New config path. New permission policy. Improved rebuild scripts.

Author: serghey-rodin

bin/v_add_cron_job

@@ -67,6 +67,8 @@ v_str="$v_str' WDAY='$wday' CMD='$command' SUSPEND='no' DATE='$V_DATE'"
 # Adding to crontab
 echo "$v_str">>$V_USERS/$user/cron.conf
 
+chmod 660 $V_USERS/$user/cron.conf
+
 # Sorting jobs by id
 sort_cron_jobs
 

bin/v_add_db_base

@@ -90,7 +90,8 @@ increase_user_value "$user" '$U_DATABASES'
 # Adding db to db conf
 v_str="DB='$database' USER='$db_user' HOST='$host' TYPE='$type'"
 v_str="$v_str CHARSET='$encoding' U_DISK='0' SUSPEND='no' DATE='$V_DATE'"
-echo "$v_str">>$V_USERS/$user/db.conf
+echo "$v_str" >> $V_USERS/$user/db.conf
+chmod 660 $V_USERS/$user/db.conf
 
 # Hiding password
 V_EVENT="$V_DATE $V_SCRIPT $user $database $db_user ***** $type $host"

bin/v_add_dns_domain

@@ -103,14 +103,20 @@ cat $V_DNSTPL/$template.tpl |\
 dns_rec="DOMAIN='$domain' IP='$ip' TPL='$template' TTL='$ttl' EXP='$exp'"
 dns_rec="$dns_rec SOA='$soa' SUSPEND='no' DATE='$V_DATE'"
 echo "$dns_rec" >> $V_USERS/$user/dns.conf
+chmod 660 $V_USERS/$user/dns.conf
 
 # Adding zone in named.conf
-named="zone \"$domain_idn\" {type master; file \"/etc/namedb/$domain.db\";};"
+named="zone \"$domain_idn\" {type master; file"
+named="$named \"$V_HOME/$user/conf/dns/$domain.db\";};"
 echo "$named" >> /etc/named.conf
 
 # Updating domain dns zone
+conf="$V_HOME/$user/conf/dns/$domain.db"
 update_domain_zone
 
+chmod 640 $conf
+chown root:named $conf
+
 
 #----------------------------------------------------------#
 #                       Vesta                              #

bin/v_add_user

@@ -75,26 +75,32 @@ esac
 echo "$password" | /usr/bin/passwd "$user" --stdin >/dev/null 2>&1
 
 # Building directory tree
-if [ ! -z "$BACKUP_SYSTEM" ] && [ "$BACKUP_SYSTEM" != 'no' ]; then
-    mkdir $V_HOME/$user/backup
-    chmod 751 $V_HOME/$user/backup
-fi
+mkdir $V_HOME/$user/conf
+chmod 751 $V_HOME/$user/conf/web
 
 if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB_SYSTEM" != 'no' ]; then
-    mkdir $V_HOME/$user/conf
+    mkdir $V_HOME/$user/conf/web
     mkdir $V_HOME/$user/web
     mkdir $V_HOME/$user/tmp
-    chmod 751 $V_HOME/$user/conf
+    chmod 751 $V_HOME/$user/conf/web
     chmod 751 $V_HOME/$user/web
     chmod 777 $V_HOME/$user/tmp
     chown $user:$user $V_HOME/$user/web
 fi
 
 if [ ! -z "$MAIL_SYSTEM" ] && [ "$MAIL_SYSTEM" != 'no' ]; then
+    mkdir $V_HOME/$user/conf/mail
     mkdir $V_HOME/$user/mail
     chmod 751 $V_HOME/$user/mail
+    chmod 751 $V_HOME/$user/conf/mail
+fi
+
+if [ ! -z "$DNS_SYSTEM" ] && [ "$DNS_SYSTEM" != 'no' ]; then
+    mkdir $V_HOME/$user/conf/dns
+    chmod 751 $V_HOME/$user/conf/dns
 fi 
 
+
 # Set permissions
 chmod -R a+x $V_HOME/$user
 
@@ -111,36 +117,51 @@ fi
 
 # Adding user dir
 mkdir $V_USERS/$user
+chmod 770 $V_USERS/$user
 
 # Creating configuration files and pipes
-touch $V_USERS/$user/user.conf
+touch $V_USERS/$user/backup.conf
+chmod 660 $V_USERS/$user/backup.conf
+touch $V_USERS/$user/history.log
+chmod 660 $V_USERS/$user/history.log
+touch $V_USERS/$user/billing.log
+chmod 660 $V_USERS/$user/billing.log
+
 echo "v_update_user_disk $user" >> $V_QUEUE/disk.pipe
 
 if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB_SYSTEM" != 'no' ]; then
     mkdir $V_USERS/$user/ssl
+    chmod 770 $V_USERS/$user/ssl
     touch $V_USERS/$user/web.conf
+    chmod 660 $V_USERS/$user/web.conf
     echo "$V_BIN/v_update_web_domains_traff $user" >> $V_QUEUE/traffic.pipe
     echo "v_update_web_domains_disk $user" >> $V_QUEUE/disk.pipe
 fi
 
 if [ ! -z "$DNS_SYSTEM" ] && [ "$DNS_SYSTEM" != 'no' ]; then
-    touch $V_USERS/$user/dns.conf
     mkdir $V_USERS/$user/dns
+    chmod 770 $V_USERS/$user/dns
+    touch $V_USERS/$user/dns.conf
+    chmod 660 $V_USERS/$user/dns.conf
 fi
 
 if [ ! -z "$MAIL_SYSTEM" ] && [ "$MAIL_SYSTEM" != 'no' ]; then
-    touch $V_USERS/$user/mail_domains.conf
-    touch $V_USERS/$user/mail_boxes.conf
+    mkdir $V_USERS/$user/mail
+    chmod 770 $V_USERS/$user/mail
+    touch $V_USERS/$user/mail.conf
+    chmod 660 $V_USERS/$user/mail.conf
     echo "v_upd_mail_domains_disk $user" >> $V_QUEUE/disk.pipe
 fi
 
 if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'no' ]; then
     touch $V_USERS/$user/db.conf
+    chmod 660 $V_USERS/$user/db.conf
     echo "v_update_db_bases_disk $user" >> $V_QUEUE/disk.pipe
 fi
 
 if [ ! -z "$CRON_SYSTEM" ] && [ "$CRON_SYSTEM" != 'no' ]; then
     touch $V_USERS/$user/cron.conf
+    chmod 660 $V_USERS/$user/cron.conf
 fi
 
 # Filling user config
@@ -163,6 +184,7 @@ U_DATABASES='0'
 U_MAIL_DOMAINS='0'
 U_CRON_JOBS='0'
 DATE='$V_DATE'" > $V_USERS/$user/user.conf
+chmod 660 $V_USERS/$user/user.conf
 
 # Hiding password
 V_EVENT="$V_DATE $V_SCRIPT $user ***** $email $package $fname $lname"

bin/v_add_web_domain

@@ -99,7 +99,7 @@ email="$user@$domain"
 docroot="$V_HOME/$user/web/$domain/public_html"
 docroot_string="DocumentRoot $docroot"
 
-conf="$V_HOME/$user/conf/httpd.conf"
+conf="$V_HOME/$user/conf/web/httpd.conf"
 tpl_file="$V_WEBTPL/apache_$template.tpl"
 
 # Parsing template keys
@@ -167,8 +167,10 @@ done
 # Changing file owner
 chown -R $user:$user $V_HOME/$user/web/$domain
 chown root:$user /var/log/httpd/domains/$domain.*
+chown root:apache $conf
 
 # Changing file permissions
+chmod 640 $conf
 chmod 551 $V_HOME/$user/web/$domain
 chmod 751 $V_HOME/$user/web/$domain/private
 chmod 751 $V_HOME/$user/web/$domain/cgi-bin
@@ -218,7 +220,8 @@ v_str="$v_str SSL='no' SSL_HOME='single'"
 v_str="$v_str NGINX='' NGINX_EXT='' SUSPEND='no' DATE='$V_DATE'"
 
 # Registering domain
-echo "$v_str" >>$V_USERS/$user/web.conf
+echo "$v_str" >> $V_USERS/$user/web.conf
+chmod 660 $V_USERS/$user/web.conf
 
 # Adding task to the vesta pipe
 restart_schedule 'web'

bin/v_add_web_domain_nginx

@@ -67,26 +67,33 @@ get_web_domain_values
 NGINX="$template"
 NGINX_EXT="$extentions"
 tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.tpl"
-conf="$V_HOME/$user/conf/nginx.conf"
+conf="$V_HOME/$user/conf/web/nginx.conf"
 
 # Preparing domain values for the template substitution
 upd_web_domain_values
 add_web_config
 
+# Set permission and ownership
+chown root:nginx $conf
+chmod 640 $conf
+
 # Checking main vesta httpd config
 main_conf='/etc/nginx/conf.d/vesta_users.conf'
 main_conf_check=$(grep "$conf" $main_conf )
 if [ -z "$main_conf_check" ]; then
     echo "include $conf;" >>$main_conf
 fi
 
-
+# Checking ssl
 if [ "$SSL" = 'yes' ]; then
     proxy_string="proxy_pass     https://$ip:$WEB_SSL_PORT;"
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
-    conf="$V_HOME/$user/conf/snginx.conf"
+    conf="$V_HOME/$user/conf/web/snginx.conf"
     add_web_config
 
