Merge pull request hestiacp#1624 from hestiacp/releases/v1.3.3

Release Hestia v1.3.3

Author: ScIT-Raphael

CHANGELOG.md

@@ -1,6 +1,10 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [1.3.3] - Service Release
+### Bugfixes
+- Improved permission handling.
+
 ## [1.3.2] - Service Release
 ### Features
 - Added PHP v8.0 support for multiphp environment.

README.md

@@ -74,11 +74,12 @@ apt-get update
 apt-get upgrade
 ```
 
-Issues
+Issues & Support Requests
 =============================
-If you've run into a problem, [file a new issue report via GitHub](https://github.com/hestiacp/hestiacp/issues) so that we may investigate further.
+* If you encounter a general problem while using Hestia Control Panel and need help, please [visit our forum](https://forum.hestiacp.com/) to search for potential solutions or post a new thread where community members can assist.
+* Bugs and other reproducible issues should be filed via GitHub by [creating a new issue report](https://github.com/hestiacp/hestiacp/issues) so that our developers can investigate further. Please note that requests for support will be redirected to our forum.
 
-**We cannot provide support for requests that do not describe the troubleshooting steps that have already been performed, or for third-party applications which do not relate to Hestia Control Panel. Please make sure that you fill in the necessary details in your issue reports!**
+**IMPORTANT: We _cannot_ provide support for requests that do not describe the troubleshooting steps that have already been performed, or for third-party applications not related to Hestia Control Panel (such as WordPress). Please make sure that you include as much information as possible in your forum posts or issue reports!**
 
 Contributions
 =============================

bin/v-add-web-domain

@@ -68,6 +68,8 @@ check_hestia_demo_mode
 # Reading user values
 source $USER_DATA/user.conf
 
+[[ -e "$HOMEDIR/$user/web/$domain" ]] && check_result $E_EXISTS "Web domain folder for $domain should not exist"
+
 # Creating domain directories
 $BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain"
 $BIN/v-add-fs-directory "$user" "$HOMEDIR/$user/web/$domain/public_html"
@@ -95,10 +97,10 @@ done
 chown -R $user:$user $HOMEDIR/$user/web/$domain
 chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
 chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
-chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
-chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
-chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
-chown $user:www-data $HOMEDIR/$user/web/$domain/public_*html
+user_exec chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
+user_exec chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
+user_exec chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*
+chown --no-dereference $user:www-data $HOMEDIR/$user/web/$domain/public_*html
 
 # Addding PHP-FPM backend
 if [ ! -z "$WEB_BACKEND" ]; then

bin/v-check-api-key

@@ -12,11 +12,18 @@
 #                    Variable&Function                     #
 #----------------------------------------------------------#
 
-if [ -z "$1" ]; then
+[[ -z $HESTIA ]] && HESTIA="/usr/local/hestia"
+
+source $HESTIA/func/main.sh
+
+new_timestamp
+
+abort_missmatch() {
     echo "Error: key missmatch"
-    exit 9
-fi
-key=$(basename $1)
+    echo "$date $time api $ip failed to login" >> $HESTIA/log/auth.log
+    exit $E_PASSWORD
+}
+
 ip=${2-127.0.0.1}
 time_n_date=$(date +'%T %F')
 time=$(echo "$time_n_date" |cut -f 1 -d \ )
@@ -27,11 +34,20 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #                       Action                             #
 #----------------------------------------------------------#
 
-if [ ! -e $HESTIA/data/keys/$key ]; then
-    echo "Error: key missmatch"
-    echo "$date $time api $ip failed to login" >> $HESTIA/log/auth.log
-    exit 9
-fi
+key="$(basename "$1")"
+
+# Exit if Key is unset or to short
+[[ -z $key || ${#key} -lt 16 ]] && abort_missmatch
+
+# Key file must exist
+maybe_key_path="$(readlink -e "${HESTIA}/data/keys/${key}")"
+[[ -z $maybe_key_path ]] && abort_missmatch
+
+# Key file cannot be the key store
+[[ $maybe_key_path == "${HESTIA}/data/keys" ]] && abort_missmatch
+
+# Key file must be in the key store
+[[ $maybe_key_path == "${HESTIA}/data/keys/"* ]] || abort_missmatch
 
 
 #----------------------------------------------------------#

bin/v-generate-api-key

@@ -24,7 +24,9 @@ HASH=$(keygen)
 #----------------------------------------------------------#
 
 if [ ! -d ${KEYS} ]; then
-  mkdir -p ${KEYS}
+    mkdir -p ${KEYS}
+    chown admin:root ${KEYS}
+    chmod 750 ${KEYS}
 fi
 
 if [[ -e ${KEYS}${HASH} ]] ; then

func/main.sh

@@ -1165,3 +1165,14 @@ user_exec() {
 
     setpriv --groups "$user_groups" --reuid "$user" --regid "$user" -- $@
