2006-04-26 12:28:53 +00:00
|
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
|
|
# Ceci cr<63><72> un hack php pour chacun des domaines h<>berg<72>s par alternc
|
|
|
|
|
|
# ce hack consiste <20> restreindre chaque usager <20> son propre r<>pertoire
|
|
|
|
|
|
# dans alternc/html/u/user avec open_base_dir
|
|
|
|
|
|
|
|
|
|
|
|
# ce script a les d<>pendances suivantes:
|
|
|
|
|
|
# (mysql, /etc/alternc/local.sh) OR /usr/bin/get_account_by_domain dans
|
|
|
|
|
|
# l'ancien package alternc-admintools d<>sormais dans alternc natif.
|
|
|
|
|
|
# cut, awk, sort
|
|
|
|
|
|
|
|
|
|
|
|
override_d=/var/alternc/apacheconf
|
|
|
|
|
|
override_f=${override_d}/override_php.conf
|
|
|
|
|
|
extra_paths="/var/alternc/dns/redir:/usr/share/php/:/var/alternc/tmp/:/tmp/"
|
|
|
|
|
|
|
|
|
|
|
|
. /etc/alternc/local.sh
|
2007-09-09 18:18:19 +00:00
|
|
|
|
. /usr/lib/alternc/functions.sh
|
|
|
|
|
|
|
2006-04-26 12:28:53 +00:00
|
|
|
|
if [ -z "$MYSQL_HOST" ]
|
|
|
|
|
|
then
|
|
|
|
|
|
MYSQL_HOST="localhost"
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
echo -n "adding open_base_dir protection for:"
|
|
|
|
|
|
# boucle sur tous les domaines h<>berg<72>s, ou sur les arguments de la
|
|
|
|
|
|
# ligne de commande
|
|
|
|
|
|
if [ $# -gt 0 ]; then
|
|
|
|
|
|
for i in "$*"
|
|
|
|
|
|
do
|
|
|
|
|
|
if echo "$i" | grep -q '^\*\.'
|
|
|
|
|
|
then
|
|
|
|
|
|
echo skipping wildcard "$i" >&2
|
|
|
|
|
|
continue
|
|
|
|
|
|
fi
|
|
|
|
|
|
if echo "$i" | grep -q /var/alternc/dns > /dev/null; then
|
|
|
|
|
|
dom="$i"
|
|
|
|
|
|
else
|
|
|
|
|
|
initial_domain=`init_dom_letter "$i"`
|
|
|
|
|
|
dom="/var/alternc/dns/$initial_domain/$i"
|
|
|
|
|
|
fi
|
2007-01-12 23:03:33 +00:00
|
|
|
|
doms="$doms $dom"
|
2006-04-26 12:28:53 +00:00
|
|
|
|
done
|
|
|
|
|
|
else
|
|
|
|
|
|
doms=`find /var/alternc/dns -type l`
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
for i in $doms
|
|
|
|
|
|
do
|
|
|
|
|
|
# don't "protect" squirrelmail, it legitimatly needs to consult
|
|
|
|
|
|
# files out of its own directory
|
|
|
|
|
|
if readlink "$i" | grep -q '^/var/alternc/bureau/admin/webmail/*$' || \
|
|
|
|
|
|
readlink "$i" | grep -q '^/var/alternc/bureau/*$'
|
|
|
|
|
|
then
|
|
|
|
|
|
continue
|
|
|
|
|
|
fi
|
|
|
|
|
|
domain=`basename "$i"`
|
|
|
|
|
|
account=`get_account_by_domain $domain`
|
|
|
|
|
|
if [ -z "$account" ]; then
|
|
|
|
|
|
continue
|
|
|
|
|
|
fi
|
|
|
|
|
|
# la premi<6D>re lettre de l'avant-derni<6E>re partie du domaine (e.g.
|
|
|
|
|
|
# www.alternc.org -> a)
|
|
|
|
|
|
initial_domain=`init_dom_letter "$domain"`
|
|
|
|
|
|
# la premi<6D>re lettre du username
|
|
|
|
|
|
initial_account=`echo "$account" | cut -c1`
|
|
|
|
|
|
path1="/var/alternc/dns/$initial_domain/$domain"
|
|
|
|
|
|
path2="/var/alternc/html/$initial_account/$account"
|
|
|
|
|
|
|
|
|
|
|
|
mkdir -p "$override_d/$initial_domain"
|
|
|
|
|
|
if append_no_dupe "$override_d/$initial_domain/$domain" <<EOF
|
|
|
|
|
|
<Directory ${path1}>
|
|
|
|
|
|
php_admin_value open_basedir ${path2}/:${extra_paths}
|
|
|
|
|
|
</Directory>
|
|
|
|
|
|
EOF
|
|
|
|
|
|
then
|
|
|
|
|
|
true
|
|
|
|
|
|
else
|
|
|
|
|
|
echo -n " $domain"
|
|
|
|
|
|
add_dom_entry "Include $override_d/$initial_domain/$domain"
|
|
|
|
|
|
fi
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
|
|
echo .
|
