mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-13 10:07:42 -07:00
395c471021
More stricter permissions, the current setup allows any user on the system to read other users web files as long as they know the path, the only users which should be allow to access $HOMEDIR/$user/web is owner of sites and nginx user to be able to serve static files. I also locked down access $HOMEDIR/$user/tmp to the user, its gets used in the hosting template for tmp files, i don't see why another user would need access to it as apache runs as the user.
215 lines
5.3 KiB
Bash
Executable file
215 lines
5.3 KiB
Bash
Executable file
#!/bin/bash
|
|
# info: add system user
|
|
# options: USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME]
|
|
#
|
|
# The function creates new user account.
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Variable&Function #
|
|
#----------------------------------------------------------#
|
|
|
|
# Argument definition
|
|
user=$1
|
|
password=$2; HIDE=2
|
|
email=$3
|
|
package=${4-default}
|
|
fname=$5
|
|
lname=$6
|
|
|
|
# Includes
|
|
source $VESTA/func/main.sh
|
|
source $VESTA/conf/vesta.conf
|
|
|
|
is_user_free() {
|
|
check_sysuser=$(cut -f 1 -d : /etc/passwd | grep -w "$user" )
|
|
if [ ! -z "$check_sysuser" ] || [ -e "$USER_DATA" ]; then
|
|
echo "Error: user $user exists"
|
|
log_event "$E_EXISTS" "$EVENT"
|
|
exit $E_EXISTS
|
|
fi
|
|
}
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
check_args '3' "$#" 'USER PASSWORD EMAIL [PACKAGE] [FNAME] [LNAME]'
|
|
validate_format 'user' 'email' 'package'
|
|
if [ ! -z "$fname" ]; then
|
|
validate_format 'fname' 'lname'
|
|
fi
|
|
is_user_free "$user"
|
|
is_password_valid
|
|
is_package_valid
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
# Parsing package data
|
|
pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |grep -v DATE)
|
|
|
|
# Checking shell
|
|
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
|
|
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
|
|
|
|
# Adding user
|
|
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user"
|
|
check_result $? "user creation failed" $E_INVALID
|
|
|
|
# Adding password
|
|
echo "$user:$password" | /usr/sbin/chpasswd
|
|
|
|
# Building directory tree
|
|
mkdir $HOMEDIR/$user/conf
|
|
|
|
if [ ! -z "$WEB_SYSTEM" ]; then
|
|
nginxuser=$(ps -eo user,comm|grep nginx|uniq|grep -v "root"|awk '{ print $1}')
|
|
mkdir $HOMEDIR/$user/conf/web $HOMEDIR/$user/web $HOMEDIR/$user/tmp
|
|
chmod 751 $HOMEDIR/$user/conf/web
|
|
chmod 710 $HOMEDIR/$user/web
|
|
chmod 700 $HOMEDIR/$user/tmp
|
|
chown $user:$nginxuser $HOMEDIR/$user/web
|
|
chown $user:$user $HOMEDIR/$user/tmp
|
|
fi
|
|
|
|
if [ ! -z "$MAIL_SYSTEM" ]; then
|
|
mkdir $HOMEDIR/$user/conf/mail $HOMEDIR/$user/mail
|
|
chmod 751 $HOMEDIR/$user/mail $HOMEDIR/$user/conf/mail
|
|
fi
|
|
|
|
if [ ! -z "$DNS_SYSTEM" ]; then
|
|
mkdir $HOMEDIR/$user/conf/dns
|
|
chmod 751 $HOMEDIR/$user/conf/dns
|
|
fi
|
|
|
|
# Set permissions
|
|
chmod a+x $HOMEDIR/$user
|
|
chattr +i $HOMEDIR/$user/conf
