From 1d157473e60528680086a6f87fee2941c3a8ba9e Mon Sep 17 00:00:00 2001
From: Daniel Winzen <d@winzen4.de>
Date: Sat, 14 Jul 2018 10:41:44 +0200
Subject: [PATCH] Move account folder creation into cron.php

---
 README.md        |  7 +------
 var/www/cron.php | 18 ++++++++++++++----
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 25c5213..1e0ac38 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ apt-get purge apache2* resolvconf
 
 If you are on Ubuntu, add the following PPA:
 ```
-LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php && apt-get update
+LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php
 ```
 On debian stable this may be worth a look: https://deb.sury.org/
 
@@ -139,11 +139,6 @@ Enable systemd timers to regularly run various managing tasks:
 systemctl enable hosting-del.timer && systemctl enable hosting.timer
 ```
 
-Add empty directories that should be copied when creating a new user and set permissions correctly:
-```
-for dir in data logs Maildir tmp .ssh; do(mkdir /var/www/skel/$dir && chmod 750 /var/www/skel/$dir); done
-```
-
 Final step is to reboot wait about 5 minutes for all services to start and check if everything is working by creating a test account.
 
 Live demo:
diff --git a/var/www/cron.php b/var/www/cron.php
index 80624ff..bb372f9 100644
--- a/var/www/cron.php
+++ b/var/www/cron.php
@@ -25,8 +25,19 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
 	$update_priv->execute([$priv_key, $onion]);
 	//add and manage rights of system user
 	exec('useradd -l -p '. escapeshellarg($id[2]) . " -g www-data -k /var/www/skel -m -s /usr/sbin/nologin $onion.onion");
-	exec("chown root:www-data /home/$onion.onion");
-	exec("chmod 550 /home/$onion.onion");
+	chown("/home/$onion.onion", 'root');
+	chgrp("/home/$onion.onion", 'www-data');
+	chmod("/home/$onion.onion", 0550);
+	foreach(['.ssh', 'data', 'Maildir', 'tmp'] as $dir){
+		mkdir("/home/$onion.onion/$dir", 0700);
+		chown("/home/$onion.onion/$dir", "$onion.onion");
+		chgrp("/home/$onion.onion/$dir", 'www-data');
+	}
+	foreach(['logs'] as $dir){
+		mkdir("/home/$onion.onion/$dir", 0550);
+		chown("/home/$onion.onion/$dir", "$onion.onion");
+		chgrp("/home/$onion.onion/$dir", 'www-data');
+	}
 
 //configuration for services
 
@@ -92,10 +103,9 @@ php_admin_value[session.save_path] = /home/$onion.onion/tmp
 		file_put_contents("/etc/php/7.2/fpm/pool.d/$firstchar/$onion.conf", $php);
 	}
 	//save hidden service
-	mkdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion");
+	mkdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion", 0700);
 	file_put_contents("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/hostname", "$onion.onion\n");
 	file_put_contents("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/private_key", $priv_key);
-	chmod("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/", 0700);
 	chmod("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/hostname", 0600);
 	chmod("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/private_key", 0600);
 	chown("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/", "_tor-$firstchar");