Roundcube permissions (hestiacp#2203)

Alexandros Ioannides · web-flow · commit 594911c52eac · 2021-11-01T13:50:06.000+01:00
* Roundcube permission fixes
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,7 @@ All notable changes to this project will be documented in this file.
 
 - Add support for Dovecote Sieve #2163 (@2163)
 - Improve HELO based system and use RDNS lookup instead our old system
-- Set default php version for new installs to PHP8.0 
+- Set default php version for new installs to PHP 8.0 
 
 ### Bugfixes
 
@@ -16,14 +16,15 @@ All notable changes to this project will be documented in this file.
 - Prevent SOA count up after v-change-dns-records with no changes are made
 - Fix #1296 Logrotate does not rotate logs any more on Ubuntu 20.04 and Debian 11
 - Run shellcheck to improve code quality 
-- Improve ssh port detection for filemanager. Allowing users to create /etc/ssh/sshd.conf.d/custom.conf with custom port. 
+- Improve ssh port detection for filemanager. Allowing users to create /etc/ssh/sshd.conf.d/custom.conf with custom port
 - Fix an bug in v-add-letsencrypt-host due to changes of Lets Encrypt causing issues with rate limiting
 - Improve Update process Hestia and allow versions to decide a a rebuild is required
 - Add Download SSL certificate function for self generated ssl cerrtificates #2181
 - Block access to .user.ini for Nginx + Apache2 #2179
 - Add support for download B2 backup to local server to allow for restore #2199
 - Update permissions /var/kog/roundcube on older installations #2173
 - Update translations
+- Fix Roundcube persmissions
 
 ### Dependencies
 
diff --git a/bin/v-add-sys-roundcube b/bin/v-add-sys-roundcube
@@ -100,6 +100,7 @@ if [ "$UPDATE" == "no" ]; then
     # Replace with Hestia config
     cp -f $HESTIA_INSTALL_DIR/roundcube/main.inc.php $RC_CONFIG_DIR/config.inc.php
     cp -f $HESTIA_INSTALL_DIR/roundcube/mimetypes.php $RC_CONFIG_DIR/mimetypes.php
+    chmod 644 $RC_CONFIG_DIR/*.php
     
     cp -f $HESTIA_INSTALL_DIR/roundcube/hestia.php $RC_INSTALL_DIR/plugins/password/drivers/
     mkdir -p $RC_CONFIG_DIR/plugins/password
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -1789,7 +1789,7 @@ fi
 #----------------------------------------------------------#
 
 echo "[ * ] Install Roundcube..."
-# Min requirements Dovecote + Exim + Mysql
+# Min requirements Dovecot + Exim + Mysql
 
 if [ "$mysql" == 'yes' ] && [ "$dovecot" == "yes" ]; then
     $HESTIA/bin/v-add-sys-roundcube 
@@ -1799,13 +1799,13 @@ fi
 #----------------------------------------------------------#
 #                     Install Sieve                        #
 #----------------------------------------------------------#
-# Min requirements Dovecote + Exim + Mysql + roundcube
+# Min requirements Dovecot + Exim + Mysql + Roundcube
 if [ "$sieve" = 'yes' ]; then
     # Folder paths
     RC_INSTALL_DIR="/var/lib/roundcube"
     RC_CONFIG_DIR="/etc/roundcube"
     
-    echo "[ * ] Install Sieve ..."
+    echo "[ * ] Install Sieve..."
      
     # dovecot.conf install
     sed -i "s/namespace/service stats \{\n  unix_listener stats-writer \{\n    group = mail\n    mode = 0660\n    user = dovecot\n  \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf
@@ -1829,24 +1829,23 @@ if [ "$sieve" = 'yes' ]; then
    sed -i "s/address_pipe:/dovecot_virtual_delivery:\n  driver = pipe\n  command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \$local_part@\$domain -f \$sender_address -a \$original_local_part@\$original_domain\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n  log_output = true\n  log_defer_output = true\n  user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n group = mail\n  return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template
     
     
-    # Modify roundcube install install
+    # Modify Roundcube install
     mkdir -p $RC_CONFIG_DIR/plugins/managesieve
     
     cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
         ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php
     
-    # permission changes
+    # Permission changes
     chown -R dovecot:mail /var/log/dovecot.log
     chmod 660 /var/log/dovecot.log
-    
     chown -R root:www-data $RC_CONFIG_DIR/
-        chmod 751 -R $RC_CONFIG_DIR
-    
+    chmod 751 -R $RC_CONFIG_DIR
+    chmod 644 $RC_CONFIG_DIR/*.php
     chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
     
     sed -i "s/'archive'/'archive', 'managesieve'/g" $RC_CONFIG_DIR/config.inc.php
     
-    #restart dovecot and exim4
+    # Restart Dovecot and exim4
     systemctl restart dovecot > /dev/null 2>&1
     systemctl restart exim4 > /dev/null 2>&1
 fi
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -1794,23 +1794,25 @@ fi
 #----------------------------------------------------------#
 
 echo "[ * ] Install Roundcube..."
-# Min requirements Dovecote + Exim + Mysql
+# Min requirements Dovecot + Exim + Mysql
 
 if [ "$mysql" == 'yes' ] && [ "$dovecot" == "yes" ]; then
     $HESTIA/bin/v-add-sys-roundcube
     write_config_value "WEBMAIL_ALIAS" "webmail"
 fi
 