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Vesta #
|
|
#----------------------------------------------------------#
|
|
|
|
# Adding user dir
|
|
mkdir -p $USER_DATA/ssl $USER_DATA/dns $USER_DATA/mail
|
|
|
|
# Creating configuration files and pipes
|
|
touch $USER_DATA/backup.conf \
|
|
$USER_DATA/history.log \
|
|
$USER_DATA/stats.log \
|
|
$USER_DATA/web.conf \
|
|
$USER_DATA/dns.conf \
|
|
$USER_DATA/mail.conf \
|
|
$USER_DATA/db.conf \
|
|
$USER_DATA/cron.conf
|
|
|
|
chmod 770 $USER_DATA \
|
|
$USER_DATA/ssl \
|
|
$USER_DATA/dns \
|
|
$USER_DATA/mail
|
|
|
|
chmod 660 $USER_DATA/backup.conf \
|
|
$USER_DATA/history.log \
|
|
$USER_DATA/stats.log \
|
|
$USER_DATA/web.conf \
|
|
$USER_DATA/dns.conf \
|
|
$USER_DATA/mail.conf \
|
|
$USER_DATA/db.conf \
|
|
$USER_DATA/cron.conf
|
|
|
|
# Updating queue pipes
|
|
echo "$BIN/v-update-user-disk $user" >> $VESTA/data/queue/disk.pipe
|
|
if [ ! -z "$WEB_SYSTEM" ]; then
|
|
echo "$BIN/v-update-web-domains-traff $user" \
|
|
>> $VESTA/data/queue/traffic.pipe
|
|
echo "$BIN/v-update-web-domains-disk $user" >> $VESTA/data/queue/disk.pipe
|
|
fi
|
|
if [ ! -z "$MAIL_SYSTEM" ]; then
|
|
echo "$BIN/v-update-mail-domains-disk $user" >> $VESTA/data/queue/disk.pipe
|
|
fi
|
|
|
|
if [ ! -z "$DB_SYSTEM" ]; then
|
|
echo "$BIN/v-update-databases-disk $user" >> $VESTA/data/queue/disk.pipe
|
|
fi
|
|
|
|
|
|
# Filling user config
|
|
if [ "$user" != 'admin' ]; then
|
|
ip_avail=$($BIN/v-list-user-ips admin plain |grep -w shared|wc -l)
|
|
u_users=0
|
|
else
|
|
ip_avail=0
|
|
u_users=1
|
|
fi
|
|
|
|
echo "FNAME='$fname'
|
|
LNAME='$lname'
|
|
PACKAGE='$package'
|
|
$pkg_data
|
|
CONTACT='$email'
|
|
CRON_REPORTS='yes'
|
|
MD5='$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)'
|
|
RKEY='$(gen_password)'
|
|
SUSPENDED='no'
|
|
SUSPENDED_USERS='0'
|
|
SUSPENDED_WEB='0'
|
|
SUSPENDED_DNS='0'
|
|
SUSPENDED_MAIL='0'
|
|
SUSPENDED_DB='0'
|
|
SUSPENDED_CRON='0'
|
|
IP_AVAIL='$ip_avail'
|
|
IP_OWNED='0'
|
|
U_USERS='$u_users'
|
|
U_DISK='0'
|
|
U_DISK_DIRS='0'
|
|
U_DISK_WEB='0'
|
|
U_DISK_MAIL='0'
|
|
U_DISK_DB='0'
|
|
U_BANDWIDTH='0'
|
|
U_WEB_DOMAINS='0'
|
|
U_WEB_SSL='0'
|
|
U_WEB_ALIASES='0'
|
|
U_DNS_DOMAINS='0'
|
|
U_DNS_RECORDS='0'
|
|
U_MAIL_DOMAINS='0'
|
|
U_MAIL_DKIM='0'
|
|
U_MAIL_ACCOUNTS='0'
|
|
U_DATABASES='0'
|
|
U_CRON_JOBS='0'
|
|
U_BACKUPS='0'
|
|
LANGUAGE=''
|
|
NOTIFICATIONS='no'
|
|
TIME='$TIME'
|
|
DATE='$DATE'" > $USER_DATA/user.conf
|
|
chmod 660 $USER_DATA/user.conf
|
|
|
|
# Updating quota
|
|
if [ "$DISK_QUOTA" = 'yes' ]; then
|
|
$BIN/v-update-user-quota "$user"
|
|
fi
|
|
|
|
# Updating admin counter
|
|
if [ "$user" != 'admin' ]; then
|
|
increase_user_value 'admin' '$U_USERS'
|
|
fi
|
|
|
|
# Run template trigger
|
|
if [ -x "$VESTA/data/packages/$package.sh" ]; then
|
|
$VESTA/data/packages/$package.sh "$user" "$email" "$fname" "$lname"
|
|
fi
|
|
|
|
# Adding jailed sftp env
|
|
if [ ! -z "$SFTPJAIL_KEY" ]; then
|
|
$BIN/v-add-user-sftp-jail $user
|
|
fi
|
|
|
|
# Logging
|
|
log_history "added system user $user" '' 'admin'
|
|
log_event "$OK" "$EVENT"
|
|
|
|
exit
|