccess
 
+/usr/local/vesta/bin/v-fix-website-permissions $domain
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#