Skip to content

Commit 8e60423

Browse files
jnorelljnorell
committed
create missing jailkit when enabling php
1 parent cabf603 commit 8e60423

File tree

2 files changed

+24
-39
lines changed

2 files changed

+24
-39
lines changed

server/plugins-available/apache2_plugin.inc.php

Lines changed: 10 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -533,7 +533,7 @@ function update($event_name, $data) {
533533
$app->uses('getconf');
534534
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
535535

536-
//* Check if this is a chrooted setup
536+
//* Check if apache is using a chrooted setup
537537
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
538538
$apache_chrooted = true;
539539
$app->log('Info: Apache is chrooted.', LOGLEVEL_DEBUG);
@@ -547,7 +547,7 @@ function update($event_name, $data) {
547547
}
548548
if($app->system->is_allowed_user($data['new']['system_user'], $app->system->is_user($data['new']['system_user']), true) == false
549549
|| $app->system->is_allowed_group($data['new']['system_group'], $app->system->is_group($data['new']['system_group']), true) == false) {
550-
$app->log('Websites cannot be owned by the root user or group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);
550+
$app->log('Problem with website user or group. Websites cannot be owned by root or an existing user/group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);
551551
return 0;
552552
}
553553
if(trim($data['new']['domain']) == '') {
@@ -641,7 +641,7 @@ function update($event_name, $data) {
641641
$tmp_symlink = str_replace('[website_domain]', $data['old']['domain'], $tmp_symlink);
642642
// Remove trailing slash
643643
if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
644-
// create the symlinks, if not exist
644+
// remove the old symlinks if they exist
645645
if(is_link($tmp_symlink)) {
646646
$app->system->exec_safe('rm -f ?', $tmp_symlink);
647647
$app->log('Removed symlink: rm -f '.$tmp_symlink, LOGLEVEL_DEBUG);
@@ -674,9 +674,7 @@ function update($event_name, $data) {
674674

675675
//* Create new base directory, if it does not exist yet
676676
if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
677-
$app->system->web_folder_protection($data['old']['document_root'], false);
678677
$app->system->exec_safe('mv ? ?', $data['old']['document_root'], $new_dir);
679-
//$app->system->rename($data['old']['document_root'],$new_dir);
680678
$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir, LOGLEVEL_DEBUG);
681679

682680
// Handle the change in php_open_basedir
@@ -696,15 +694,6 @@ function update($event_name, $data) {
696694
if($apache_chrooted) $app->system->exec_safe('chroot ? ?', $web_config['website_basedir'], $command);
697695

698696
//* Change the log mount
699-
/*
700-
$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind';
701-
$app->system->removeLine('/etc/fstab', $fstab_line);
702-
$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind,nobootwait';
703-
$app->system->removeLine('/etc/fstab', $fstab_line);
704-
$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind,nobootwait';
705-
$app->system->removeLine('/etc/fstab', $fstab_line);
706-
*/
707-
708697
$fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind';
709698

710699
if($web_config['network_filesystem'] == 'y') {
@@ -719,8 +708,6 @@ function update($event_name, $data) {
719708

720709
}
721710

722-
//print_r($data);
723-
724711
// Check if the directories are there and create them if necessary.
725712
$app->system->web_folder_protection($data['new']['document_root'], false);
726713

@@ -772,8 +759,12 @@ function update($event_name, $data) {
772759
$update_hash = hash('md5', implode(' ', $last_updated));
773760
$check_for_jailkit_updates=false;
774761

775-
// Create jailkit chroot when enabling php_fpm_chroot
776-
if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y' && $data['new']['php'] != 'no') {
762+
$create_jail_conditions= ($data['old']['php_fpm_chroot'] != 'y' ||
763+
! is_dir($data['new']['document_root'].'/etc/jailkit') ||
764+
($data['old']['php'] != $data['new']['php'] && $data['new']['php'] != 'no'));
765+
766+
// Create jailkit chroot if needed and when enabling php_fpm_chroot
767+
if($data['new']['php_fpm_chroot'] == 'y' && $create_jail_conditions && $data['new']['php'] != 'no') {
777768
$website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $data['new']['domain_id']);
778769
$this->website = array_merge($website, $data['new'], array('new_jailkit_hash' => $update_hash));
779770
$this->jailkit_config = $jailkit_config;
@@ -875,7 +866,7 @@ function update($event_name, $data) {
875866
$tmp_symlink = str_replace('[website_domain]', $data['old']['domain'], $tmp_symlink);
876867
// Remove trailing slash
877868
if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
878-
// remove the symlinks, if not exist
869+
// remove the old symlinks if they exist
879870
if(is_link($tmp_symlink)) {
880871
$app->system->exec_safe('rm -f ?', $tmp_symlink);
881872
$app->log('Removed symlink: rm -f '.$tmp_symlink, LOGLEVEL_DEBUG);

server/plugins-available/nginx_plugin.inc.php

Lines changed: 14 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -379,7 +379,7 @@ function update($event_name, $data) {
379379
$app->uses('getconf');
380380
$web_config = $app->getconf->get_server_config($conf['server_id'], 'web');
381381

