restrict initial user home access rights
This commit is contained in:
parent
d70b87cf28
commit
96d55710b3
@ -215,7 +215,7 @@ public class DomainProcessorFactory implements EntityProcessorFactory {
|
||||
Processor mkDomainDirProzessor =
|
||||
new ShellProcessor( httpdRights +
|
||||
"chgrp httpd " + homeDir + " && " +
|
||||
"chmod g+rx " + homeDir + " && " +
|
||||
"chmod g+x " + homeDir + " && " +
|
||||
"mkdir --mode=1550 --parents " + domsDir + " && " +
|
||||
"chown httpd:" + pacName + " " + domsDir + " && " +
|
||||
"mkdir --mode=750 --parents " + domainDir + " && " +
|
||||
|
@ -27,6 +27,7 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
||||
+ user.getUserId() + ":" + user.getPac().getName()
|
||||
+ ":" + user.getComment() + ":" + user.getHomedir()
|
||||
+ ":" + user.getShell() + "\n"));
|
||||
appendSetHomeACLProcessor(aCP, user);
|
||||
appendSetQuotaProcessor(aCP, user);
|
||||
appendMakeMaildirProcessor(aCP, user);
|
||||
return aCP;
|
||||
@ -71,6 +72,10 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
||||
return null;
|
||||
}
|
||||
|
||||
private void appendSetHomeACLProcessor(CompoundProcessor aCP, UnixUser user) {
|
||||
aCP.appendProcessor(new ShellProcessor("chmod 700 " + user.getHomedir()));
|
||||
}
|
||||
|
||||
private void appendSetQuotaProcessor(CompoundProcessor aCP, UnixUser user) {
|
||||
Integer quotaSoft = user.getQuotaSoftlimit();
|
||||
if (quotaSoft == null) {
|
||||
@ -79,9 +84,8 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
||||
quotaSoft = quotaSoft * 1024;
|
||||
}
|
||||
if (quotaSoft.intValue() == 0) {
|
||||
aCP.appendProcessor(new ShellProcessor("setquota -u "
|
||||
+ user.getName() + " 0 0 0 0 "
|
||||
+ "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
||||
aCP.appendProcessor(new ShellProcessor(
|
||||
"setquota -u " + user.getName() + " 0 0 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
||||
return;
|
||||
}
|
||||
Integer quotaHard = user.getQuotaHardlimit();
|
||||
@ -90,10 +94,8 @@ public class UnixUserProcessorFactory implements EntityProcessorFactory {
|
||||
} else {
|
||||
quotaHard = quotaHard * 1024;
|
||||
}
|
||||
aCP.appendProcessor(new ShellProcessor("setquota -u "
|
||||
+ user.getName() + " " + quotaSoft + " "
|
||||
+ quotaHard + " 0 0 "
|
||||
+ "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
||||
aCP.appendProcessor(new ShellProcessor("setquota -u " + user.getName() + " " + quotaSoft + " " + quotaHard
|
||||
+ " 0 0 " + "`df /home/pacs/ | tail -n1 | cut -d' ' -f1`"));
|
||||
}
|
||||
|
||||
private void appendMakeMaildirProcessor(CompoundProcessor aCP, UnixUser user) {
|
||||
|
Loading…
Reference in New Issue
Block a user