Commit e1f095b8 authored by Paul Cammish's avatar Paul Cammish
Browse files

Merge branch 'stretch_qol_20200909' into 'stretch-testing'

Quality of life improvements (stretch)

See merge request !206
parents 7f79153d d260b201
......@@ -3,7 +3,13 @@ CHANGELOG
2020-09-09
sympl-web
* Fixes incorrect filename for log files (#296)
* Fixes incorrect filename for log files (#296)
* Adds support for optional Apache configs in config/apache.d/*.conf (#300)
* Added php-zip package to recommends (#294)
sympl-core
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
* sympl-filesystem-security: correctly read the group id (#298)
* sympl-cli: fix permissions on newly created domains (#295)
2020-05-12
sympl-core
......
......@@ -2,7 +2,7 @@
#
# Sympl command line interface.
#
# Copyright 2019, Paul Cammish <sympl@kelduum.net>, part of the Sympl Project.
# Copyright 2019-2020 the Sympl Project - https://sympl.host
#
# Licenced under GPL3+
#
......@@ -215,6 +215,10 @@ _web_create() {
fi
_verbose "Creating Website for $1 at /srv/$1/public/htdocs..."
if [ ! -d "/srv/$1" ]; then
mkdir -p "/srv/$1"
chown -R sympl:sympl "/srv/$1" > /dev/null 2>&1
fi
mkdir -p "/srv/$1/public/htdocs"
chmod -R 2775 "/srv/$1/public" > /dev/null 2>&1
chown -R www-data:www-data "/srv/$1/public" > /dev/null 2>&1
......@@ -865,7 +869,6 @@ _ftp_update() {
# Backup #
##############################################################################
_backup_none() {
_noop
}
......@@ -985,7 +988,7 @@ _main() {
enable) _action 'enable' ; shift ;;
disable) _action 'disable' ; shift ;;
audit|list) _action 'audit' ; shift ;;
reset) _action 'reset' ; shift ;;
reset) _action 'reset' ; shift ;;
update|upgrade) _action 'update' ; shift ;;
set) _action 'set' "$2" "$3" ; shift ; shift ; shift ;;
*) # unhandled parameter
......@@ -1015,7 +1018,7 @@ _main() {
_error "Unexpected input: '$UNHANDLED', run 'sympl' for help."
fi
_${FUNCTION}_${ACTION} $TARGET $OPTION $SETTING
_${FUNCTION}_${ACTION} $TARGET $OPTION $SETTING
}
......
sympl-core (9.200909.0) stable; urgency=medium
* sympl-filesystem-security: don't overwite permission in public/cgi-bin (#299)
* sympl-filesystem-security: correctly read the group id (#298)
* sympl-cli: fix permissions on newly created domains (#295)
-- Paul Cammish <sympl@kelduum.net> Wed, 09 Sep 2020 12:22:09 +0100
sympl-core (9.0.200512.0) stable; urgency=low
* Added functionality to the sympl cli for FTP user management
......
......@@ -47,8 +47,8 @@ function secure_domain_dir()
if [ -f "${domain}/config/public-group" ]; then
public_gid="$( cat "${domain}/config/public-group" | sed 's|#.*||' | head -n 1 | grep . )"
if id -g $gid > /dev/null 2&>1 ; then
public_gid="$( id -g $public_gid )"
if getent group $public_gid > /dev/null 2>&1 ; then
public_gid="$( getent group $public_gid | cut -d ':' -f 3 )"
else
public_gid=33
fi
......@@ -57,19 +57,19 @@ function secure_domain_dir()
fi
# Add sympl use to the public group if it's >= 1000 and not already in it
# Add sympl to the public group if it's >= 1000 and not already in it
if [ "$public_gid" -ge "1000" ] && [ "$(id -Gn sympl | tr ' ' '\n' | grep -c "^$( id -gn $public_gid )$" )" == "0" ]; then
if [ "$public_gid" -ge "1000" ] && [ "$(id -Gn sympl | tr ' ' '\n' | grep -c "^$( getent group $public_gid | cut -d ':' -f 1 )$" )" == "0" ]; then
# sympl is not in the $public_gid group, adding
usermod -a -G $public_gid sympl
fi
# Enforce permissions for /srv/example.org/public, /php_sessions, /php_tmp
# but exclude changing any permissions inside public/cgi-bin
find "${domain}/public" \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f -o -type d \) \( ! -uid ${public_uid} -o ! -gid ${public_gid} \) $VERBOSE -exec chown ${public_uid}:${public_gid} {} \;
