Commit 857ca204 authored by Paul Cammish's avatar Paul Cammish
Browse files

Qualiity of life improvements.

Fixes #300, #294, #299, #298 and #295
parent 7f79153d
...@@ -3,7 +3,13 @@ CHANGELOG ...@@ -3,7 +3,13 @@ CHANGELOG
2020-09-09 2020-09-09
sympl-web sympl-web
* Fixes incorrect filename for log files (#296) * Fixes incorrect filename for log files (#296)
* Adds support for optional Apache configs in config/apache.d/*.conf (#300)
* Added php-zip package to recommends (#294)
sympl-core
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
* sympl-filesystem-security: correctly read the group id (#298)
* sympl-cli: fix permissions on newly created domains (#295)
2020-05-12 2020-05-12
sympl-core sympl-core
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# #
# Sympl command line interface. # Sympl command line interface.
# #
# Copyright 2019, Paul Cammish <sympl@kelduum.net>, part of the Sympl Project. # Copyright 2019-2020 the Sympl Project - https://sympl.host
# #
# Licenced under GPL3+ # Licenced under GPL3+
# #
...@@ -215,6 +215,10 @@ _web_create() { ...@@ -215,6 +215,10 @@ _web_create() {
fi fi
_verbose "Creating Website for $1 at /srv/$1/public/htdocs..." _verbose "Creating Website for $1 at /srv/$1/public/htdocs..."
if [ ! -d "/srv/$1" ]; then
mkdir -p "/srv/$1"
chown -R sympl:sympl "/srv/$1" > /dev/null 2>&1
fi
mkdir -p "/srv/$1/public/htdocs" mkdir -p "/srv/$1/public/htdocs"
chmod -R 2775 "/srv/$1/public" > /dev/null 2>&1 chmod -R 2775 "/srv/$1/public" > /dev/null 2>&1
chown -R www-data:www-data "/srv/$1/public" > /dev/null 2>&1 chown -R www-data:www-data "/srv/$1/public" > /dev/null 2>&1
...@@ -865,7 +869,6 @@ _ftp_update() { ...@@ -865,7 +869,6 @@ _ftp_update() {
# Backup # # Backup #
############################################################################## ##############################################################################
_backup_none() { _backup_none() {
_noop _noop
} }
...@@ -985,7 +988,7 @@ _main() { ...@@ -985,7 +988,7 @@ _main() {
enable) _action 'enable' ; shift ;; enable) _action 'enable' ; shift ;;
disable) _action 'disable' ; shift ;; disable) _action 'disable' ; shift ;;
audit|list) _action 'audit' ; shift ;; audit|list) _action 'audit' ; shift ;;
reset) _action 'reset' ; shift ;; reset) _action 'reset' ; shift ;;
update|upgrade) _action 'update' ; shift ;; update|upgrade) _action 'update' ; shift ;;
set) _action 'set' "$2" "$3" ; shift ; shift ; shift ;; set) _action 'set' "$2" "$3" ; shift ; shift ; shift ;;
*) # unhandled parameter *) # unhandled parameter
...@@ -1015,7 +1018,7 @@ _main() { ...@@ -1015,7 +1018,7 @@ _main() {
_error "Unexpected input: '$UNHANDLED', run 'sympl' for help." _error "Unexpected input: '$UNHANDLED', run 'sympl' for help."
fi fi
_${FUNCTION}_${ACTION} $TARGET $OPTION $SETTING _${FUNCTION}_${ACTION} $TARGET $OPTION $SETTING
} }
......
sympl-core (9.200909.0) stable; urgency=medium
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
* sympl-filesystem-security: correctly read the group id (#298)
* sympl-cli: fix permissions on newly created domains (#295)
-- Paul Cammish <sympl@kelduum.net> Wed, 09 Sep 2020 12:22:09 +0100
sympl-core (9.0.200512.0) stable; urgency=low sympl-core (9.0.200512.0) stable; urgency=low
* Added functionality to the sympl cli for FTP user management * Added functionality to the sympl cli for FTP user management
......
...@@ -47,8 +47,8 @@ function secure_domain_dir() ...@@ -47,8 +47,8 @@ function secure_domain_dir()
if [ -f "${domain}/config/public-group" ]; then if [ -f "${domain}/config/public-group" ]; then
public_gid="$( cat "${domain}/config/public-group" | sed 's|#.*||' | head -n 1 | grep . )" public_gid="$( cat "${domain}/config/public-group" | sed 's|#.*||' | head -n 1 | grep . )"
if id -g $gid > /dev/null 2&>1 ; then if getent group $public_gid > /dev/null 2>&1 ; then
public_gid="$( id -g $public_gid )" public_gid="$( getent group $public_gid | cut -d ':' -f 3 )"
else else
public_gid=33 public_gid=33
fi fi
...@@ -57,19 +57,19 @@ function secure_domain_dir() ...@@ -57,19 +57,19 @@ function secure_domain_dir()
fi fi
# Add sympl use to the public group if it's >= 1000 and not already in it # Add sympl to the public group if it's >= 1000 and not already in it
if [ "$public_gid" -ge "1000" ] && [ "$(id -Gn sympl | tr ' ' '\n' | grep -c "^$( id -gn $public_gid )$" )" == "0" ]; then if [ "$public_gid" -ge "1000" ] && [ "$(id -Gn sympl | tr ' ' '\n' | grep -c "^$( getent group $public_gid | cut -d ':' -f 1 )$" )" == "0" ]; then
# sympl is not in the $public_gid group, adding # sympl is not in the $public_gid group, adding
usermod -a -G $public_gid sympl usermod -a -G $public_gid sympl
fi fi
# Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp # Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp
# but exclude changing any permissions inside public/cgi-bin
find "${domain}/public" \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \; find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \) find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
if [ -d "${domain}/php_sessions" ]; then if [ -d "${domain}/php_sessions" ]; then
......
