improve web

ec781a49 · Vitaly Lipatov · d1c3353d · ec781a49 · ec781a49 · ec781a49
Commit ec781a49 authored Feb 03, 2016 by Vitaly Lipatov
Showing with 31 additions and 16 deletions

add_site.sh web/add_site.sh +4 -4

add_user.sh web/add_user.sh +4 -2

create_sep_sites.sh web/create_sep_sites.sh +10 -7

functions web/functions +3 -1

functions-apache web/functions-apache +10 -2

No files found.
--- a/web/add_site.sh
+++ b/web/add_site.sh
@@ -42,7 +42,7 @@ fi
 #mkdir -p $SITE/cgi
 mkdir -p $SITEDIR $SESSIONDIR
-chown $USERNAME:root $SESSIONDIR/
+chown $USERNAME:root $SESSIONDIR/ || fatal
 #mkdir -p $LOGDIR
 #test -f $SITE/favicon.ico || cp -f ./favicon.ico $SITE/favicon.ico
@@ -51,9 +51,9 @@ touch $SITEDIR/robots.txt
 # due nscd?
 chown -R $USERNAME:webmaster $SITEDIR/ || { sleep 10; chown -R $USERNAME:webmaster $SITEDIR/ ; }
 #chmod o+r $SITE/robots.txt $SITE/favicon.ico
-chmod g+rwx $SITEDIR/
+chmod g+rwx $SITEDIR/ || fatal
-chmod o-rwx $SITEDIR/
+chmod o-rwx $SITEDIR/ || fatal
-chmod g+s $SITEDIR/
+chmod g+s $SITEDIR/ || fatal
 # HACK for separated

--- a/web/add_user.sh
+++ b/web/add_user.sh
@@ -5,7 +5,8 @@
 USER=$1
 [ -n "$USER" ] || exit
-service nscd status >/dev/null && NSCD=1 && service nscd stop
+NSCD=
+serv nscd status >/dev/null && NSCD=1 && serv nscd stop
 useradd -G users $USER || exit
@@ -17,7 +18,8 @@ echo "$MYSQLHOST	mysql.$USER" >>/etc/hosts
 echo "$USER" >>/etc/vsftpd/user_list
-[ -n "$NSCD" ] && service nscd start
+# need wait after start?
+#[ -n "$NSCD" ] && serv nscd start
 cat <<EOF
 FTP/SSH access:

--- a/web/create_sep_sites.sh
+++ b/web/create_sep_sites.sh
@@ -23,13 +23,13 @@ cat create_sep_sites.list | grep -v "#" | while read PORT URL ; do
    # HACK: azbyka specific
    # Переименовываем, если это основной пользователь
    if id $SEPUSER >/dev/null ; then
-        if getent passwd $SEPUSER | grep -q /home/azbyka/ ; then
+        #if getent passwd $SEPUSER | grep -q /home/azbyka/ ; then
-           usermod -l  ${SEPUSER/azbyka_/} $SEPUSER || fatal
+        #   usermod -l  ${SEPUSER/azbyka_/} $SEPUSER || fatal
-           groupmod -n ${SEPUSER/azbyka_/} $SEPUSER || fatal
+        #   groupmod -n ${SEPUSER/azbyka_/} $SEPUSER || fatal
-        else
+        #else
        echo "User $SEPUSER already exists, skipping"
-           continue
+        #   continue
-        fi
+        #fi
    fi
    test -d /home/$SEPUSER && fatal "$SEPUSER already created"
    export HACKCOMMONDIR=":/home/azbyka/www/azbyka.ru/include:/home/azbyka/www/azbyka.ru/orphus"
@@ -39,8 +39,11 @@ cat <<EOF
 EOF
    ./add_user.sh $SEPUSER 2>>$0.errlog || fatal
    ./add_site.sh $MAINDOMAIN:$PORT $SEPUSER NORESTARTAPACHE 2>>$0.errlog
+    SEPSITEDIR=/home/$SEPUSER/www/$MAINDOMAIN/$NAME/
+    mkdir -p $SEPSITEDIR
+    chown $SEPUSER $SEPSITEDIR
 cat <<EOF
-Abs path: /home/$SEPUSER/www/$SEPUSER/$NAME/
+Abs path: $SEPSITEDIR
 Real URL: http://$MAINDOMAIN/$NAME
 EOF

--- a/web/functions
+++ b/web/functions
@@ -5,6 +5,7 @@ set_vars()
    HOMEDIR=/home/$USERNAME
    test -d "$HOMEDIR" || exit 1
    HOSTBASE=$HOMEDIR/www
+    DATADIR=$HOMEDIR/data
    LOGDIR=$HOMEDIR/log
    USERTMPDIR=$HOMEDIR/tmp
    SESSIONDIR=$HOMEDIR/sessions/$DOMAINNAME
@@ -22,7 +23,8 @@ set_dirperms()
    mkdir -p $HOMEDIR
    chown -v $USERNAME:webmaster $HOMEDIR
    chmod -v 0750 $HOMEDIR
-    chmod -v g-s $HOMEDIR
+    chmod -v g+s $HOMEDIR
+    chmod -v +t $HOMEDIR
    # www
    mkdir -p $HOSTBASE

--- a/web/functions-apache
+++ b/web/functions-apache
@@ -58,7 +58,14 @@ conffile="$APACHECONF"
 [ -n "$conffile" ] || conffile=$DOMAINNAME.conf
 if [ -n "$FLAG" ] && [ -n "$OPENBASEDIR" ]; then
-    HACKCOMMONDIR="$(echo "$OPENBASEDIR" | sed -e "s|$SITEDIR:$USERTMPDIR:$PHPINCLUDE:/tmp||g")"
+    local typical="$SITEDIR:$DATADIR:$USERTMPDIR:$PHPINCLUDE:/tmp"
+    if ! echo "$OPENBASEDIR" | grep "$typical" ; then
+        typical="$SITEDIR:$USERTMPDIR:$PHPINCLUDE:/tmp"
+        if ! echo "$OPENBASEDIR" | grep "$typical" ; then
+            fatal "Can't detect $typical in $OPENBASEDIR"
+        fi
+    fi
+    HACKCOMMONDIR="$(echo "$OPENBASEDIR" | sed -e "s|$typical||g")"
 else
    HACKCOMMONDIR=
 fi
@@ -86,9 +93,10 @@ cat <<EOF >>$conffile.new
    php_admin_value session.save_path "$SESSIONDIR"
    # Due http://drupal.stackexchange.com/questions/10646/i-get-tmp-is-not-writeable-by-the-webserver-on-migration
    # NOTE: /tmp for open_basedir
-    php_admin_value open_basedir "$SITEDIR:$USERTMPDIR:$PHPINCLUDE:/tmp$HACKCOMMONDIR"
+    php_admin_value open_basedir "$SITEDIR:$DATADIR:$USERTMPDIR:$PHPINCLUDE:/tmp$HACKCOMMONDIR"
    php_admin_value upload_tmp_dir "$USERTMPDIR"
    php_admin_value auto_prepend_file "$PHPINCLUDE/prepend.php"
+    SetEnvIf X-Forwarded-Proto https HTTPS=on
    ServerAdmin $ADMINMAIL
    DocumentRoot "$SITEDIR"
    ErrorLog $ERRLOGNAME