find "${domain}/public" ! -path ${domain}/public/cgi-bin/* \( -type f ! -perm 664 $VERBOSE -exec chmod 664 {} \; -o -type d ! -perm 2775 $VERBOSE -exec chmod 2775 {} \; \)
if [ -d "${domain}/php_sessions" ]; then
......
......@@ -3,8 +3,13 @@
# This file is automatically generated from the template located at
# /etc/sympl/apache.d/non_ssl.template.erb.
#
# Feel free to make changes to this file, however this file
# will NOT be updated automatically when the template changes.
# Any extra Apache configurations can be added as .conf files in
# <%=domain_directory%>/config/apache.d/
# which will be read after the base configuration has been read.
# Warning: Ensure these are valid, as you may break Apache!
#
# Alternatively, feel free to make changes to this file, however this
# file will NOT be updated automatically when the template changes.
##
###
......@@ -90,6 +95,11 @@
ErrorLog "<%= domain.log_dir %>/error.log"
CustomLog "<%= domain.log_dir %>/access.log" combined
# Read the directory <%=domain_directory%>/config/apache.d for any other Apache
# configuration files.
IncludeOptional <%=domain_directory%>/[c]onfig/[a]pache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost>
# Vim Defaults: //vim: ts=2:tw=78: et:
......
......@@ -3,8 +3,13 @@
# This file is automatically generated from the template located at
# /etc/sympl/apache.d/ssl.template.erb.
#
# Feel free to make changes to this file, however this file
# will NOT be updated automatically when the template changes.
# Any extra Apache configurations can be added as .conf files in
# <%=domain_directory%>/config/apache.d/
# which will be read after the base configuration has been read.
# Warning: Ensure these are valid, as you may break Apache!
#
# Alternatively, feel free to make changes to this file, however this
# file will NOT be updated automatically when the template changes.
##
###
......@@ -115,6 +120,11 @@
ErrorLog "<%= domain.log_dir %>/ssl_error.log"
CustomLog "<%= domain.log_dir %>/ssl_access.log" combined
# Read the directory <%=domain_directory%>/config/apache.d for any other Apache
# configuration files.
IncludeOptional <%=domain_directory%>/[c]onfig/[a]pache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost>
......@@ -213,7 +223,12 @@
# Write logs directly.
ErrorLog "<%= domain.log_dir %>/error.log"
CustomLog "<%= domain.log_dir %>/access.log" combined
# Read the directory <%=domain_directory%>/config/apache.d for any other Apache
# configuration files.
IncludeOptional <%=domain_directory%>/[c]onfig/[a]pache.d/*.conf
# Ensure these are valid as they will break Apache if they are incorrect!
</VirtualHost>
# Vim Defaults: //vim: ts=2:tw=78: et:
......
sympl-web (9.0.200909.1) stable; urgency=medium
* Adds support for optional Apache configs in config/apache.d/*.conf (#300)
* Added php-zip package to recommends (#294)
-- Paul Cammish <sympl@kelduum.net> Wed, 09 Sep 2020 12:57:04 +0100
sympl-web (9.0.200909.0) stable; urgency=medium
* Fixes incorrect filename for log files (#296)
......
......@@ -10,7 +10,7 @@ XS-Ruby-Versions: all
Package: sympl-web
Architecture: any
Depends: apache2, libapache2-mod-php7.0, webalizer, ${misc:Depends}, sympl-core (>= 9.0.190611.0), ruby | ruby-interpreter
Recommends: php7.0-mysql | php7.0-mysqli | php7.0-mysqlnd, php7.0-curl, php7.0-imagick, php7.0-mcrypt, php7.0-xmlrpc, php7.0-gd, geoip-database
Recommends: php7.0-mysql | php7.0-mysqli | php7.0-mysqlnd, php7.0-curl, php7.0-imagick, php7.0-mcrypt, php7.0-xmlrpc, php7.0-gd, php7.0-zip, geoip-database
Replaces: symbiosis-httpd
Conflicts: symbiosis-httpd
Provides: symbiosis-httpd
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment