From 8497aecc8d26ff234582415d5ff05f28a2a445bc Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Sat, 20 Jun 2026 04:36:21 +0000 Subject: [PATCH] fix: add missing sudoers permissions and nginx dir ownership for account creation - useradd/userdel/usermod/chpasswd for hosting account management - mkdir/chown/chmod for home directory provisioning - nginx sites-available and sites-enabled write permissions - certbot, opendkim-genkey, rndc, named-checkzone for SSL and DKIM - chown root:www-data on nginx vhost dirs so VhostManager can write configs directly Co-Authored-By: Claude Sonnet 4.6 Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ --- install.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/install.sh b/install.sh index e01e8cb..fe841bf 100644 --- a/install.sh +++ b/install.sh @@ -225,6 +225,9 @@ server { } NGXCONF ln -sf "$PANEL_WEB_CONF" /etc/nginx/sites-enabled/novacpx + # Allow www-data to manage customer vhost configs + chown root:www-data /etc/nginx/sites-available /etc/nginx/sites-enabled + chmod 775 /etc/nginx/sites-available /etc/nginx/sites-enabled else apt-get install -y -qq apache2 libapache2-mod-fcgid >> "$LOG" 2>&1 @@ -721,7 +724,25 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl start php*-fpm www-data ALL=(root) NOPASSWD: /bin/systemctl stop php*-fpm # Web config file management (scoped paths only) www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/conf.d/* +www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-available/* +www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-enabled/* www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/apache2/conf-enabled/* +www-data ALL=(root) NOPASSWD: /bin/ln -sf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/* +www-data ALL=(root) NOPASSWD: /bin/rm /etc/nginx/sites-available/novacpx-* +www-data ALL=(root) NOPASSWD: /bin/rm /etc/nginx/sites-enabled/novacpx-* +# Account management (user creation and home directories) +www-data ALL=(root) NOPASSWD: /usr/sbin/useradd +www-data ALL=(root) NOPASSWD: /usr/sbin/userdel +www-data ALL=(root) NOPASSWD: /usr/sbin/usermod +www-data ALL=(root) NOPASSWD: /usr/sbin/chpasswd +www-data ALL=(root) NOPASSWD: /bin/mkdir +www-data ALL=(root) NOPASSWD: /bin/chown +www-data ALL=(root) NOPASSWD: /bin/chmod +# SSL and DKIM +www-data ALL=(root) NOPASSWD: /usr/bin/certbot +www-data ALL=(root) NOPASSWD: /usr/bin/opendkim-genkey +www-data ALL=(root) NOPASSWD: /usr/sbin/rndc reload +www-data ALL=(root) NOPASSWD: /usr/sbin/named-checkzone * SUDOERS chmod 440 /etc/sudoers.d/novacpx-firewall log "Sudoers rules installed"