beenull/PhyrePanel-mirror
1
0
Fork 0
mirror of https://github.com/PhyreApps/PhyrePanel.git synced 2024-11-25 00:50:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix user home permissions

Browse source
This commit is contained in:
Bozhidar 2024-04-22 16:56:29 +03:00
parent 6fa04fddf5
commit 9fb2f915d3
3 changed files with 16 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
web/app/Actions/CreateLinuxWebUser.php
View file

@ -30,16 +30,16 @@ class CreateLinuxWebUser
$password = $this->password;
$command = 'adduser --disabled-password --gecos "" "'.$username.'"';
$output .= ShellApi::exec($command);
// $command = 'groupadd '.$username;
// $output .= ShellApi::exec($command);
$output .= shell_exec($command);
$command = 'usermod -a -G www-data '.$username;
$output .= ShellApi::exec($command);
$output .= shell_exec($command);
$command = 'echo '.$username.':'.$password.' | chpasswd -e';
$output .= ShellApi::exec($command);
$output .= shell_exec($command);
$command = 'chmod 711 /home/'.$username;
$output .= shell_exec($command);
return $output;
}

8
web/app/Models/Domain.php
View file

@ -108,13 +108,13 @@ class Domain extends Model
}
if (!is_dir($this->domain_root)) {
mkdir($this->domain_root, 0755, true);
mkdir($this->domain_root, 0711, true);
}
if (!is_dir($this->domain_public)) {
mkdir($this->domain_public, 0755, true);
}
if (!is_dir($this->home_root)) {
mkdir($this->home_root, 0755, true);
mkdir($this->home_root, 0711, true);
}
if ($this->is_installed_default_app_template == null) {
@ -174,8 +174,8 @@ class Domain extends Model
shell_exec('chown -R '.$findHostingSubscription->system_username.':'.$webUserGroup.' '.$this->domain_root);
shell_exec('chown -R '.$findHostingSubscription->system_username.':'.$webUserGroup.' '.$this->domain_public);
shell_exec('chmod -R 775 '.$this->home_root);
shell_exec('chmod -R 775 '.$this->domain_root);
shell_exec('chmod -R 0711 '.$this->home_root);
shell_exec('chmod -R 0711 '.$this->domain_root);
shell_exec('chmod -R 775 '.$this->domain_public);
$appType = 'php';

8
web/tests/Unit/SecurityTest.php
View file

@ -80,7 +80,8 @@ class SecurityTest extends ActionTestCase
$userHomeDir = '/home/' . $hostingSubscription['system_username'];
$this->assertDirectoryExists($userHomeDir);
$getUserHomeDirPermission = substr(sprintf('%o', fileperms($userHomeDir)), -4);
$this->assertSame('0775', $getUserHomeDirPermission);
$this->assertSame('0711', $getUserHomeDirPermission);
// 0711 - is the correct permission for /home/$user directory, because it is a home directory and it should be accessible only by the user and root.
// Check domain dir permissions
$domainDir = '/home/' . $hostingSubscription['system_username'] . '/public_html';
@ -117,7 +118,10 @@ class SecurityTest extends ActionTestCase
$this->assertTrue(str_contains($output, 'public_html'));
$this->assertTrue(str_contains($output, $hostingSubscription['system_username']));
// Try to open /home/$user directory with another linux user
$output = shell_exec("sudo -H -u ".$secondHostingSubscription['system_username']." bash -c 'ls -la /home/".$hostingSubscription['system_username']."'");
$this->assertSame($output, null);
}
}