diff --git a/bin/v-add-web-domain-httpauth b/bin/v-add-web-domain-httpauth index 631bc3a3..d2371afd 100755 --- a/bin/v-add-web-domain-httpauth +++ b/bin/v-add-web-domain-httpauth @@ -74,6 +74,7 @@ fi # Adding httpasswd user auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password) touch $htpasswd +chmod 640 $htpasswd $htaccess sed -i "/^$auth_user:/d" $htpasswd echo "$auth_user:$auth_hash" >> $htpasswd diff --git a/bin/v-delete-web-domain-httpauth b/bin/v-delete-web-domain-httpauth index 9678a371..e528bf2f 100755 --- a/bin/v-delete-web-domain-httpauth +++ b/bin/v-delete-web-domain-httpauth @@ -54,7 +54,7 @@ sed -i "/^$auth_user:/d" $htpasswd # Deleting password protection if [ "$(echo "$AUTH_USER" |tr : '\n' |wc -l)" -le 1 ]; then - rm -f $htaccess + rm -f $htaccess $htpasswd restart_required='yes' fi diff --git a/func/rebuild.sh b/func/rebuild.sh index cce575cd..86641a74 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -176,22 +176,22 @@ rebuild_web_domain_conf() { fi # Set folder permissions - chmod 551 $HOMEDIR/$user/web/$domain - chmod 751 $HOMEDIR/$user/web/$domain/private - chmod 751 $HOMEDIR/$user/web/$domain/cgi-bin - chmod 751 $HOMEDIR/$user/web/$domain/public_html - chmod 751 $HOMEDIR/$user/web/$domain/public_shtml - chmod 751 $HOMEDIR/$user/web/$domain/document_errors - chmod 551 $HOMEDIR/$user/web/$domain/stats - chmod 551 $HOMEDIR/$user/web/$domain/logs + chmod 551 $HOMEDIR/$user/web/$domain \ + $HOMEDIR/$user/web/$domain/stats \ + $HOMEDIR/$user/web/$domain/logs + chmod 751 $HOMEDIR/$user/web/$domain/private \ + $HOMEDIR/$user/web/$domain/cgi-bin \ + $HOMEDIR/$user/web/$domain/public_html \ + $HOMEDIR/$user/web/$domain/public_shtml \ + $HOMEDIR/$user/web/$domain/document_errors chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* # Set ownership - chown $user:$user $HOMEDIR/$user/web/$domain - chown $user:$user $HOMEDIR/$user/web/$domain/private - chown $user:$user $HOMEDIR/$user/web/$domain/cgi-bin - chown $user:$user $HOMEDIR/$user/web/$domain/public_html - chown $user:$user $HOMEDIR/$user/web/$domain/public_shtml + chown $user:$user $HOMEDIR/$user/web/$domain \ + $HOMEDIR/$user/web/$domain/private \ + $HOMEDIR/$user/web/$domain/cgi-bin \ + $HOMEDIR/$user/web/$domain/public_html \ + $HOMEDIR/$user/web/$domain/public_shtml chown -R $user:$user $HOMEDIR/$user/web/$domain/document_errors chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* @@ -367,6 +367,39 @@ rebuild_web_domain_conf() { chmod u-w /etc/shadow fi done + + # Adding http auth protection + htaccess="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.conf_htaccess" + htpasswd="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.htpasswd" + docroot="$HOMEDIR/$user/web/$domain/public_html" + for auth_user in ${AUTH_USER//:/ }; do + # Parsing auth user variables + position=$(echo $AUTH_USER | tr ':' '\n' | grep -n '' |\ + grep ":$auth_user$" | cut -f 1 -d:) + auth_hash=$(echo $AUTH_HASH | tr ':' '\n' | grep -n '' |\ + grep "^$position:" | cut -f 2 -d :) + + # Adding http auth user + touch $htpasswd + sed -i "/^$auth_user:/d" $htpasswd + echo "$auth_user:$auth_hash" >> $htpasswd + + # Checking web server include + if [ ! -e "$htaccess" ]; then + if [ "$WEB_SYSTEM" != 'nginx' ]; then + echo "" > $htaccess + echo " AuthUserFile $htpasswd" >> $htaccess + echo " AuthName \"$domain access\"" >> $htaccess + echo " AuthType Basic" >> $htaccess + echo " Require valid-user" >> $htaccess + echo "" >> $htaccess + else + echo "auth_basic \"$domain password access\";" > $htaccess + echo "auth_basic_user_file $htpasswd;" >> $htaccess + fi + fi + done + chmod 640 $htpasswd $htaccess >/dev/null 2>&1 } # DNS domain rebuild