diff --git a/README.md b/README.md index 98cd971..22130be 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ +Version 0.7 Changelogs: +- Fixed critical password setting bug - passwords were not being set due to variable expansion issue in chpasswd command +- Added automatic webroot permission configuration - ensures /var/www/webroot/ROOT has litespeed group ownership and group write permissions +- Created comprehensive diagnostic script (check-sftp-user.sh) for troubleshooting user account issues +- Added detailed troubleshooting guide (TROUBLESHOOTING.md) with diagnostic commands and solutions + Version 0.6 Changelogs: - Implemented separate form for deleting users to avoid requiring password input when deleting - Fixed SFTP connection "broken pipe" errors by correcting /home directory permissions (root:root with 755) diff --git a/add-sftp.sh b/add-sftp.sh index f53c8d3..73a35b9 100644 --- a/add-sftp.sh +++ b/add-sftp.sh @@ -217,6 +217,39 @@ fi log_cmd "usermod -aG litespeed $USERNAME" "Adding user to litespeed group for file access" log_success "Added $USERNAME to litespeed group for file access" +# Ensure webroot has correct group ownership and permissions for write access +log "Phase 10b: Verifying webroot permissions for group write access" +if [ -d "$ROOT_DIRECTORY" ]; then + # Check if litespeed group exists + if getent group litespeed > /dev/null; then + # Check current group ownership + CURRENT_GROUP=$(stat -c '%G' "$ROOT_DIRECTORY" 2>/dev/null) + if [ "$CURRENT_GROUP" != "litespeed" ]; then + log "Setting webroot group ownership to litespeed (was: $CURRENT_GROUP)" + log_cmd "chgrp -R litespeed $ROOT_DIRECTORY" "Setting webroot group to litespeed" + fi + + # Check if group write permission exists + # Group write exists if second digit is 7(rwx), 6(rw-), 3(-wx), or 2(-w-) + CURRENT_PERMS=$(stat -c '%a' "$ROOT_DIRECTORY" 2>/dev/null) + if [ -n "$CURRENT_PERMS" ]; then + # Extract group write bit (second digit) + GROUP_WRITE_BIT=$(echo "$CURRENT_PERMS" | cut -c2) + # Check if write bit is NOT set (4=r--, 5=r-x, 1=--x, 0=---) + if [ "$GROUP_WRITE_BIT" = "4" ] || [ "$GROUP_WRITE_BIT" = "5" ] || [ "$GROUP_WRITE_BIT" = "1" ] || [ "$GROUP_WRITE_BIT" = "0" ]; then + log "Adding group write permissions to webroot (current: $CURRENT_PERMS)" + log_cmd "chmod -R g+w $ROOT_DIRECTORY" "Adding group write permissions to webroot" + else + log_debug "Webroot already has group write permissions (current: $CURRENT_PERMS)" + fi + fi + else + log_warning "litespeed group does not exist, skipping webroot permission setup" + fi +else + log_warning "Webroot directory $ROOT_DIRECTORY does not exist, skipping permission check" +fi + # Create welcome file log "Phase 11: Creating welcome file" cat > $USER_HOME/data/welcome.txt << EOF diff --git a/manifest.jps b/manifest.jps index 5f264bb..4a93c44 100644 --- a/manifest.jps +++ b/manifest.jps @@ -1,4 +1,4 @@ -version: 0.6 +version: 0.7 id: addsftp type: update description: An addon to add new SFTP users for Jelastic Virtuozzo LLSMP environments. It manages user accounts with secure SFTP access and optional SSH access with proper chroot jailing. diff --git a/scripts/system_prep.sh b/scripts/system_prep.sh index 308c1e9..6c569b6 100644 --- a/scripts/system_prep.sh +++ b/scripts/system_prep.sh @@ -106,6 +106,48 @@ EOF log_cmd "chown root:root /home/sftpusers" "Setting /home/sftpusers ownership to root:root" log_cmd "chmod 755 /home/sftpusers" "Setting /home/sftpusers permissions to 755" + # -------------------------------------------------------------------------- + # Step 5: Ensure webroot has correct group ownership and permissions + # -------------------------------------------------------------------------- + local webroot_dir="/var/www/webroot/ROOT" + if [ -d "$webroot_dir" ]; then + log "Ensuring webroot directory has correct group ownership and permissions..." + + # Check if litespeed group exists, create if not + if ! getent group litespeed > /dev/null; then + log "Creating litespeed group" + log_cmd "groupadd litespeed" "Creating litespeed group" + fi + + # Check current group ownership + local current_group=$(stat -c '%G' "$webroot_dir" 2>/dev/null) + if [ "$current_group" != "litespeed" ]; then + log "Setting webroot group ownership to litespeed (was: $current_group)" + log_cmd "chgrp -R litespeed $webroot_dir" "Setting webroot group to litespeed" + else + log_debug "Webroot already owned by litespeed group" + fi + + # Check if group write permission exists + # Group write exists if second digit is 7(rwx), 6(rw-), 3(-wx), or 2(-w-) + local current_perms=$(stat -c '%a' "$webroot_dir" 2>/dev/null) + if [ -n "$current_perms" ]; then + # Extract group write bit (second digit) + local group_write_bit=$(echo "$current_perms" | cut -c2) + # Check if write bit is NOT set (4=r--, 5=r-x, 1=--x, 0=---) + if [ "$group_write_bit" = "4" ] || [ "$group_write_bit" = "5" ] || [ "$group_write_bit" = "1" ] || [ "$group_write_bit" = "0" ]; then + log "Adding group write permissions to webroot (current: $current_perms)" + log_cmd "chmod -R g+w $webroot_dir" "Adding group write permissions to webroot" + else + log_debug "Webroot already has group write permissions (current: $current_perms)" + fi + fi + + log_success "Webroot permissions configured for group access" + else + log_warning "Webroot directory $webroot_dir does not exist, skipping permission setup" + fi + log_success "System preparation complete." return 0 } \ No newline at end of file