HSAdmin Backend Domains, E-Mail, Datenbanken
Peter Hormanns
2016-03-23 96d55710b3b14c0c89dadaf46f5b01818acadfaf
restrict initial user home access rights
2 files modified
20 ■■■■■ changed files
hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java 2 ●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/user/UnixUserProcessorFactory.java 18 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -215,7 +215,7 @@
        Processor mkDomainDirProzessor = 
            new ShellProcessor( httpdRights + 
                    "chgrp httpd " + homeDir + " && " +
                    "chmod g+rx " + homeDir + " && " +
                    "chmod g+x " + homeDir + " && " +
                    "mkdir --mode=1550 --parents " + domsDir + " && " +
                    "chown httpd:" + pacName + " " + domsDir + " && " +
                    "mkdir --mode=750 --parents " + domainDir + " && " +
hsarback/src/de/hsadmin/mods/user/UnixUserProcessorFactory.java
@@ -27,6 +27,7 @@
                        + user.getUserId() + ":" + user.getPac().getName()
                        + ":" + user.getComment() + ":" + user.getHomedir()
                        + ":" + user.getShell() + "\n"));
        appendSetHomeACLProcessor(aCP, user);
        appendSetQuotaProcessor(aCP, user);
        appendMakeMaildirProcessor(aCP, user);
        return aCP;
@@ -71,6 +72,10 @@
        return null;
    }
    private void appendSetHomeACLProcessor(CompoundProcessor aCP, UnixUser user) {
        aCP.appendProcessor(new ShellProcessor("chmod 700 " + user.getHomedir()));
    }
    private void appendSetQuotaProcessor(CompoundProcessor aCP, UnixUser user) {
        Integer quotaSoft = user.getQuotaSoftlimit();
        if (quotaSoft == null) {
@@ -79,9 +84,8 @@
            quotaSoft = quotaSoft * 1024;
        }
        if (quotaSoft.intValue() == 0) {
            aCP.appendProcessor(new ShellProcessor("setquota -u "
                    + user.getName() + " 0 0 0 0 "
                    + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
            aCP.appendProcessor(new ShellProcessor(
                    "setquota -u " + user.getName() + " 0 0 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
            return;
        }
        Integer quotaHard = user.getQuotaHardlimit();
@@ -89,11 +93,9 @@
            quotaHard = new Integer(0);
        } else {
            quotaHard = quotaHard * 1024;
      }
        aCP.appendProcessor(new ShellProcessor("setquota -u "
                + user.getName() + " " + quotaSoft + " "
                + quotaHard + " 0 0 "
                + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
        }
        aCP.appendProcessor(new ShellProcessor("setquota -u " + user.getName() + " " + quotaSoft + " " + quotaHard
                + " 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
    }
    private void appendMakeMaildirProcessor(CompoundProcessor aCP, UnixUser user) {