+    chown root:nginx $conf
+    chmod 640 $conf
+
     main_conf='/etc/nginx/conf.d/vesta_users.conf'
     main_conf_check=$(grep "$conf" $main_conf )
     if [ -z "$main_conf_check" ]; then
@@ -95,6 +102,7 @@ if [ "$SSL" = 'yes' ]; then
 fi
 
 
+
 #----------------------------------------------------------#
 #                       Vesta                              #
 #----------------------------------------------------------#

bin/v_add_web_domain_ssl

@@ -76,10 +76,11 @@ if [ -e "$ssl_dir/$domain.ca" ]; then
     cp -f $ssl_dir/$domain.ca $V_USERS/$user/ssl/$domain.ca
     cat $V_USERS/$user/ssl/$domain.ca >> $V_USERS/$user/ssl/$domain.pem
 fi
+chmod 660 $V_USERS/$user/ssl/$domain.*
 
 # Parsing domain values
 get_web_domain_values
-conf="$V_HOME/$user/conf/shttpd.conf"
+conf="$V_HOME/$user/conf/web/shttpd.conf"
 tpl_file="$V_WEBTPL/apache_$TPL.stpl"
 SSL_HOME="$ssl_home"
 
@@ -92,12 +93,15 @@ upd_web_domain_values
 # Adding domain to the shttpd.conf
 add_web_config
 
+chown root:apache $conf
+chmod 640 $conf
+
 # Adding certificate to user dir
-cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/ssl.$domain.crt
-cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/ssl.$domain.key
-cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/ssl.$domain.pem
+cp -f $V_USERS/$user/ssl/$domain.crt $V_HOME/$user/conf/web/ssl.$domain.crt
+cp -f $V_USERS/$user/ssl/$domain.key $V_HOME/$user/conf/web/ssl.$domain.key
+cp -f $V_USERS/$user/ssl/$domain.pem $V_HOME/$user/conf/web/ssl.$domain.pem
 if [ -e "$V_USERS/$user/ssl/$domain.ca" ]; then
-    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/ssl.$domain.ca
+    cp -f $V_USERS/$user/ssl/$domain.ca $V_HOME/$user/conf/web/ssl.$domain.ca
 fi
 
 # Running template trigger
@@ -115,10 +119,13 @@ fi
 # Checking  nginx
 if [ ! -z "$NGINX" ]; then
     # Adding domain to the snginx.conf
-    conf="$V_HOME/$user/conf/snginx.conf"
+    conf="$V_HOME/$user/conf/web/snginx.conf"
     tpl_file="$V_WEBTPL/ngingx_vhost_$NGINX.stpl"
     add_web_config
 
+    chown root:nginx $conf
+    chmod 640 $conf
+
     # Checking vesta nginx config
     main_conf='/etc/nginx/conf.d/vesta_users.conf'
     main_conf_check=$(grep "$conf" $main_conf )

bin/v_add_web_domain_stat

@@ -81,7 +81,7 @@ cat $V_WEBTPL/$type.tpl |\
         -e "s/%home%/${V_HOME////\/}/g" \
         -e "s/%alias%/${aliases//,/ }/g" \
         -e "s/%alias_idn%/${aliases_idn//,/ }/g" \
-    > $V_HOME/$user/conf/$type.$domain.conf
+    > $V_HOME/$user/conf/web/$type.$domain.conf
 
 
 #----------------------------------------------------------#

bin/v_backup_user

@@ -503,6 +503,7 @@ backup_str="$backup_str MAIL='${mail_list// /,}'"
 backup_str="$backup_str DB='${db_list// /,}'"
 backup_str="$backup_str CRON='$cron_list'"
 echo "$backup_str" >> $V_USERS/$user/backup.conf
+chmod 660 $V_USERS/$user/backup.conf
 
 # Logging
 log_event 'system' "$V_EVENT"

bin/v_delete_dns_domain

@@ -54,13 +54,13 @@ tpl_name=$(get_dns_domain_value '$TPL')
 old_ip=$(get_dns_domain_value '$IP')
 
 # Deleting domain in named.conf
-rm_string=$(grep -n /etc/namedb/$domain.db $named_conf|cut -d : -f 1)
+rm_string=$(grep -n /conf/dns/$domain.db $named_conf |cut -d : -f 1)
 if [ ! -z "$rm_string" ]; then
     sed -i "$rm_string d" $named_conf
 fi
 
-if [ -e "/etc/namedb/$domain.db" ]; then
-    rm -f /etc/namedb/$domain.db
+if [ -e "$V_HOME/$user/conf/dns/$domain.db" ]; then
+    rm -f $V_HOME/$user/conf/dns/$domain.db
 fi