382-
//* Check if this is a chrooted setup
382+
//* Check if nginx is using a chrooted setup
383383
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
384384
$nginx_chrooted = true;
385385
$app->log('Info: nginx is chrooted.', LOGLEVEL_DEBUG);
@@ -393,7 +393,7 @@ function update($event_name, $data) {
393393
}
394394
if($app->system->is_allowed_user($data['new']['system_user'], $app->system->is_user($data['new']['system_user']), true) == false
395395
|| $app->system->is_allowed_group($data['new']['system_group'], $app->system->is_group($data['new']['system_group']), true) == false) {
396-
$app->log('Websites cannot be owned by the root user or group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);
396+
$app->log('Problem with website user or group. Websites cannot be owned by root or an existing user/group. User: '.$data['new']['system_user'].' Group: '.$data['new']['system_group'], LOGLEVEL_WARN);
397397
return 0;
398398
}
399399
if(trim($data['new']['domain']) == '') {
@@ -500,14 +500,17 @@ function update($event_name, $data) {
500500
$tmp_symlink = str_replace('[website_domain]', $data['old']['domain'], $tmp_symlink);
501501
// Remove trailing slash
502502
if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
503-
// create the symlinks, if not exist
503+
// remove the old symlinks if they exist
504504
if(is_link($tmp_symlink)) {
505505
$app->system->exec_safe('rm -f ?', $tmp_symlink);
506506
$app->log('Removed symlink: rm -f '.$tmp_symlink, LOGLEVEL_DEBUG);
507507
}
508508
}
509509
}
510510

511+
//* Remove protection of old folders
512+
$app->system->web_folder_protection($data['old']['document_root'], false);
513+
511514
if($data["new"]["type"] != "vhostsubdomain" && $data["new"]["type"] != "vhostalias") {
512515
//* Move the site data
513516
$tmp_docroot = explode('/', $data['new']['document_root']);
@@ -530,9 +533,7 @@ function update($event_name, $data) {
530533

531534
//* Create new base directory, if it does not exist yet
532535
if(!is_dir($new_dir)) $app->system->mkdirpath($new_dir);
533-
$app->system->web_folder_protection($data['old']['document_root'], false);
534536
$app->system->exec_safe('mv ? ?', $data['old']['document_root'], $new_dir);
535-
//$app->system->rename($data['old']['document_root'],$new_dir);
536537
$app->log('Moving site to new document root: mv '.$data['old']['document_root'].' '.$new_dir, LOGLEVEL_DEBUG);
537538

538539
// Handle the change in php_open_basedir
@@ -552,15 +553,6 @@ function update($event_name, $data) {
552553
if($nginx_chrooted) $app->system->exec_safe('chroot ? ?', $web_config['website_basedir'], $command);
553554

554555
//* Change the log mount
555-
/*
556-
$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind';
557-
$app->system->removeLine('/etc/fstab', $fstab_line);
558-
$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind,nobootwait';
559-
$app->system->removeLine('/etc/fstab', $fstab_line);
560-
$fstab_line = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind,nobootwait';
561-
$app->system->removeLine('/etc/fstab', $fstab_line);
562-
*/
563-
564556
$fstab_line_old = '/var/log/ispconfig/httpd/'.$data['old']['domain'].' '.$data['old']['document_root'].'/'.$old_log_folder.' none bind';
565557

566558
if($web_config['network_filesystem'] == 'y') {
@@ -575,8 +567,6 @@ function update($event_name, $data) {
575567

576568
}
577569

578-
//print_r($data);
579-
580570
// Check if the directories are there and create them if necessary.
581571
$app->system->web_folder_protection($data['new']['document_root'], false);
582572

@@ -628,8 +618,12 @@ function update($event_name, $data) {
628618
$update_hash = hash('md5', implode(' ', $last_updated));
629619
$check_for_jailkit_updates=false;
630620

631-
// Create jailkit chroot when enabling php_fpm_chroot
632-
if($data['new']['php_fpm_chroot'] == 'y' && $data['old']['php_fpm_chroot'] != 'y' && $data['new']['php'] != 'no') {
621+
$create_jail_conditions= ($data['old']['php_fpm_chroot'] != 'y' ||
622+
! is_dir($data['new']['document_root'].'/etc/jailkit') ||
623+
($data['old']['php'] != $data['new']['php'] && $data['new']['php'] != 'no'));
624+
625+
// Create jailkit chroot if needed and when enabling php_fpm_chroot
626+
if($data['new']['php_fpm_chroot'] == 'y' && $create_jail_conditions && $data['new']['php'] != 'no') {
633627
$website = $app->db->queryOneRecord('SELECT * FROM web_domain WHERE domain_id = ?', $data['new']['domain_id']);
634628
$this->website = array_merge($website, $data['new'], array('new_jailkit_hash' => $update_hash));
635629
$this->jailkit_config = $jailkit_config;
@@ -731,7 +725,7 @@ function update($event_name, $data) {
731725
$tmp_symlink = str_replace('[website_domain]', $data['old']['domain'], $tmp_symlink);
732726
// Remove trailing slash
733727
if(substr($tmp_symlink, -1, 1) == '/') $tmp_symlink = substr($tmp_symlink, 0, -1);
734-
// remove the symlinks, if not exist
728+
// remove the old symlinks if they exist
735729
if(is_link($tmp_symlink)) {
736730
$app->system->exec_safe('rm -f ?', $tmp_symlink);
737731
$app->log('Removed symlink: rm -f '.$tmp_symlink, LOGLEVEL_DEBUG);
@@ -2143,7 +2137,7 @@ function delete($event_name, $data) {
21432137

21442138
if($data['old']['type'] == 'vhost' || $data['old']['type'] == 'vhostsubdomain' || $data['old']['type'] == 'vhostalias') $app->system->web_folder_protection($data['old']['document_root'], false);
21452139

2146-
//* Check if this is a chrooted setup
2140+
//* Check if nginx is using a chrooted setup
21472141
if($web_config['website_basedir'] != '' && @is_file($web_config['website_basedir'].'/etc/passwd')) {
21482142
$nginx_chrooted = true;
21492143
} else {

0 commit comments

Comments
 (0)