diff --git a/debian/alternc.preinst b/debian/alternc.preinst index e9381271..5cdd8946 100644 --- a/debian/alternc.preinst +++ b/debian/alternc.preinst @@ -4,6 +4,11 @@ set -e . /usr/share/debconf/confmodule +# Create AlternC Panel user for web server +addgroup --system --gid 1999 alterncpanel +adduser --system --home "$ALTERNC_LOC/bureau" --no-create-home \ + --disabled-password --uid 1999 --ingroup alterncpanel alterncpanel + case "$1" in install) ;; diff --git a/debian/control b/debian/control index e8a6bf57..d9b484cb 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Standards-Version: 3.8.0 Package: alternc Architecture: all Pre-depends: debconf (>= 0.5.00) | debconf-2.0 -Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, squirrelmail, squirrelmail-locales, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, fam, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, dnsutils, bash +Depends: debianutils (>= 1.13.1), apache2-mpm-itk, libapache2-mod-php5, courier-ssl, courier-imap-ssl, courier-pop-ssl, php5-mysql, phpmyadmin, postfix, proftpd-mod-mysql, proftpd-basic, squirrelmail, squirrelmail-locales, postfix-tls, bind9, wget, rsync, quota, courier-authmysql | courier-authlib-mysql, ca-certificates, locales, perl-suid, perl, postfix-mysql, wwwconfig-common, sasl2-bin, fam, libsasl2-modules, php5-cli, lockfile-progs (>= 0.1.9), gettext (>= 0.10.40-5), pdksh (>= 5.2.14-6), adduser, mysql-client, dnsutils, bash, acl Recommends: apache2, mysql-server Conflicts: alternc-admintools, alternc-awstats (<= 0.3.2), alternc-webalizer (<= 0.9.4) Provides: alternc-admintools diff --git a/etc/alternc/templates/alternc/bureau.conf b/etc/alternc/templates/alternc/bureau.conf index a9f7fe46..aeb5cb61 100644 --- a/etc/alternc/templates/alternc/bureau.conf +++ b/etc/alternc/templates/alternc/bureau.conf @@ -1,5 +1,5 @@ - AssignUserId www-data www-data + AssignUserId alterncpanel alterncpanel DocumentRoot /var/alternc/bureau/admin ServerName %%fqdn%% diff --git a/etc/alternc/templates/apache2/panel.conf b/etc/alternc/templates/apache2/panel.conf index be308957..48da3c7f 100644 --- a/etc/alternc/templates/apache2/panel.conf +++ b/etc/alternc/templates/apache2/panel.conf @@ -1,6 +1,6 @@ DocumentRoot /var/alternc/bureau/admin - AssignUserId www-data www-data + AssignUserId alterncpanel alterncpanel ServerName %%fqdn%% RewriteEngine on RewriteRule ^/admin/(.*) /$1 diff --git a/etc/alternc/templates/proftpd/proftpd.conf b/etc/alternc/templates/proftpd/proftpd.conf index e8a96933..6ad65feb 100644 --- a/etc/alternc/templates/proftpd/proftpd.conf +++ b/etc/alternc/templates/proftpd/proftpd.conf @@ -68,7 +68,7 @@ AccessGrantMsg "Welcome on AlternC, %u" # database@host:port login password SQLConnectInfo %%dbname%%@%%dbhost%%:3306 %%dbuser%% %%dbpwd%% # Table : -SQLUserInfo ftpusers name encrypted_password 33 uid homedir NULL +SQLUserInfo ftpusers name encrypted_password uid uid homedir NULL # Use mysql PASSWORD function SQLAuthTypes Crypt diff --git a/install/alternc.install b/install/alternc.install index 62d8b942..36764bd1 100644 --- a/install/alternc.install +++ b/install/alternc.install @@ -105,7 +105,7 @@ if [ -r /etc/alternc/my.cnf ]; then # * convert mysql variables into our MYSQL_ naming convention (;s) # * print the result (;p) eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf` - chown root:www-data /etc/alternc/my.cnf + chown root:alterncpanel /etc/alternc/my.cnf chmod 640 /etc/alternc/my.cnf fi @@ -201,11 +201,11 @@ if [ -x /usr/sbin/apache2 ]; then fi if ! [ -L /etc/apache2/mods-enabled/$php.load ] then - a2enmod $php + a2enmod $php fi if ! [ -L /etc/apache2/mods-enabled/rewrite.load ] then - a2enmod rewrite + a2enmod rewrite fi if [ -e /etc/alternc/apache.pem ]; then # We enable proftpd tls module @@ -320,6 +320,16 @@ done # Last touches # +# Changing owner of web panel's files +chown -R alterncpanel:alterncpanel "$ALTERNC_LOC/bureau" + +# Set correct rights on files +echo "/!\ Warning /!\ Defaults ACL will be applied" +echo "If error, please remount $ALTERNC_LOC with ACL" +echo "and re-run /usr/lib/alternc/fixperms.sh " +echo "" +read +/usr/lib/alternc/fixperms.sh # Creating admin user if needed HAS_ROOT=`mysql --defaults-file=/etc/alternc/my.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" | tail -1` diff --git a/src/fixperms.sh b/src/fixperms.sh index 7d0a70bf..10ccbe3a 100755 --- a/src/fixperms.sh +++ b/src/fixperms.sh @@ -49,17 +49,25 @@ fi doone() { read GID LOGIN - while [ "$LOGIN" ] - do + while [ "$LOGIN" ] ; do if [ "$DEBUG" ]; then - echo "Setting rights and ownership for user $LOGIN having gid $GID" + echo "Setting rights and ownership for user $LOGIN having gid $GID" fi INITIALE=`echo $LOGIN |cut -c1` REP="$ALTERNC_LOC/html/$INITIALE/$LOGIN" - find $REP -type d -exec chmod g+s \{\} \; - chown -R 33.$GID $REP - read GID LOGIN + # Set the file readable only for the AlternC User + chown -R $GID:$GID "$REP" + chmod 2770 -R "$REP" + + # Delete existings ACL + find $REP -exec setfacl -bk '{}' \; + # Set the defaults acl on directory + find $REP -type d -exec setfacl -m d:g:alterncpanel:rw- '{}' \; + # Set the acl on all the files + find $REP -exec setfacl -m g:alterncpanel:rw- '{}' \; + + read GID LOGIN done }