fix: add missing sudoers permissions and nginx dir ownership for account creation

- useradd/userdel/usermod/chpasswd for hosting account management
- mkdir/chown/chmod for home directory provisioning
- nginx sites-available and sites-enabled write permissions
- certbot, opendkim-genkey, rndc, named-checkzone for SSL and DKIM
- chown root:www-data on nginx vhost dirs so VhostManager can write configs directly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
This commit is contained in:
2026-06-20 04:36:21 +00:00
parent 08844c6f79
commit 8497aecc8d
+21
View File
@@ -225,6 +225,9 @@ server {
}
NGXCONF
ln -sf "$PANEL_WEB_CONF" /etc/nginx/sites-enabled/novacpx
# Allow www-data to manage customer vhost configs
chown root:www-data /etc/nginx/sites-available /etc/nginx/sites-enabled
chmod 775 /etc/nginx/sites-available /etc/nginx/sites-enabled
else
apt-get install -y -qq apache2 libapache2-mod-fcgid >> "$LOG" 2>&1
@@ -721,7 +724,25 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl start php*-fpm
www-data ALL=(root) NOPASSWD: /bin/systemctl stop php*-fpm
# Web config file management (scoped paths only)
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/conf.d/*
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-available/*
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-enabled/*
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/apache2/conf-enabled/*
www-data ALL=(root) NOPASSWD: /bin/ln -sf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/*
www-data ALL=(root) NOPASSWD: /bin/rm /etc/nginx/sites-available/novacpx-*
www-data ALL=(root) NOPASSWD: /bin/rm /etc/nginx/sites-enabled/novacpx-*
# Account management (user creation and home directories)
www-data ALL=(root) NOPASSWD: /usr/sbin/useradd
www-data ALL=(root) NOPASSWD: /usr/sbin/userdel
www-data ALL=(root) NOPASSWD: /usr/sbin/usermod
www-data ALL=(root) NOPASSWD: /usr/sbin/chpasswd
www-data ALL=(root) NOPASSWD: /bin/mkdir
www-data ALL=(root) NOPASSWD: /bin/chown
www-data ALL=(root) NOPASSWD: /bin/chmod
# SSL and DKIM
www-data ALL=(root) NOPASSWD: /usr/bin/certbot
www-data ALL=(root) NOPASSWD: /usr/bin/opendkim-genkey
www-data ALL=(root) NOPASSWD: /usr/sbin/rndc reload
www-data ALL=(root) NOPASSWD: /usr/sbin/named-checkzone *
SUDOERS
chmod 440 /etc/sudoers.d/novacpx-firewall
log "Sudoers rules installed"