+
 #----------------------------------------------------------#
 #                     Install Sieve                        #
 #----------------------------------------------------------#
-# Min requirements Dovecote + Exim + Mysql + roundcube
+
+# Min requirements Dovecot + Exim + Mysql + Roundcube
 if [ "$sieve" = 'yes' ]; then
     # Folder paths
     RC_INSTALL_DIR="/var/lib/roundcube"
     RC_CONFIG_DIR="/etc/roundcube"
     
-    echo "[ * ] Install Sieve ..."
+    echo "[ * ] Install Sieve..."
 
     # dovecot.conf install
     sed -i "s/namespace/service stats \{\n  unix_listener stats-writer \{\n    group = mail\n    mode = 0660\n    user = dovecot\n  \}\n\}\n\nnamespace/g" /etc/dovecot/dovecot.conf
@@ -1826,36 +1828,36 @@ if [ "$sieve" = 'yes' ]; then
     # replace dovecot-sieve config files
     cp -f $HESTIA_INSTALL_DIR/dovecot/sieve/* /etc/dovecot/conf.d
     
-    # dovecot default file install
+    # Dovecot default file install
     echo -e "require [\"fileinto\"];\n# rule:[SPAM]\nif header :contains \"X-Spam-Flag\" \"YES\" {\n    fileinto \"INBOX.Spam\";\n}\n" > /etc/dovecot/sieve/default
     
     # exim4 install
     sed -i "s/\stransport = local_delivery/ transport = dovecot_virtual_delivery/" /etc/exim4/exim4.conf.template
     
     sed -i "s/address_pipe:/dovecot_virtual_delivery:\n  driver = pipe\n  command = \/usr\/lib\/dovecot\/dovecot-lda -e -d \$local_part@\$domain -f \$sender_address -a \$original_local_part@\$original_domain\n  delivery_date_add\n  envelope_to_add\n  return_path_add\n  log_output = true\n  log_defer_output = true\n  user = \${extract{2}{:}{\${lookup{\$local_part}lsearch{\/etc\/exim4\/domains\/\${lookup{\$domain}dsearch{\/etc\/exim4\/domains\/}}\/passwd}}}}\n  group = mail\n  return_output\n\naddress_pipe:/g" /etc/exim4/exim4.conf.template
     
-    # Modify roundcube install install
+    # Modify Roundcube install
     mkdir -p $RC_CONFIG_DIR/plugins/managesieve
     
     cp -f $HESTIA_INSTALL_DIR/roundcube/plugins/config_managesieve.inc.php $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
         ln -s $RC_CONFIG_DIR/plugins/managesieve/config.inc.php $RC_INSTALL_DIR/plugins/managesieve/config.inc.php
     
-    # permission changes
+    # Permission changes
     chown -R dovecot:mail /var/log/dovecot.log
     chmod 660 /var/log/dovecot.log
-    
     chown -R root:www-data $RC_CONFIG_DIR/
-        chmod 751 -R $RC_CONFIG_DIR
-    
+    chmod 751 -R $RC_CONFIG_DIR
+    chmod 644 $RC_CONFIG_DIR/*.php
     chmod 644 $RC_CONFIG_DIR/plugins/managesieve/config.inc.php
-    
+        
     sed -i "s/'archive'/'archive', 'managesieve'/g" $RC_CONFIG_DIR/config.inc.php
     
-    #restart dovecot and exim4
+    # Restart Dovecot and exim4
     systemctl restart dovecot > /dev/null 2>&1
     systemctl restart exim4 > /dev/null 2>&1
 fi
 
+
 #----------------------------------------------------------#
 #                       Configure API                      #
 #----------------------------------------------------------#
diff --git a/install/upgrade/versions/1.5.0.sh b/install/upgrade/versions/1.5.0.sh
@@ -39,7 +39,7 @@ if [ -n "$MAIL_SYSTEM" ]; then
     
     # Clean up legacy ip variable
     for ip in $($BIN/v-list-sys-ips plain | cut -f1); do
-        sed '/^HELO/d' $HESTIA/data/ips/$ip;
+        sed '/^HELO/d' $HESTIA/data/ips/$ip  > /dev/null
     done
 fi
 
@@ -53,7 +53,12 @@ if [ -L "/var/log/hestia" ]; then
     touch /var/log/hestia/auth.log /var/log/hestia/error.log /var/log/hestia/system.log /var/log/hestia/nginx-error.log /var/log/hestia/nginx-access.log
 fi
 
-if [ -d "/var/log/roundcube" ]; then 
+if [ -d "/var/log/roundcube" ]; then
    chown www-data:root /var/log/roundcube
    chmod 751 /var/log/roundcube
-fi
+fi
+
+if [ -d "/etc/roundcube" ]; then
+   chmod 644 /etc/roundcube/defaults.inc.php
+   chmod 644 /etc/roundcube/mimetypes.php
+fi
