From fc244d31828199383244d2b791a330d0e93eb07e Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Thu, 23 Jan 2020 21:49:36 +0100 Subject: [PATCH] Move chroot creation/updating to new setup_chroot() function --- var/www/common.php | 30 ++++++++++++++++++++++++++++++ var/www/cron.php | 19 +------------------ var/www/setup.php | 3 +-- 3 files changed, 32 insertions(+), 20 deletions(-) diff --git a/var/www/common.php b/var/www/common.php index 900c80f..17ba2b3 100644 --- a/var/www/common.php +++ b/var/www/common.php @@ -914,3 +914,33 @@ function bytes_to_human_readable(int $bytes) : string { return $bytes . $suffix[0]; } } + +function setup_chroot($system_account){ + $shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin'; + $user = posix_getpwnam($system_account); + $passwd_line = "$user[name]:$user[passwd]:$user[uid]:$user[gid]:$user[gecos]:/:$user[shell]"; + exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account")); + file_put_contents("/home/$system_account/etc/passwd", $passwd_line, FILE_APPEND); + foreach(['.cache', '.composer', '.config', '.gnupg', '.local', '.ssh', 'data', 'Maildir'] as $dir){ + if(!is_dir("/home/$system_account/$dir")){ + mkdir("/home/$system_account/$dir", 0700); + } + chown("/home/$system_account/$dir", $system_account); + chgrp("/home/$system_account/$dir", 'www-data'); + } + foreach(['logs'] as $dir){ + if(!is_dir("/home/$system_account/$dir")){ + mkdir("/home/$system_account/$dir", 0550); + } + chown("/home/$system_account/$dir", $system_account); + chgrp("/home/$system_account/$dir", 'www-data'); + } + foreach(['.bash_history', '.bashrc', '.gitconfig', '.profile'] as $file){ + if(!file_exists("/home/$system_account/$file")){ + touch("/home/$system_account/$file"); + } + chmod("/home/$system_account/$file", 0600); + chown("/home/$system_account/$file", $system_account); + chgrp("/home/$system_account/$file", 'www-data'); + } +} diff --git a/var/www/cron.php b/var/www/cron.php index da2d112..a5127ba 100644 --- a/var/www/cron.php +++ b/var/www/cron.php @@ -22,24 +22,7 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){ //add and manage rights of system user $shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin'; exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($system_account)); - exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account")); - exec('grep ' . escapeshellarg($system_account) . ' /etc/passwd >> ' . escapeshellarg("/home/$system_account/etc/passwd")); - foreach(['.cache', '.composer', '.config', '.gnupg', '.local', '.ssh', 'data', 'Maildir'] as $dir){ - mkdir("/home/$system_account/$dir", 0700); - chown("/home/$system_account/$dir", $system_account); - chgrp("/home/$system_account/$dir", 'www-data'); - } - foreach(['logs'] as $dir){ - mkdir("/home/$system_account/$dir", 0550); - chown("/home/$system_account/$dir", $system_account); - chgrp("/home/$system_account/$dir", 'www-data'); - } - foreach(['.bash_history', '.bashrc', '.gitconfig', '.profile'] as $file){ - touch("/home/$system_account/$file"); - chmod("/home/$system_account/$file", 0600); - chown("/home/$system_account/$file", $system_account); - chgrp("/home/$system_account/$file", 'www-data'); - } + setup_chroot($system_account); //remove from to-add queue $del->execute([$id[5]]); } diff --git a/var/www/setup.php b/var/www/setup.php index 9a4629a..cbab883 100644 --- a/var/www/setup.php +++ b/var/www/setup.php @@ -295,8 +295,7 @@ if(!SKIP_USER_CHROOT_UPDATE){ while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){ echo "Updating chroot for user $tmp[system_account]…\n"; exec('usermod -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($tmp['system_account'])); - exec('/var/www/setup_chroot.sh ' . escapeshellarg('/home/'.$tmp['system_account'])); - exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd")); + setup_chroot($tmp['system_account']); } } if(!file_exists("/etc/nginx/sites-enabled/")){