Replace admin user with "hestiaweb" and new "user" (hestiacp#3855)

* Update debian.sh

* Go trough all scripts to remove admin user

* Update more scripts

* Complete /bin/

* /func folder

* Run php under hestiaweb user

* Fix check password

* Patch few bugs in installer

* For got to update hestia-nginx

* Update post install scripts

* Forgot some usage of "admin" in upgrade.sh

* Run via /var/spool/cron/crontabs/hestiaweb

* Update Ubuntu installer

* Delete hard coded admin user and replace with variable

* Update 1 more location

Todo: api

* Add root_user to v-list-sys-config

* Update permissions filemanager

Also removed unues install-fm

* Update API to use new admin user

* Remove "Unsafe warning"

* Upgrade script

* Fix upgrade script

* Fix issue

* Check if home dir exstis

* Include sudo file + cronjobs

* Fix cronjobs

* Use correct path

* Revert "Remove "Unsafe warning""

This reverts commit c2f2cca.

* Add ROLE to sessions

And use it in the checks

* Add remove admin user for sudoers

Keep enabled for now as it would prevent you from going to 1.8.x

* set default new user package to "default"

Also add upgrade notice...

* Replace hardcode admin

* Allow W = yes

* remove extra line

* Source conf after update

* Fix bug with ROOT_USER not found on upgrade for the first time

Author: jaapmarcus

bin/v-add-cron-hestia-autoupdate

@@ -10,7 +10,6 @@
 #----------------------------------------------------------#
 
 # Argument definition
-user=admin
 mode=$1
 
 # Includes
@@ -26,10 +25,8 @@ source_conf "$HESTIA/conf/hestia.conf"
 #----------------------------------------------------------#
 
 is_system_enabled "$CRON_SYSTEM" 'CRON_SYSTEM'
-is_package_full 'CRON_JOBS'
-get_next_cronjob
-check_cron_apt=$(grep 'v-update-sys-hestia-all' $USER_DATA/cron.conf)
-check_cron_git=$(grep 'v-update-sys-hestia-git' $USER_DATA/cron.conf)
+check_cron_apt=$(grep 'v-update-sys-hestia-all' "/var/spool/cron/crontabs/hestiaweb")
+check_cron_git=$(grep 'v-update-sys-hestia-git' "/var/spool/cron/crontabs/hestiaweb")
 if [ -n "$check_cron_apt" ] || [ -n "$check_cron_git" ]; then
 	exit
 fi
@@ -53,7 +50,7 @@ if [ -z "$mode" ] || [ "$mode" = "apt" ]; then
 	day='*'
 	month='*'
 	wday='*'
-	command="sudo $BIN/v-update-sys-hestia-all"
+	command='v-update-sys-hestia-all'
 fi
 
 if [ "$mode" = "git" ]; then
@@ -62,32 +59,14 @@ if [ "$mode" = "git" ]; then
 	day='*'
 	month='*'
 	wday='*'
-	command="sudo $BIN/v-update-sys-hestia-git"
+	command='v-update-sys-hestia-git'
 fi
 
-# Concatenating cron string
-str="JOB='$job' MIN='$min' HOUR='$hour' DAY='$day' MONTH='$month' WDAY='$wday'"
-str="$str CMD='$command' SUSPENDED='no' TIME='$time' DATE='$date'"
-
-# Adding to crontab
-echo "$str" >> $HESTIA/data/users/$user/cron.conf
-
-# Changing permissions
-chmod 660 $HESTIA/data/users/$user/cron.conf
-
-# Sort jobs by id number
-sort_cron_jobs
-
-# Sync cronjobs with system cron
-sync_cron_jobs
+echo "$min $hour * * * sudo /usr/local/hestia/bin/$command" > "/var/spool/cron/crontabs/hestiaweb"
 
