restrict initial user home access rights
This commit is contained in:
parent
d70b87cf28
commit
96d55710b3
@ -215,7 +215,7 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
|
|||||||
Processor mkDomainDirProzessor =
|
Processor mkDomainDirProzessor =
|
||||||
new ShellProcessor( httpdRights +
|
new ShellProcessor( httpdRights +
|
||||||
"chgrp httpd " + homeDir + " && " +
|
"chgrp httpd " + homeDir + " && " +
|
||||||
"chmod g+rx " + homeDir + " && " +
|
"chmod g+x " + homeDir + " && " +
|
||||||
"mkdir --mode=1550 --parents " + domsDir + " && " +
|
"mkdir --mode=1550 --parents " + domsDir + " && " +
|
||||||
"chown httpd:" + pacName + " " + domsDir + " && " +
|
"chown httpd:" + pacName + " " + domsDir + " && " +
|
||||||
"mkdir --mode=750 --parents " + domainDir + " && " +
|
"mkdir --mode=750 --parents " + domainDir + " && " +
|
||||||
|
@ -27,6 +27,7 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
|||||||
+ user.getUserId() + ":" + user.getPac().getName()
|
+ user.getUserId() + ":" + user.getPac().getName()
|
||||||
+ ":" + user.getComment() + ":" + user.getHomedir()
|
+ ":" + user.getComment() + ":" + user.getHomedir()
|
||||||
+ ":" + user.getShell() + "\n"));
|
+ ":" + user.getShell() + "\n"));
|
||||||
|
appendSetHomeACLProcessor(aCP, user);
|
||||||
appendSetQuotaProcessor(aCP, user);
|
appendSetQuotaProcessor(aCP, user);
|
||||||
appendMakeMaildirProcessor(aCP, user);
|
appendMakeMaildirProcessor(aCP, user);
|
||||||
return aCP;
|
return aCP;
|
||||||
@ -71,6 +72,10 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void appendSetHomeACLProcessor(CompoundProcessor aCP, UnixUser user) {
|
||||||
|
aCP.appendProcessor(new ShellProcessor("chmod 700 " + user.getHomedir()));
|
||||||
|
}
|
||||||
|
|
||||||
private void appendSetQuotaProcessor(CompoundProcessor aCP, UnixUser user) {
|
private void appendSetQuotaProcessor(CompoundProcessor aCP, UnixUser user) {
|
||||||
Integer quotaSoft = user.getQuotaSoftlimit();
|
Integer quotaSoft = user.getQuotaSoftlimit();
|
||||||
if (quotaSoft == null) {
|
if (quotaSoft == null) {
|
||||||
@ -79,9 +84,8 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
|||||||
quotaSoft = quotaSoft * 1024;
|
quotaSoft = quotaSoft * 1024;
|
||||||
}
|
}
|
||||||
if (quotaSoft.intValue() == 0) {
|
if (quotaSoft.intValue() == 0) {
|
||||||
aCP.appendProcessor(new ShellProcessor("setquota -u "
|
aCP.appendProcessor(new ShellProcessor(
|
||||||
+ user.getName() + " 0 0 0 0 "
|
"setquota -u " + user.getName() + " 0 0 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
||||||
+ "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
Integer quotaHard = user.getQuotaHardlimit();
|
Integer quotaHard = user.getQuotaHardlimit();
|
||||||
@ -89,11 +93,9 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
|||||||
quotaHard = new Integer(0);
|
quotaHard = new Integer(0);
|
||||||
} else {
|
} else {
|
||||||
quotaHard = quotaHard * 1024;
|
quotaHard = quotaHard * 1024;
|
||||||
}
|
}
|
||||||
aCP.appendProcessor(new ShellProcessor("setquota -u "
|
aCP.appendProcessor(new ShellProcessor("setquota -u " + user.getName() + " " + quotaSoft + " " + quotaHard
|
||||||
+ user.getName() + " " + quotaSoft + " "
|
+ " 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
||||||
+ quotaHard + " 0 0 "
|
|
||||||
+ "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void appendMakeMaildirProcessor(CompoundProcessor aCP, UnixUser user) {
|
private void appendMakeMaildirProcessor(CompoundProcessor aCP, UnixUser user) {
|
||||||
|
Loading…
Reference in New Issue
Block a user