 }
+
+# Simple chmod wrapper that skips symlink files after glob expand
+no_symlink_chmod() {
+    local filemode=$1; shift;
+
+    for i in "$@"; do
+        [[ -L ${i} ]] && continue
+
+        chmod "${filemode}" "${i}"
+    done
+}

func/rebuild.sh

@@ -82,7 +82,7 @@ rebuild_user_conf() {
 
     chmod a+x $HOMEDIR/$user
     chmod a+x $HOMEDIR/$user/conf
-    chown $user:$user \
+    chown --no-dereference $user:$user \
         $HOMEDIR/$user \
         $HOMEDIR/$user/.config \
         $HOMEDIR/$user/.cache \
@@ -119,7 +119,7 @@ rebuild_user_conf() {
         chmod 751 $HOMEDIR/$user/conf/web
         chmod 751 $HOMEDIR/$user/web
         chmod 771 $HOMEDIR/$user/tmp
-        chown $user:$user $HOMEDIR/$user/web
+        chown --no-dereference $user:$user $HOMEDIR/$user/web
         if [ -z "$create_user" ]; then
             $BIN/v-rebuild-web-domains $user $restart
         fi
@@ -244,7 +244,7 @@ rebuild_web_domain_conf() {
     fi
 
     # Set ownership
-    chown $user:$user \
+    chown --no-dereference $user:$user \
         $HOMEDIR/$user/web/$domain \
         $HOMEDIR/$user/web/$domain/private \
         $HOMEDIR/$user/web/$domain/cgi-bin \
@@ -404,18 +404,17 @@ rebuild_web_domain_conf() {
     done
 
     # Set folder permissions
-    chmod 551   $HOMEDIR/$user/web/$domain \
+    no_symlink_chmod 551   $HOMEDIR/$user/web/$domain \
                 $HOMEDIR/$user/web/$domain/stats \
                 $HOMEDIR/$user/web/$domain/logs
-    chmod 751   $HOMEDIR/$user/web/$domain/private \
+    no_symlink_chmod 751   $HOMEDIR/$user/web/$domain/private \
                 $HOMEDIR/$user/web/$domain/cgi-bin \
                 $HOMEDIR/$user/web/$domain/public_html \
                 $HOMEDIR/$user/web/$domain/public_shtml \
                 $HOMEDIR/$user/web/$domain/document_errors
     chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
 
-    chown $user:www-data $HOMEDIR/$user/web/$domain/public_html \
-                $HOMEDIR/$user/web/$domain/public_shtml
+    chown --no-dereference $user:www-data $HOMEDIR/$user/web/$domain/public_*html
 }
 
 # DNS domain rebuild

install/hst-install-debian.sh

@@ -23,7 +23,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.3.2'
+HESTIA_INSTALL_VER='1.3.3'
 pma_v='5.0.4'
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0")
 fpm_v="7.4"
@@ -949,6 +949,12 @@ mkdir -p /etc/sudoers.d
 cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
 chmod 440 /etc/sudoers.d/admin
 
+# Add Hestia global config
+if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
+    mkdir -p /etc/hestiacp
+    echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
+fi
+
 # Configuring system env
 echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
 echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh

install/hst-install-ubuntu.sh

@@ -23,7 +23,7 @@ HESTIA_INSTALL_DIR="$HESTIA/install/deb"
 VERBOSE='no'
 
 # Define software versions
-HESTIA_INSTALL_VER='1.3.2'
+HESTIA_INSTALL_VER='1.3.3'
 pma_v='5.0.4'
 multiphp_v=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0")
 fpm_v="7.4"
@@ -1006,6 +1006,12 @@ mkdir -p /etc/sudoers.d
 cp -f $HESTIA_INSTALL_DIR/sudo/admin /etc/sudoers.d/
 chmod 440 /etc/sudoers.d/admin
 
+# Add Hestia global config
+if [[ ! -e /etc/hestiacp/hestia.conf ]]; then
+    mkdir -p /etc/hestiacp
+    echo -e "# Do not edit this file, will get overwritten on next upgrade, use /etc/hestiacp/local.conf instead\n\nexport HESTIA='/usr/local/hestia'\n\n[[ -f /etc/hestiacp/local.conf ]] && source /etc/hestiacp/local.conf" > /etc/hestiacp/hestia.conf
+fi
+
 # Configuring system env
 echo "export HESTIA='$HESTIA'" > /etc/profile.d/hestia.sh
 echo 'PATH=$PATH:'$HESTIA'/bin' >> /etc/profile.d/hestia.sh

install/upgrade/upgrade.conf

@@ -21,21 +21,21 @@
 # Update default templates when performing an upgrade
 # These flags should be set to true if any changes are made to the template files
 # to ensure that they are properly updated on the end-user's system.
-UPGRADE_UPDATE_WEB_TEMPLATES='true'
+UPGRADE_UPDATE_WEB_TEMPLATES='false'
 UPGRADE_UPDATE_MAIL_TEMPLATES='false'
 UPGRADE_UPDATE_DNS_TEMPLATES='false'
 
 # Update phpMyAdmin to the latest version during upgrade
-UPGRADE_UPDATE_PHPMYADMIN='true'
+UPGRADE_UPDATE_PHPMYADMIN='false'
 
 # Update the File Manager or it's configuration file
 # UPGRADE_UPDATE_FILEMANAGER: Performs an upgrade/repair install of the File Manager
 # UPGRADE_UPDATE_FILEMANAGER: Updates only the configuration file
 UPGRADE_UPDATE_FILEMANAGER='false'
-UPGRADE_UPDATE_FILEMANAGER_CONFIG='true'
+UPGRADE_UPDATE_FILEMANAGER_CONFIG='false'
 
 # Post installation clean-up
-UPGRADE_REBUILD_USERS='false'
+UPGRADE_REBUILD_USERS='true'
 UPGRADE_RESTART_SERVICES='true'
 
 #######################################################################################