6628: Fix web backup dir permissions to allow web user mod/delete

Author: Judah MW

server/lib/classes/backup.inc.php

@@ -632,7 +632,14 @@ public static function downloadBackup($backup_format, $password, $backup_dir, $f
         elseif(file_exists($backup_dir.'/'.$filename) && file_exists($domain['document_root'].'/backup/') && !stristr($backup_dir.'/'.$filename, '..') && !stristr($backup_dir.'/'.$filename, 'etc')) {
             $success = copy($backup_dir.'/'.$filename, $domain['document_root'].'/backup/'.$filename);
         }
+        if (file_exists($domain['document_root'].'/backup') && fileowner($domain['document_root'].'/backup') === 0) {
+            // Fix old web backup dir permissions from before #6628
+            chown($domain['document_root'].'/backup', $domain['system_user']);
+            chgrp($domain['document_root'].'/backup', $domain['system_group']);
+            $app->log('Fixed old directory permissions from root:root to '.$domain['system_user'].':'.$domain['system_group'].' for backup dir '.$domain['document_root'].'/backup/', LOGLEVEL_DEBUG);
+        }
         if (file_exists($domain['document_root'].'/backup/'.$filename)) {
+            // Change backup file permissions
             chgrp($domain['document_root'].'/backup/'.$filename, $domain['system_group']);
             chown($domain['document_root'].'/backup/'.$filename, $domain['system_user']);
             chmod($domain['document_root'].'/backup/'.$filename,0600);

server/plugins-available/apache2_plugin.inc.php

@@ -717,7 +717,7 @@ function update($event_name, $data) {
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
 		if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp', 0770);
 		if(!is_dir($data['new']['document_root'].'/webdav')) $app->system->mkdirpath($data['new']['document_root'].'/webdav');
-		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup');
+		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup', 0755, $username, $groupname);
 
 		if(!is_dir($data['new']['document_root'].'/.ssh')) {
 			$app->system->mkdirpath($data['new']['document_root'].'/.ssh');

server/plugins-available/nginx_plugin.inc.php

@@ -561,7 +561,7 @@ function update($event_name, $data) {
 		if(!is_dir($data['new']['document_root'].'/ssl')) $app->system->mkdirpath($data['new']['document_root'].'/ssl');
 		if(!is_dir($data['new']['document_root'].'/cgi-bin')) $app->system->mkdirpath($data['new']['document_root'].'/cgi-bin');
 		if(!is_dir($data['new']['document_root'].'/tmp')) $app->system->mkdirpath($data['new']['document_root'].'/tmp');
-		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup');
+		if(!is_dir($data['new']['document_root'].'/backup')) $app->system->mkdirpath($data['new']['document_root'].'/backup', 0755, $username, $groupname);
 
 		if(!is_dir($data['new']['document_root'].'/.ssh')) {
 			$app->system->mkdirpath($data['new']['document_root'].'/.ssh');