Commit 30bdd954 authored by Paul Cammish's avatar Paul Cammish
Browse files

Quality of life improvements and bigfixes.

Fixes #298, #299, #300
parent 5868854e
CHANGELOG
---------
2020-09-09
sympl-web
* Adds support for optional Apache configs in config/apache.d/*.conf (#300)
sympl-core
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
* sympl-filesystem-security: correctly read the group id (#298)
2020-07-06
sympl-web
......
sympl-core (10.0.200909.0) stable; urgency=medium
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
* sympl-filesystem-security: correctly read the group id (#298)
-- Paul Cammish <sympl@kelduum.net> Wed, 09 Sep 2020 12:22:09 +0100
sympl-core (10.0.200512.0) stable; urgency=low
* Added functionality to the sympl cli for FTP user management
......
......@@ -47,8 +47,8 @@ function secure_domain_dir()
if [ -f "${domain}/config/public-group" ]; then
public_gid="$( cat "${domain}/config/public-group" | sed 's|#.*||' | head -n 1 | grep . )"
if id -g $gid > /dev/null 2&>1 ; then
public_gid="$( id -g $public_gid )"
if getent group $public_gid > /dev/null 2>&1 ; then
public_gid="$( getent group $public_gid | cut -d ':' -f 3 )"
else
public_gid=33
fi
......@@ -57,19 +57,19 @@ function secure_domain_dir()
fi
# Add sympl use to the public group if it's >= 1000 and not already in it
# Add sympl to the public group if it's >= 1000 and not already in it
if [ "$public_gid" -ge "1000" ] && [ "$(id -Gn sympl | tr ' ' '\n' | grep -c "^$( id -gn $public_gid )$" )" == "0" ]; then
if [ "$public_gid" -ge "1000" ] && [ "$(id -Gn sympl | tr ' ' '\n' | grep -c "^$( getent group $public_gid | cut -d ':' -f 1 )$" )" == "0" ]; then
# sympl is not in the $public_gid group, adding
usermod -a -G $public_gid sympl
fi
# Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp
# but exclude changing any permissions inside public/cgi-bin
find "${domain}/public" \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
if [ -d "${domain}/php_sessions" ]; then
......
......@@ -3,8 +3,13 @@
# This file is automatically generated from the template located at
# /etc/sympl/apache.d/non_ssl.template.erb.
#
# Feel free to make changes to this file, however this file
# will NOT be updated automatically when the template changes.
# Any extra Apache configurations can be added as .conf files in
# /srv/<% domain %>/config/apache.d/
# which will be read after the base configuration has been read.
# Warning: Ensure these are valid, as you may break Apache!
#
# Alternatively, feel free to make changes to this file, however this
# file will NOT be updated automatically when the template changes.
##
###
......
......@@ -3,8 +3,13 @@
# This file is automatically generated from the template located at
# /etc/sympl/apache.d/ssl.template.erb.
#
# Feel free to make changes to this file, however this file
# will NOT be updated automatically when the template changes.
# Any extra Apache configurations can be added as .conf files in
# /srv/<% domain %>/config/apache.d/
# which will be read after the base configuration has been read.
# Warning: Ensure these are valid, as you may break Apache!
#
# Alternatively, feel free to make changes to this file, however this
# file will NOT be updated automatically when the template changes.
##
###
......@@ -115,8 +120,12 @@
ErrorLog "<%= domain.log_dir %>/ssl_error.log"
CustomLog "<%= domain.log_dir %>/ssl_access.log" combined
</VirtualHost>
# Read the directory /srv/<% domain %>/config/apache.d for any other Apache
# configuration files.
IncludeOptional /srv/<% domain %>/config/apache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost>
<VirtualHost <%= ips.collect{|ip| ip+":80"}.join(" ") %>>
......@@ -213,7 +222,12 @@
# Write logs directly.
ErrorLog "<%= domain.log_dir %>/error.log"
CustomLog "<%= domain.log_dir %>/access.log" combined
# Read the directory /srv/<% domain %>/config/apache.d for any other Apache
# configuration files.
IncludeOptional /srv/<% domain %>/config/apache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost>
# Vim Defaults: //vim: ts=2:tw=78: et:
......
sympl-web (10.0.200909.0) stable; urgency=medium
* Adds support for optional Apache configs in config/apache.d/*.conf (#300)
-- Paul Cammish <sympl@kelduum.net> Wed, 09 Sep 2020 12:57:04 +0100
sympl-web (10.0.200706.0) stable; urgency=medium
* Fixes incorrect filename for log files (#296)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment