Fix bug with sftp jail and username containing - (hestiacp#3941)

jaapmarcus · web-flow · commit 87a7b4f094eb · 2023-08-22T17:13:15.000+02:00
* Bug with / not mounting due error with systemd files when username contain -

* Use double qoutes

* Add test regarding sftp jail

* Fix folder not created

* Use mkdir -p

* Improve chown
diff --git a/bin/v-add-web-domain-ftp b/bin/v-add-web-domain-ftp
@@ -80,10 +80,11 @@ else
 		log_event "$E_INVALID" "$ARGUMENTS"
 		exit "$E_INVALID"
 	fi
+
 	# Creating ftp user home directory
 	if [ ! -e "$ftp_path_a" ]; then
-		$BIN/v-add-fs-directory "$user" "$ftp_path_a"
-		chown $user:$user "$ftp_path_a"
+		mkdir -p "$ftp_path_a"
+		chown --no-dereference $user:$user "$ftp_path_a"
 		chmod 751 "$ftp_path_a"
 	fi
 fi
diff --git a/bin/v-change-web-domain-ftp-path b/bin/v-change-web-domain-ftp-path
@@ -65,8 +65,8 @@ check_hestia_demo_mode
 
 # MKDIR if path doesn't exist
 if [ ! -e "$ftp_path_a" ]; then
-	$BIN/v-add-fs-directory "$user" "$ftp_path_a"
-	chown $user:$user "$ftp_path_a"
+	mkdir -p "$ftp_path_a"
+	chown --no-dereference $user:$user "$ftp_path_a"
 	chmod 751 "$ftp_path_a"
 fi
 
diff --git a/func/main.sh b/func/main.sh
@@ -1726,7 +1726,8 @@ add_chroot_jail() {
 		chmod 755 /srv/jail/$user/home
 	fi
 
-	cat > /etc/systemd/system/srv-jail-$user-home.mount << EOF
+	systemd=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+	cat > "/etc/systemd/system/$systemd" << EOF
 [Unit]
 Description=Mount $user's home directory to the jail chroot
 Before=local-fs.target
@@ -1743,16 +1744,17 @@ RequiredBy=local-fs.target
 EOF
 
 	systemctl daemon-reload > /dev/null 2>&1
-	systemctl enable srv-jail-$user-home.mount > /dev/null 2>&1
-	systemctl start srv-jail-$user-home.mount > /dev/null 2>&1
+	systemctl enable "$systemd" > /dev/null 2>&1
+	systemctl start "$systemd" > /dev/null 2>&1
 }
 
 delete_chroot_jail() {
 	local user=$1
 
-	systemctl stop srv-jail-$user-home.mount > /dev/null 2>&1
-	systemctl disable srv-jail-$user-home.mount > /dev/null 2>&1
-	rm -f /etc/systemd/system/srv-jail-$user-home.mount
+	systemd=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+	systemctl stop "$systemd" > /dev/null 2>&1
+	systemctl disable "$systemd" > /dev/null 2>&1
+	rm -f "/etc/systemd/system/$systemd"
 	systemctl daemon-reload > /dev/null 2>&1
 	rmdir /srv/jail/$user/home > /dev/null 2>&1
 	rmdir /srv/jail/$user > /dev/null 2>&1
diff --git a/test/test.bats b/test/test.bats
@@ -415,6 +415,8 @@ function check_ip_not_banned(){
 
     run stat -c '%U' /home/$user
     assert_output --partial "$user"
+		mount_file=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+		assert_file_not_exist /etc/systemd/system/$mount_file
 }
 
 @test "User: Change user invalid shell" {
@@ -430,6 +432,8 @@ function check_ip_not_banned(){
 
     run stat -c '%U' /home/$user
     assert_output --partial 'root'
+		mount_file=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+		assert_file_exist /etc/systemd/system/$mount_file
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -415,6 +415,8 @@ function check_ip_not_banned(){`
`415`	`415`
`416`	`416`	`run stat -c '%U' /home/$user`
`417`	`417`	`assert_output --partial "$user"`
	`418`	`+ mount_file=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")`
	`419`	`+ assert_file_not_exist /etc/systemd/system/$mount_file`
`418`	`420`	`}`
`419`	`421`
`420`	`422`	`@test "User: Change user invalid shell" {`
`@@ -430,6 +432,8 @@ function check_ip_not_banned(){`
`430`	`432`
`431`	`433`	`run stat -c '%U' /home/$user`
`432`	`434`	`assert_output --partial 'root'`
	`435`	`+ mount_file=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")`
	`436`	`+ assert_file_exist /etc/systemd/system/$mount_file`
`433`	`437`	`}`
`434`	`438`
`435`	`439`