 #----------------------------------------------------------#
 #                       Hestia                             #
 #----------------------------------------------------------#
-
-# Increasing cron value
-increase_user_value "$user" '$U_CRON_JOBS'
-
 # Restarting cron
 $BIN/v-restart-cron
 check_result $? "Cron restart failed" > /dev/null

bin/v-add-cron-letsencrypt-job

@@ -30,10 +30,10 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Add cron job
-cmd="sudo $BIN/v-update-sys-queue letsencrypt"
-check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
+cmd="bin/v-update-sys-queue letsencrypt"
+check_cron=$(grep "$cmd" "/var/spool/cron/crontabs/hestiaweb" 2> /dev/null)
 if [ -z "$check_cron" ] && [ -n "$CRON_SYSTEM" ]; then
-	$BIN/v-add-cron-job admin '*/5' '*' '*' '*' '*' "$cmd"
+	echo "*/5 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue letsencrypt" >> "/var/spool/cron/crontabs/hestiaweb"
 fi
 
 #----------------------------------------------------------#

bin/v-add-cron-restart-job

@@ -30,10 +30,10 @@ check_hestia_demo_mode
 #----------------------------------------------------------#
 
 # Add cron job
-cmd="sudo $BIN/v-update-sys-queue restart"
-check_cron=$(grep "$cmd" $HESTIA/data/users/admin/cron.conf 2> /dev/null)
+cmd="v-update-sys-queue restart"
+check_cron=$(grep "$cmd" "/var/spool/cron/crontabs/hestiaweb" 2> /dev/null)
 if [ -z "$check_cron" ] && [ -n "$CRON_SYSTEM" ]; then
-	$BIN/v-add-cron-job admin '*' '*' '*' '*' '*' "$cmd"
+	echo "*/2 * * * * sudo /usr/local/hestia/bin/v-update-sys-queue restart" >> "/var/spool/cron/crontabs/hestiaweb"
 fi
 
 #----------------------------------------------------------#

bin/v-add-letsencrypt-domain

@@ -569,11 +569,10 @@ if [ "$?" -ne '0' ]; then
 fi
 
 # Adding LE autorenew cronjob
-if [ -z "$(grep v-update-lets $HESTIA/data/users/admin/cron.conf)" ]; then
+if [ -z "$(grep v-update-letsen "$HESTIA/data/users/$ROOT_USER/cron.conf")" ]; then
 	min=$(generate_password '012345' '2')
 	hour=$(generate_password '1234567' '1')
-	cmd="sudo $BIN/v-update-letsencrypt-ssl"
-	$BIN/v-add-cron-job admin "$min" "$hour" '*' '*' '*' "$cmd" > /dev/null
+	echo "$min $hour * * * sudo /usr/local/hestia/bin/v-update-letsencrypt-ssl" > /etc/cron.d/hestiaweb
 fi
 
 # Updating letsencrypt key

bin/v-add-sys-dependencies

@@ -19,7 +19,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 source "$HESTIA/install/upgrade/upgrade.conf"
 
 MODE=$1
-user="admin"
+user="$ROOT_USER"
 
 PM_INSTALL_DIR="$HESTIA/web/inc"
 QUICK_INSTALL_DIR="$HESTIA/web/src"
@@ -49,7 +49,7 @@ fi
 if [ ! -f "$COMPOSER_BIN" ]; then
 	$BIN/v-add-user-composer "$user"
 	if [ $? -ne 0 ]; then
-		$BIN/v-add-user-notification admin 'Composer installation failed!' '<p class="u-text-bold">Hestia will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-dependencies</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Composer installation failed!' '<p class="u-text-bold">Hestia will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-dependencies</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
 		exit 1
 	fi
 fi
@@ -78,7 +78,7 @@ if [ $? -ne 0 ]; then
 	echo "ERROR: PHPMailer installation failed!"
 	echo "Please report this to our development team:"
 	echo "https://github.com/hestiacp/hestiacp/issues"
-	$BIN/v-add-user-notification admin 'Hestia PHP dependencies installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
+	$BIN/v-add-user-notification "$ROOT_USER" 'Hestia PHP dependencies installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
 	# Installation failed, clean up files
 	rm --recursive --force ${PM_INSTALL_DIR}/vendor
 	$BIN/v-change-sys-config-value 'USE_SERVER_SMTP' 'n'

bin/v-add-sys-filemanager

@@ -20,7 +20,7 @@ source_conf "$HESTIA/conf/hestia.conf"
 source_conf "$HESTIA/install/upgrade/upgrade.conf"
 
 MODE=$1
-user="admin"
+user="$ROOT_USER"
 
 FM_INSTALL_DIR="$HESTIA/web/fm"
 FM_FILE="filegator_latest"
@@ -51,7 +51,7 @@ fi
 if [ ! -f "$COMPOSER_BIN" ]; then
 	$BIN/v-add-user-composer "$user"
 	if [ $? -ne 0 ]; then
-		$BIN/v-add-user-notification admin 'Composer installation failed!' '<p class="u-text-bold">The File Manager will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-filemanager</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
+		$BIN/v-add-user-notification "$ROOT_USER" 'Composer installation failed!' '<p class="u-text-bold">The File Manager will not work without Composer.</p><p>Please try running the installer manually from a shell session:<br><code>v-add-sys-filemanager</code></p><p>If this continues, <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
 		exit 1
 	fi
 fi
@@ -91,7 +91,7 @@ if [ $? -ne 0 ]; then
 	echo "ERROR: File Manager installation failed!"
 	echo "Please report this to our development team:"
 	echo "https://github.com/hestiacp/hestiacp/issues"
-	$BIN/v-add-user-notification admin 'File Manager installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
+	$BIN/v-add-user-notification "$ROOT_USER" 'File Manager installation failed!' '<p>Please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a> to report this to our development team.</p>'
 	# Installation failed, clean up files
 	rm --recursive --force ${FM_INSTALL_DIR}
 	$BIN/v-change-sys-config-value 'FILE_MANAGER' 'false'
@@ -105,9 +105,9 @@ cp -f $HESTIA_INSTALL_DIR/filemanager/filegator/configuration.php $HESTIA/web/fm
 echo "$fm_v" > "${FM_INSTALL_DIR}/version"
 # Set permissions
 chown root: -R "${FM_INSTALL_DIR}"
-chown $user: "${FM_INSTALL_DIR}/private"
-chown $user: "${FM_INSTALL_DIR}/private/logs"
-chown $user: "${FM_INSTALL_DIR}/repository"
+chown hestiaweb: "${FM_INSTALL_DIR}/private"
+chown hestiaweb: "${FM_INSTALL_DIR}/private/logs"
+chown hestiaweb: "${FM_INSTALL_DIR}/repository"
 
 $BIN/v-change-sys-config-value 'FILE_MANAGER' 'true'
 

bin/v-add-sys-ip

@@ -28,7 +28,7 @@ if [ -z "$iface" ]; then
 fi
 
 iface="${3-$iface}"
-user="${4-admin}"
+user="$4"
 ip_status="${5-shared}"
 ip_name="$6"
 nat_ip="$7"
@@ -47,6 +47,10 @@ source "$HESTIA/func/syshealth.sh"
 # load config file
 source_conf "$HESTIA/conf/hestia.conf"
 
+if [ -z "$4" ]; then
+	user="$ROOT_USER"
+fi
+
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
@@ -62,7 +66,7 @@ fi
 if [ -n "$nat_ip" ]; then
 	is_format_valid 'nat_ip'
 fi
-if [ "$user" != "admin" ]; then
+if [ "$user" != "$ROOT_USER" ]; then
 	ip_status="dedicated"
 fi
 
@@ -204,17 +208,17 @@ syshealth_adapt_hestia_nginx_listen_ports
 
 # Updating user counters
 increase_user_value "$user" '$IP_OWNED'
-if [ "$user" = 'admin' ]; then
+if [ "$user" = $ROOT_USER ]; then
 	if [ "$ip_status" = 'shared' ]; then
 		for hestia_user in $($BIN/v-list-sys-users plain); do
 			increase_user_value "$hestia_user" '$IP_AVAIL'
 		done
 	else
-		increase_user_value 'admin' '$IP_AVAIL'
+		increase_user_value $ROOT_USER '$IP_AVAIL'
 	fi
 else
 	increase_user_value "$user" '$IP_AVAIL'
-	increase_user_value 'admin' '$IP_AVAIL'
+	increase_user_value $ROOT_USER '$IP_AVAIL'
 fi
 