...@@ -3,8 +3,13 @@ ...@@ -3,8 +3,13 @@
# This file is automatically generated from the template located at # This file is automatically generated from the template located at
# /etc/sympl/apache.d/non_ssl.template.erb. # /etc/sympl/apache.d/non_ssl.template.erb.
# #
# Feel free to make changes to this file, however this file # Any extra Apache configurations can be added as .conf files in
# will NOT be updated automatically when the template changes. # /srv/<% domain %>/config/apache.d/
# which will be read after the base configuration has been read.
# Warning: Ensure these are valid, as you may break Apache!
#
# Alternatively, feel free to make changes to this file, however this
# file will NOT be updated automatically when the template changes.
## ##
### ###
...@@ -90,6 +95,11 @@ ...@@ -90,6 +95,11 @@
ErrorLog "<%= domain.log_dir %>/error.log" ErrorLog "<%= domain.log_dir %>/error.log"
CustomLog "<%= domain.log_dir %>/access.log" combined CustomLog "<%= domain.log_dir %>/access.log" combined
# Read the directory /srv/<% domain %>/config/apache.d for any other Apache
# configuration files.
IncludeOptional /srv/<% domain %>/config/apache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost> </VirtualHost>
# Vim Defaults: //vim: ts=2:tw=78: et: # Vim Defaults: //vim: ts=2:tw=78: et:
......
...@@ -3,8 +3,13 @@ ...@@ -3,8 +3,13 @@
# This file is automatically generated from the template located at # This file is automatically generated from the template located at
# /etc/sympl/apache.d/ssl.template.erb. # /etc/sympl/apache.d/ssl.template.erb.
# #
# Feel free to make changes to this file, however this file # Any extra Apache configurations can be added as .conf files in
# will NOT be updated automatically when the template changes. # /srv/<% domain %>/config/apache.d/
# which will be read after the base configuration has been read.
# Warning: Ensure these are valid, as you may break Apache!
#
# Alternatively, feel free to make changes to this file, however this
# file will NOT be updated automatically when the template changes.
## ##
### ###
...@@ -115,6 +120,11 @@ ...@@ -115,6 +120,11 @@
ErrorLog "<%= domain.log_dir %>/ssl_error.log" ErrorLog "<%= domain.log_dir %>/ssl_error.log"
CustomLog "<%= domain.log_dir %>/ssl_access.log" combined CustomLog "<%= domain.log_dir %>/ssl_access.log" combined
# Read the directory /srv/<% domain %>/config/apache.d for any other Apache
# configuration files.
IncludeOptional /srv/<% domain %>/config/apache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost> </VirtualHost>
...@@ -213,7 +223,12 @@ ...@@ -213,7 +223,12 @@
# Write logs directly. # Write logs directly.
ErrorLog "<%= domain.log_dir %>/error.log" ErrorLog "<%= domain.log_dir %>/error.log"
CustomLog "<%= domain.log_dir %>/access.log" combined CustomLog "<%= domain.log_dir %>/access.log" combined
# Read the directory /srv/<% domain %>/config/apache.d for any other Apache
# configuration files.
IncludeOptional /srv/<% domain %>/config/apache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost> </VirtualHost>
# Vim Defaults: //vim: ts=2:tw=78: et: # Vim Defaults: //vim: ts=2:tw=78: et:
......
sympl-web (9.0.200909.1) stable; urgency=medium
* Adds support for optional Apache configs in config/apache.d/*.conf (#300)
* Added php-zip package to recommends (#294)
-- Paul Cammish <sympl@kelduum.net> Wed, 09 Sep 2020 12:57:04 +0100
sympl-web (9.0.200909.0) stable; urgency=medium sympl-web (9.0.200909.0) stable; urgency=medium
* Fixes incorrect filename for log files (#296) * Fixes incorrect filename for log files (#296)
......
...@@ -10,7 +10,7 @@ XS-Ruby-Versions: all ...@@ -10,7 +10,7 @@ XS-Ruby-Versions: all
Package: sympl-web Package: sympl-web
Architecture: any Architecture: any
Depends: apache2, libapache2-mod-php7.0, webalizer, ${misc:Depends}, sympl-core (>= 9.0.190611.0), ruby | ruby-interpreter Depends: apache2, libapache2-mod-php7.0, webalizer, ${misc:Depends}, sympl-core (>= 9.0.190611.0), ruby | ruby-interpreter
Recommends: php7.0-mysql | php7.0-mysqli | php7.0-mysqlnd, php7.0-curl, php7.0-imagick, php7.0-mcrypt, php7.0-xmlrpc, php7.0-gd, geoip-database Recommends: php7.0-mysql | php7.0-mysqli | php7.0-mysqlnd, php7.0-curl, php7.0-imagick, php7.0-mcrypt, php7.0-xmlrpc, php7.0-gd, php7.0-zip, geoip-database
Replaces: symbiosis-httpd Replaces: symbiosis-httpd
Conflicts: symbiosis-httpd Conflicts: symbiosis-httpd
Provides: symbiosis-httpd Provides: symbiosis-httpd
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment