improve web

web/add_site.sh

@@ -42,7 +42,7 @@ fi
 
 #mkdir -p $SITE/cgi
 mkdir -p $SITEDIR $SESSIONDIR
-chown $USERNAME:root $SESSIONDIR/
+chown $USERNAME:root $SESSIONDIR/ || fatal
 
 #mkdir -p $LOGDIR
 #test -f $SITE/favicon.ico || cp -f ./favicon.ico $SITE/favicon.ico
@@ -51,9 +51,9 @@ touch $SITEDIR/robots.txt
 # due nscd?
 chown -R $USERNAME:webmaster $SITEDIR/ || { sleep 10; chown -R $USERNAME:webmaster $SITEDIR/ ; }
 #chmod o+r $SITE/robots.txt $SITE/favicon.ico
-chmod g+rwx $SITEDIR/
-chmod o-rwx $SITEDIR/
-chmod g+s $SITEDIR/
+chmod g+rwx $SITEDIR/ || fatal
+chmod o-rwx $SITEDIR/ || fatal
+chmod g+s $SITEDIR/ || fatal
 
 
 # HACK for separated

web/add_user.sh

@@ -5,7 +5,8 @@
 USER=$1
 [ -n "$USER" ] || exit
 
-service nscd status >/dev/null && NSCD=1 && service nscd stop
+NSCD=
+serv nscd status >/dev/null && NSCD=1 && serv nscd stop
 
 useradd -G users $USER || exit
 
@@ -17,7 +18,8 @@ echo "$MYSQLHOST	mysql.$USER" >>/etc/hosts
 
 echo "$USER" >>/etc/vsftpd/user_list
 
-[ -n "$NSCD" ] && service nscd start
+# need wait after start?
+#[ -n "$NSCD" ] && serv nscd start
 
 cat <<EOF
 FTP/SSH access:

web/create_sep_sites.sh

@@ -23,13 +23,13 @@ cat create_sep_sites.list | grep -v "#" | while read PORT URL ; do
     # HACK: azbyka specific
     # Переименовываем, если это основной пользователь
     if id $SEPUSER >/dev/null ; then
-        if getent passwd $SEPUSER | grep -q /home/azbyka/ ; then
-           usermod -l  ${SEPUSER/azbyka_/} $SEPUSER || fatal
-           groupmod -n ${SEPUSER/azbyka_/} $SEPUSER || fatal
-        else
-           echo "User $SEPUSER already exists, skipping"
-           continue
-        fi
+        #if getent passwd $SEPUSER | grep -q /home/azbyka/ ; then
+        #   usermod -l  ${SEPUSER/azbyka_/} $SEPUSER || fatal
+        #   groupmod -n ${SEPUSER/azbyka_/} $SEPUSER || fatal
+        #else
+        echo "User $SEPUSER already exists, skipping"
+        #   continue
+        #fi
     fi
     test -d /home/$SEPUSER && fatal "$SEPUSER already created"
     export HACKCOMMONDIR=":/home/azbyka/www/azbyka.ru/include:/home/azbyka/www/azbyka.ru/orphus"
@@ -39,8 +39,11 @@ cat <<EOF
 EOF
     ./add_user.sh $SEPUSER 2>>$0.errlog || fatal
     ./add_site.sh $MAINDOMAIN:$PORT $SEPUSER NORESTARTAPACHE 2>>$0.errlog
+    SEPSITEDIR=/home/$SEPUSER/www/$MAINDOMAIN/$NAME/
+    mkdir -p $SEPSITEDIR
+    chown $SEPUSER $SEPSITEDIR
 cat <<EOF
-Abs path: /home/$SEPUSER/www/$SEPUSER/$NAME/
+Abs path: $SEPSITEDIR
 Real URL: http://$MAINDOMAIN/$NAME
 
 EOF

web/functions

@@ -5,6 +5,7 @@ set_vars()
     HOMEDIR=/home/$USERNAME
     test -d "$HOMEDIR" || exit 1
     HOSTBASE=$HOMEDIR/www
+    DATADIR=$HOMEDIR/data
     LOGDIR=$HOMEDIR/log
     USERTMPDIR=$HOMEDIR/tmp
     SESSIONDIR=$HOMEDIR/sessions/$DOMAINNAME
@@ -22,7 +23,8 @@ set_dirperms()
     mkdir -p $HOMEDIR
     chown -v $USERNAME:webmaster $HOMEDIR
     chmod -v 0750 $HOMEDIR
-    chmod -v g-s $HOMEDIR
+    chmod -v g+s $HOMEDIR
+    chmod -v +t $HOMEDIR
 
     # www
     mkdir -p $HOSTBASE

web/functions-apache

@@ -58,7 +58,14 @@ conffile="$APACHECONF"
 [ -n "$conffile" ] || conffile=$DOMAINNAME.conf
 
 if [ -n "$FLAG" ] && [ -n "$OPENBASEDIR" ]; then
-    HACKCOMMONDIR="$(echo "$OPENBASEDIR" | sed -e "s|$SITEDIR:$USERTMPDIR:$PHPINCLUDE:/tmp||g")"
+    local typical="$SITEDIR:$DATADIR:$USERTMPDIR:$PHPINCLUDE:/tmp"
+    if ! echo "$OPENBASEDIR" | grep "$typical" ; then
+        typical="$SITEDIR:$USERTMPDIR:$PHPINCLUDE:/tmp"
+        if ! echo "$OPENBASEDIR" | grep "$typical" ; then
+            fatal "Can't detect $typical in $OPENBASEDIR"
+        fi
+    fi
+    HACKCOMMONDIR="$(echo "$OPENBASEDIR" | sed -e "s|$typical||g")"
 else
     HACKCOMMONDIR=
 fi
@@ -86,9 +93,10 @@ cat <<EOF >>$conffile.new
     php_admin_value session.save_path "$SESSIONDIR"
     # Due http://drupal.stackexchange.com/questions/10646/i-get-tmp-is-not-writeable-by-the-webserver-on-migration
     # NOTE: /tmp for open_basedir
-    php_admin_value open_basedir "$SITEDIR:$USERTMPDIR:$PHPINCLUDE:/tmp$HACKCOMMONDIR"
+    php_admin_value open_basedir "$SITEDIR:$DATADIR:$USERTMPDIR:$PHPINCLUDE:/tmp$HACKCOMMONDIR"
     php_admin_value upload_tmp_dir "$USERTMPDIR"
     php_admin_value auto_prepend_file "$PHPINCLUDE/prepend.php"
+    SetEnvIf X-Forwarded-Proto https HTTPS=on
     ServerAdmin $ADMINMAIL
     DocumentRoot "$SITEDIR"
     ErrorLog $ERRLOGNAME