 # Restarting web server

bin/v-add-sys-sftp-jail

@@ -58,7 +58,7 @@ fi
 # Validating opensshd config
 if [ "$restart" = 'yes' ]; then
 	subj="OpenSSH restart failed"
-	email=$(grep CONTACT $HESTIA/data/users/admin/user.conf | cut -f 2 -d \')
+	email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 	/usr/sbin/sshd -t > /dev/null 2>&1
 	if [ "$?" -ne 0 ]; then
 		mail_text="OpenSSH can not be restarted. Please check config:
@@ -72,8 +72,10 @@ fi
 # Checking users
 shells="rssh|nologin"
 for user in $(grep "$HOMEDIR" /etc/passwd | egrep "$shells" | cut -f 1 -d:); do
-	# Include all users v-add-user-sftp-jail will handle it
-	$BIN/v-add-user-sftp-jail "$user" "no"
+	if [ -d "/home/$user" ]; then
+		# Include all users v-add-user-sftp-jail will handle it
+		$BIN/v-add-user-sftp-jail "$user" "no"
+	fi
 done
 
 # Restart ssh service

bin/v-add-user

@@ -2,7 +2,7 @@
 # info: add system user
 # options: USER PASSWORD EMAIL [PACKAGE] [NAME] [LASTNAME]
 #
-# example: v-add-user admin2 P4$$w@rD bgates@aol.com
+# example: v-add-user user P4$$w@rD bgates@aol.com
 #
 # This function creates new user account.
 
@@ -92,8 +92,8 @@ if [ -z "$(grep ^hestia-users: /etc/group)" ]; then
 fi
 
 # Add membership to hestia-users group to non-admin users
-if [ "$user" = "admin" ]; then
-	setfacl -m "g:admin:r-x" "$HOMEDIR/$user"
+if [ "$user" = "$ROOT_USER" ]; then
+	setfacl -m "g:$ROOT_USER:r-x" "$HOMEDIR/$user"
 else
 	usermod -a -G "hestia-users" "$user"
 	setfacl -m "u:$user:r-x" "$HOMEDIR/$user"
@@ -198,8 +198,8 @@ time=$(echo "$time_n_date" | cut -f 1 -d \ )
 date=$(echo "$time_n_date" | cut -f 2 -d \ )
 
 # Filling user config
-if [ "$user" != 'admin' ]; then
-	ip_avail=$($BIN/v-list-user-ips admin plain | grep -w shared | wc -l)
+if [ "$user" != "$ROOT_USER" ]; then
+	ip_avail=$($BIN/v-list-user-ips "$ROOT_USER" plain | grep -w shared | wc -l)
 	u_users=0
 else
 	ip_avail=0
@@ -262,8 +262,8 @@ if [ "$DISK_QUOTA" = 'yes' ]; then
 fi
 
 # Updating admin counter
-if [ "$user" != 'admin' ]; then
-	increase_user_value 'admin' '$U_USERS'
+if [ "$user" != "$ROOT_USER" ]; then
+	increase_user_value "$ROOT_USER" '$U_USERS'
 fi
 
 # Run template trigger

bin/v-backup-user

@@ -174,7 +174,7 @@ start_time=$(date '+%s')
 
 # Set notification email and subject
 subj="$user → backup failed"
-email=$(grep CONTACT "$HESTIA/data/users/admin/user.conf" | cut -f 2 -d \')
+email=$(grep CONTACT "$HESTIA/data/users/$ROOT_USER/user.conf" | cut -f 2 -d \')
 
 # Validate available disk space (take usage * 2, due to the backup handling)
 let u_disk=$(($(get_user_disk_usage) * 2))