Move chroot creation/updating to new setup_chroot() function
This commit is contained in:
Daniel Winzen
@ -914,3 +914,33 @@ function bytes_to_human_readable(int $bytes) : string {
|
||||
return $bytes . $suffix[0];
|
||||
}
|
||||
}
|
||||
|
||||
function setup_chroot($system_account){
|
||||
$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
|
||||
$user = posix_getpwnam($system_account);
|
||||
$passwd_line = "$user[name]:$user[passwd]:$user[uid]:$user[gid]:$user[gecos]:/:$user[shell]";
|
||||
exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account"));
|
||||
file_put_contents("/home/$system_account/etc/passwd", $passwd_line, FILE_APPEND);
|
||||
foreach(['.cache', '.composer', '.config', '.gnupg', '.local', '.ssh', 'data', 'Maildir'] as $dir){
|
||||
if(!is_dir("/home/$system_account/$dir")){
|
||||
mkdir("/home/$system_account/$dir", 0700);
|
||||
}
|
||||
chown("/home/$system_account/$dir", $system_account);
|
||||
chgrp("/home/$system_account/$dir", 'www-data');
|
||||
}
|
||||
foreach(['logs'] as $dir){
|
||||
if(!is_dir("/home/$system_account/$dir")){
|
||||
mkdir("/home/$system_account/$dir", 0550);
|
||||
}
|
||||
chown("/home/$system_account/$dir", $system_account);
|
||||
chgrp("/home/$system_account/$dir", 'www-data');
|
||||
}
|
||||
foreach(['.bash_history', '.bashrc', '.gitconfig', '.profile'] as $file){
|
||||
if(!file_exists("/home/$system_account/$file")){
|
||||
touch("/home/$system_account/$file");
|
||||
}
|
||||
chmod("/home/$system_account/$file", 0600);
|
||||
chown("/home/$system_account/$file", $system_account);
|
||||
chgrp("/home/$system_account/$file", 'www-data');
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,24 +22,7 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
//add and manage rights of system user
|
||||
$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
|
||||
exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($system_account));
|
||||
exec('/var/www/setup_chroot.sh ' . escapeshellarg("/home/$system_account"));
|
||||
exec('grep ' . escapeshellarg($system_account) . ' /etc/passwd >> ' . escapeshellarg("/home/$system_account/etc/passwd"));
|
||||
foreach(['.cache', '.composer', '.config', '.gnupg', '.local', '.ssh', 'data', 'Maildir'] as $dir){
|
||||
mkdir("/home/$system_account/$dir", 0700);
|
||||
chown("/home/$system_account/$dir", $system_account);
|
||||
chgrp("/home/$system_account/$dir", 'www-data');
|
||||
}
|
||||
foreach(['logs'] as $dir){
|
||||
mkdir("/home/$system_account/$dir", 0550);
|
||||
chown("/home/$system_account/$dir", $system_account);
|
||||
chgrp("/home/$system_account/$dir", 'www-data');
|
||||
}
|
||||
foreach(['.bash_history', '.bashrc', '.gitconfig', '.profile'] as $file){
|
||||
touch("/home/$system_account/$file");
|
||||
chmod("/home/$system_account/$file", 0600);
|
||||
chown("/home/$system_account/$file", $system_account);
|
||||
chgrp("/home/$system_account/$file", 'www-data');
|
||||
}
|
||||
setup_chroot($system_account);
|
||||
//remove from to-add queue
|
||||
$del->execute([$id[5]]);
|
||||
}
|
||||
|
||||
@ -295,8 +295,7 @@ if(!SKIP_USER_CHROOT_UPDATE){
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
|
||||
echo "Updating chroot for user $tmp[system_account]…\n";
|
||||
exec('usermod -s ' . escapeshellarg($shell) . ' ' . escapeshellarg($tmp['system_account']));
|
||||
exec('/var/www/setup_chroot.sh ' . escapeshellarg('/home/'.$tmp['system_account']));
|
||||
exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd"));
|
||||
setup_chroot($tmp['system_account']);
|
||||
}
|
||||
}
|
||||
if(!file_exists("/etc/nginx/sites-enabled/")){
|
||||
|
||||
Reference in New Issue
Block a user