Commit d8ee162c authored by Steven Jones's avatar Steven Jones

Issue #1334950 by marafa: Fixed permissions on...

Issue #1334950 by marafa: Fixed permissions on /var/aegir/config/server_NAME/SERVICE prevents access.
parent 14f9df00
...@@ -52,6 +52,7 @@ class Provision_Service_dns extends Provision_Service { ...@@ -52,6 +52,7 @@ class Provision_Service_dns extends Provision_Service {
if (!is_null($this->application_name)) { if (!is_null($this->application_name)) {
$app_dir = "{$this->server->config_path}/{$this->application_name}"; $app_dir = "{$this->server->config_path}/{$this->application_name}";
$this->server->dns_app_path = $app_dir;
$this->server->dns_zoned_path = "{$app_dir}/zone.d"; $this->server->dns_zoned_path = "{$app_dir}/zone.d";
$this->server->dns_hostd_path = "{$app_dir}/host.d"; $this->server->dns_hostd_path = "{$app_dir}/host.d";
} }
...@@ -104,6 +105,11 @@ class Provision_Service_dns extends Provision_Service { ...@@ -104,6 +105,11 @@ class Provision_Service_dns extends Provision_Service {
provision_file()->create_dir($this->server->dns_data_path, dt("DNS data store"), 0700); provision_file()->create_dir($this->server->dns_data_path, dt("DNS data store"), 0700);
if (!is_null($this->application_name)) { if (!is_null($this->application_name)) {
// Ensure that the base DNS configuration folder is at least permissive
// for users other than the owner, sub folders and files can further
// restrict access normally.
provision_file()->create_dir($this->server->dns_app_path, dt("DNS pre-configuration"), 0711);
provision_file()->create_dir($this->server->dns_zoned_path, dt("DNS zone configuration"), 0755); provision_file()->create_dir($this->server->dns_zoned_path, dt("DNS zone configuration"), 0755);
$this->sync($this->server->dns_zoned_path, array( $this->sync($this->server->dns_zoned_path, array(
'exclude' => $this->server->dns_zoned_path . '/*', // Make sure remote directory is created 'exclude' => $this->server->dns_zoned_path . '/*', // Make sure remote directory is created
......
...@@ -62,6 +62,7 @@ class Provision_Service_http_public extends Provision_Service_http { ...@@ -62,6 +62,7 @@ class Provision_Service_http_public extends Provision_Service_http {
if (!is_null($this->application_name)) { if (!is_null($this->application_name)) {
$app_dir = "{$this->server->config_path}/{$this->application_name}"; $app_dir = "{$this->server->config_path}/{$this->application_name}";
$this->server->http_app_path = $app_dir;
$this->server->http_pred_path = "{$app_dir}/pre.d"; $this->server->http_pred_path = "{$app_dir}/pre.d";
$this->server->http_postd_path = "{$app_dir}/post.d"; $this->server->http_postd_path = "{$app_dir}/post.d";
$this->server->http_platformd_path = "{$app_dir}/platform.d"; $this->server->http_platformd_path = "{$app_dir}/platform.d";
...@@ -82,6 +83,11 @@ class Provision_Service_http_public extends Provision_Service_http { ...@@ -82,6 +83,11 @@ class Provision_Service_http_public extends Provision_Service_http {
function verify_server_cmd() { function verify_server_cmd() {
if (!is_null($this->application_name)) { if (!is_null($this->application_name)) {
// Ensure that the base apache configuration folder is at least permissive
// for users other than the owner, sub folders and files can further
// restrict access normally.
provision_file()->create_dir($this->server->http_app_path, dt("Webserver custom pre-configuration"), 0711);
provision_file()->create_dir($this->server->http_pred_path, dt("Webserver custom pre-configuration"), 0700); provision_file()->create_dir($this->server->http_pred_path, dt("Webserver custom pre-configuration"), 0700);
$this->sync($this->server->http_pred_path); $this->sync($this->server->http_pred_path);
provision_file()->create_dir($this->server->http_postd_path, dt("Webserver custom post-configuration"), 0700); provision_file()->create_dir($this->server->http_postd_path, dt("Webserver custom post-configuration"), 0700);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment