diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
index 36f34be..ba4d456 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
@@ -197,20 +197,24 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 		}
 	}
 
-	private void needsWriteAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
+	private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
 		UnixUser loginUser = getTransaction().getLoginUser();
-		if (ent instanceof Domain) {
-			Domain dom = (Domain) ent;
+		if (entity instanceof Domain) {
+			Domain dom = (Domain) entity;
 			String aLoginUserName = loginUser.getName();
 			UnixUser domUser = dom.getUser();
 			Pac domPac = domUser.getPac();
 			boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
 			boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
 			boolean isHostmaster = loginUser.hasHostmasterRole();
-			if (!isPacAdmin && !isCustomer && !isHostmaster)
+			if (!isPacAdmin && !isCustomer && !isHostmaster) {
 				throw new AuthorisationException(loginUser, method, dom);
+			}
+			if (dom.isPacDomain() && !isHostmaster && !"add".equals(method)) {
+				throw new AuthorisationException(loginUser, method, dom);
+			}
 		} else {
-			throw new AuthorisationException(loginUser, method, ent);
+			throw new AuthorisationException(loginUser, method, entity);
 		}
 	}
 
diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
index 19aaaec..170fe31 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainProcessorFactory.java
@@ -64,6 +64,9 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 		templateVars.put("DOMAIN", domName);
 		templateVars.put("USER_NAME", domUser.getComment());
 		mainProcessor.appendProcessor(hiveName, createApacheVHostSetupProcessor(dom, templateVars), "Setup Apache VHost");
+		if (dom.isPacDomain()) {
+			mainProcessor.appendProcessor(hiveName, createMovePacDomainContent(em, dom), "Move pac domain content");
+		}
 		return mainProcessor;
 	}
 
@@ -265,6 +268,24 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
 		return vhostDelProcessor;
 	}
 
+	private Processor createMovePacDomainContent(EntityManager em, Domain dom) {
+		Pac pac = dom.getUser().getPac();
+		String pacDir = pac.getAdminUser(em).getHomedir();
+		String domDir = pacDir + "/doms/" + pac.getName() + ".hostsharing.net"; 
+		String[] sourceDirs = new String[] { "web", "web-ssl", "cgi", "cgi-ssl", "fastcgi", "fastcgi-ssl" } ;
+		String[] targetDirs = new String[] { "htdocs", "htdocs-ssl", "cgi", "cgi-ssl", "fastcgi", "fastcgi-ssl" } ;
+		CompoundProcessor processor = new CompoundProcessor(
+			new ShellProcessor("rm -rf " + pacDir + "/subs " + pacDir + "/htdocs/.htaccess " 
+										 + pacDir + "/subs-ssl " + pacDir + "/htdocs-ssl/.htaccess "));
+		for (int idx = 0; idx < sourceDirs.length; idx++) {
+			processor.appendProcessor(
+				new ShellProcessor("shopt dotglob && ls " + pacDir + "/" + sourceDirs[idx] + " >/dev/null 2>&1" +
+						" && mv " + domDir + "/" + sourceDirs[idx] + "/*" + targetDirs[idx] + "/ " +
+						" && rmdir " + domDir + "/" + sourceDirs[idx]));
+		}
+		return processor;
+	}
+
 	private String selectVHostTemplate(Domain dom) {
 		String domName = dom.getName();
 		UnixUser user = dom.getUser();
diff --git a/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java b/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java
index 9cf2ce6..5d21211 100644
--- a/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/email/EMailAliasModuleImpl.java
@@ -41,6 +41,9 @@ public class EMailAliasModuleImpl extends AbstractModuleImpl {
 		if (pac == null || !pac.isReadAllowedFor(loginUser)) {
 			throw new AuthorisationException(loginUser, "add", newEntity);
 		}
+		if (!name.startsWith(pac.getName())) {
+			throw new AuthorisationException(loginUser, "add", newEntity);
+		}
 		return super.add(newEntity);
 	}
 	
diff --git a/hsarback/webapp/WEB-INF/web.xml b/hsarback/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..4030a94
--- /dev/null
+++ b/hsarback/webapp/WEB-INF/web.xml
@@ -0,0 +1,315 @@
+<?xml version="1.0"?> 
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+    version="2.5">
+
+	<listener>
+		<listener-class>de.hsadmin.core.model.onetier.PersistenceManagerContextListener</listener-class>
+	</listener>
+	
+    <servlet>
+        <servlet-name>Queue Status Servlet</servlet-name>
+        <servlet-class>de.hsadmin.core.qserv.QueueStatusReceiverServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+  	<servlet>
+  		<servlet-name>CLI Client Connector</servlet-name>
+	  	<servlet-class>de.hsadmin.cliClientConnector.CLIClientConnectorServlet</servlet-class>
+  		<init-param>
+	  		<param-name>proxyValidateUrl</param-name>
+		  	<param-value>https://${cas.domain.name}:${cas.https.port}/cas/proxyValidate</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>proxyServiceUrl</param-name>
+		  	<param-value>https://${hsar.domain.name}:${hsar.https.port}/hsar/backend</param-value>
+  		</init-param>
+	  	<init-param>
+  			<param-name>Components</param-name>
+	  		<param-value>member,pac,user,domain,emailaddress,emailalias,mysqluser,mysqldb,postgresqluser,postgresqldb,q</param-value>
+		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_member</param-name>
+			<param-value>de.hsadmin.mods.cust.Customer</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_member</param-name>
+		  	<param-value>Mitglieder</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_pac</param-name>
+			<param-value>de.hsadmin.mods.pac.Pac</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_pac</param-name>
+		  	<param-value>Pakete</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentClass_user</param-name>
+		  	<param-value>de.hsadmin.mods.user.UnixUser</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_user</param-name>
+		  	<param-value>Benutzer und Postfaecher anlegen</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_domain</param-name>
+			<param-value>de.hsadmin.mods.dom.Domain</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_domain</param-name>
+		  	<param-value>Domains aufschalten</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_emailaddress</param-name>
+			<param-value>de.hsadmin.mods.email.EMailAddress</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_emailaddress</param-name>
+		  	<param-value>E-Mail Adressen</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_emailalias</param-name>
+			<param-value>de.hsadmin.mods.email.EMailAlias</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_emailalias</param-name>
+		  	<param-value>E-Mail Aliases</param-value>  
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_postgresqluser</param-name>
+			<param-value>de.hsadmin.mods.db.PgSqlUser</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_postgresqluser</param-name>
+		  	<param-value>PostgreSQL DB-Administrator</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_postgresqldb</param-name>
+			<param-value>de.hsadmin.mods.db.PgSqlDatabase</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_postgresqldb</param-name>
+		  	<param-value>PostgreSQL Datenbank</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_mysqluser</param-name>
+			<param-value>de.hsadmin.mods.db.MySqlUser</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_mysqluser</param-name>
+		  	<param-value>MySQL DB-Administrator</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_mysqldb</param-name>
+			<param-value>de.hsadmin.mods.db.MySqlDatabase</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_mysqldb</param-name>
+		  	<param-value>MySQL Datenbank</param-value>
+  		</init-param>
+	  	<init-param>
+		  	<param-name>ComponentClass_q</param-name>
+			<param-value>de.hsadmin.core.qserv.QueueTask</param-value>
+  		</init-param>
+  		<init-param>
+	  		<param-name>ComponentDescription_q</param-name>
+		  	<param-value>Offene Aktionen</param-value>
+  		</init-param>
+        <load-on-startup>1</load-on-startup>
+  	</servlet>
+
+   <servlet>
+        <servlet-name>XmlRpcServlet</servlet-name>
+        <servlet-class>org.apache.xmlrpc.webserver.XmlRpcServlet</servlet-class>
+        <init-param>
+          <param-name>enabledForExtensions</param-name>
+          <param-value>true</param-value>
+        </init-param>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>Queue Status Servlet</servlet-name>
+        <url-pattern>/queueStatus</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>CLI Client Connector</servlet-name>
+        <url-pattern>/hsadmin/cli-interface/</url-pattern>
+    </servlet-mapping>
+
+    <servlet-mapping>
+        <servlet-name>XmlRpcServlet</servlet-name>
+        <url-pattern>/xmlrpc/*</url-pattern>
+    </servlet-mapping>
+
+    <resource-ref>
+        <res-ref-name>jdbc/HSAdminDB</res-ref-name>
+        <res-type>javax.sql.DataSource</res-type>
+        <res-auth>Container</res-auth>
+    </resource-ref>
+ 	    
+    <resource-ref>
+        <res-ref-name>jms/QueueCF</res-ref-name>
+        <res-type>javax.jms.QueueConnectionFactory</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+ 	    
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h81</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h01</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h02</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h03</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h04</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h05</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h06</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h07</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h08</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h09</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h50</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h51</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h52</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h55</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h56</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h57</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-h58</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-dns1</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-dns2</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-dns3</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-mail1</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-mail2</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminSystem-mail3</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+    <resource-ref>
+        <res-ref-name>jms/hsadminStatus</res-ref-name>
+        <res-type>javax.jms.Queue</res-type>
+        <res-auth>Container</res-auth>
+        <res-sharing-scope>Shareable</res-sharing-scope>
+    </resource-ref>
+ 	    
+	<security-constraint>
+       <web-resource-collection>
+           	<web-resource-name>Hostsharing Administrative Area</web-resource-name>
+        	<url-pattern>/*</url-pattern>
+       </web-resource-collection>
+       <user-data-constraint>
+           	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
+       </user-data-constraint>
+   </security-constraint>
+
+</web-app>