github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-07-06 04:51:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Making sure chmod and chown does not follow symlinks

Browse source
This commit is contained in:
myvesta 2021-03-14 00:23:23 +01:00
parent d0108b4ae3
commit c981edee63
3 changed files with 21 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

8
bin/v-add-web-domain
View file

@ -90,10 +90,10 @@ done
# Changing file owner & permission # Changing file owner & permission
chown -R $user:$user $HOMEDIR/$user/web/$domain chown -R $user:$user $HOMEDIR/$user/web/$domain
chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* sudo -u $user chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* sudo -u $user chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs sudo -u $user chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.* sudo -u $user chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
# Addding PHP-FPM backend # Addding PHP-FPM backend
if [ ! -z "$WEB_BACKEND" ]; then if [ ! -z "$WEB_BACKEND" ]; then

12
func/main.sh
View file

@ -1085,3 +1085,15 @@ vesta_generate_pass() {
done done
echo "$PASS" echo "$PASS"
} }
# Simple chmod wrapper that skips symlink files after glob expand
# Taken from HestiaCP
no_symlink_chmod() {
local filemode=$1; shift;
for i in "$@"; do
[[ -L ${i} ]] && continue
chmod "${filemode}" "${i}"
done
}

10
func/rebuild.sh
View file

@ -51,7 +51,7 @@ rebuild_user_conf() {
mkdir -p $HOMEDIR/$user/conf mkdir -p $HOMEDIR/$user/conf
chmod a+x $HOMEDIR/$user chmod a+x $HOMEDIR/$user
chmod a+x $HOMEDIR/$user/conf chmod a+x $HOMEDIR/$user/conf
chown $user:$user $HOMEDIR/$user chown --no-dereference $user:$user $HOMEDIR/$user
chown root:root $HOMEDIR/$user/conf chown root:root $HOMEDIR/$user/conf
# Update disk pipe # Update disk pipe
@ -80,7 +80,7 @@ rebuild_user_conf() {
chmod 751 $HOMEDIR/$user/conf/web chmod 751 $HOMEDIR/$user/conf/web
chmod 751 $HOMEDIR/$user/web chmod 751 $HOMEDIR/$user/web
chmod 771 $HOMEDIR/$user/tmp chmod 771 $HOMEDIR/$user/tmp
chown $user:$user $HOMEDIR/$user/web chown --no-dereference $user:$user $HOMEDIR/$user/web
if [ -z "$create_user" ]; then if [ -z "$create_user" ]; then
$BIN/v-rebuild-web-domains $user $restart $BIN/v-rebuild-web-domains $user $restart
fi fi
@ -183,10 +183,10 @@ rebuild_web_domain_conf() {
fi fi
# Set folder permissions # Set folder permissions
chmod 551 $HOMEDIR/$user/web/$domain \ no_symlink_chmod 551 $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/stats \ $HOMEDIR/$user/web/$domain/stats \
$HOMEDIR/$user/web/$domain/logs $HOMEDIR/$user/web/$domain/logs
chmod 751 $HOMEDIR/$user/web/$domain/private \ no_symlink_chmod 751 $HOMEDIR/$user/web/$domain/private \
$HOMEDIR/$user/web/$domain/cgi-bin \ $HOMEDIR/$user/web/$domain/cgi-bin \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
@ -194,7 +194,7 @@ rebuild_web_domain_conf() {
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
# Set ownership # Set ownership
chown $user:$user $HOMEDIR/$user/web/$domain \ chown --no-dereference $user:$user $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/private \ $HOMEDIR/$user/web/$domain/private \
$HOMEDIR/$user/web/$domain/cgi-bin \ $HOMEDIR/$user/web/$domain/cgi-bin \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \