restrict initial user home access rights

This commit is contained in:
Peter Hormanns 2016-03-23 16:41:10 +01:00
parent d70b87cf28
commit 96d55710b3
2 changed files with 11 additions and 9 deletions

View File

@ -215,7 +215,7 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
Processor mkDomainDirProzessor = Processor mkDomainDirProzessor =
new ShellProcessor( httpdRights + new ShellProcessor( httpdRights +
"chgrp httpd " + homeDir + " && " + "chgrp httpd " + homeDir + " && " +
"chmod g+rx " + homeDir + " && " + "chmod g+x " + homeDir + " && " +
"mkdir --mode=1550 --parents " + domsDir + " && " + "mkdir --mode=1550 --parents " + domsDir + " && " +
"chown httpd:" + pacName + " " + domsDir + " && " + "chown httpd:" + pacName + " " + domsDir + " && " +
"mkdir --mode=750 --parents " + domainDir + " && " + "mkdir --mode=750 --parents " + domainDir + " && " +

View File

@ -27,6 +27,7 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
+ user.getUserId() + ":" + user.getPac().getName() + user.getUserId() + ":" + user.getPac().getName()
+ ":" + user.getComment() + ":" + user.getHomedir() + ":" + user.getComment() + ":" + user.getHomedir()
+ ":" + user.getShell() + "\n")); + ":" + user.getShell() + "\n"));
appendSetHomeACLProcessor(aCP, user);
appendSetQuotaProcessor(aCP, user); appendSetQuotaProcessor(aCP, user);
appendMakeMaildirProcessor(aCP, user); appendMakeMaildirProcessor(aCP, user);
return aCP; return aCP;
@ -71,6 +72,10 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
return null; return null;
} }
private void appendSetHomeACLProcessor(CompoundProcessor aCP, UnixUser user) {
aCP.appendProcessor(new ShellProcessor("chmod 700 " + user.getHomedir()));
}
private void appendSetQuotaProcessor(CompoundProcessor aCP, UnixUser user) { private void appendSetQuotaProcessor(CompoundProcessor aCP, UnixUser user) {
Integer quotaSoft = user.getQuotaSoftlimit(); Integer quotaSoft = user.getQuotaSoftlimit();
if (quotaSoft == null) { if (quotaSoft == null) {
@ -79,9 +84,8 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
quotaSoft = quotaSoft * 1024; quotaSoft = quotaSoft * 1024;
} }
if (quotaSoft.intValue() == 0) { if (quotaSoft.intValue() == 0) {
aCP.appendProcessor(new ShellProcessor("setquota -u " aCP.appendProcessor(new ShellProcessor(
+ user.getName() + " 0 0 0 0 " "setquota -u " + user.getName() + " 0 0 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
+ "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
return; return;
} }
Integer quotaHard = user.getQuotaHardlimit(); Integer quotaHard = user.getQuotaHardlimit();
@ -89,11 +93,9 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
quotaHard = new Integer(0); quotaHard = new Integer(0);
} else { } else {
quotaHard = quotaHard * 1024; quotaHard = quotaHard * 1024;
} }
aCP.appendProcessor(new ShellProcessor("setquota -u " aCP.appendProcessor(new ShellProcessor("setquota -u " + user.getName() + " " + quotaSoft + " " + quotaHard
+ user.getName() + " " + quotaSoft + " " + " 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
+ quotaHard + " 0 0 "
+ "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
} }
private void appendMakeMaildirProcessor(CompoundProcessor aCP, UnixUser user) { private void appendMakeMaildirProcessor(CompoundProcessor aCP, UnixUser user) {