From 15ca8d9dd4fbe6df17357a7d6d4160668aa4e0b4 Mon Sep 17 00:00:00 2001
From: Timotheus Pokorra <timotheus.pokorra@solidcharity.com>
Date: Wed, 17 Jan 2024 19:59:42 +0100
Subject: [PATCH] protect phpstub with chattr +i and drop chattr -i for
 deleting domain

---
 .../java/de/hsadmin/mods/dom/DomainProcessorFactory.java  | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/qserv/src/main/java/de/hsadmin/mods/dom/DomainProcessorFactory.java b/qserv/src/main/java/de/hsadmin/mods/dom/DomainProcessorFactory.java
index 101324a..e561095 100644
--- a/qserv/src/main/java/de/hsadmin/mods/dom/DomainProcessorFactory.java
+++ b/qserv/src/main/java/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -242,6 +242,10 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 		domDirsProcessor.appendProcessor(
 				new CopyFileProcessor("/usr/local/src/phpstub/phpstub", domainDir + "/fastcgi-ssl/phpstub", userName, pacName, "755")
 			);
+		domDirsProcessor.appendProcessor(
+				new ShellProcessor("chattr +i " + domainDir + " /fastcgi/phpstub && " +
+						"chattr +i " + domainDir + " /fastcgi-ssl/phpstub")
+			);
 		domDirsProcessor.appendProcessor(
 				new ShellProcessor("ln -sf " + domainDir + " /home/doms/ && " +
 						"chown --no-dereference " + userName + ":httpd /home/doms/" + domName 
@@ -333,6 +337,8 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 						" && rm -f /etc/apache2/pems-generated/" + domname + ".crt" +
 						" && rm -f /etc/apache2/pems-generated/" + domname + ".key" +
 						" && rm -f /etc/apache2/pems-generated/" + domname + ".chain" +
+						" && chattr -i " + homedir + "/doms/" + domname + "/fastcgi/phpstub" +
+						" && chattr -i " + homedir + "/doms/" + domname + "/fastcgi-ssl/phpstub" +
 						" && mkdir " + homedir + "/doms.bak" +
 						" && mv " + homedir + "/doms/" + domname + " "  + homedir + "/doms.bak/" +
 						" && chown -R " + username + ":" + username + " " + homedir + "/doms.bak" +
@@ -349,6 +355,8 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 				" && rm -f /etc/apache2/pems-generated/" + domname + ".crt" +
 				" && rm -f /etc/apache2/pems-generated/" + domname + ".key" +
 				" && rm -f /etc/apache2/pems-generated/" + domname + ".chain" +
+				" && chattr -i " + homedir + "/doms/" + domname + "/fastcgi/phpstub" +
+				" && chattr -i " + homedir + "/doms/" + domname + "/fastcgi-ssl/phpstub" +
 				" && rm -rf " + homedir + "/doms/" + domname +
 				" && invoke-rc.d apache2 reload >/dev/null 2>&1");
 	}