mirror of
https://github.com/myronblair/novacpx
synced 2026-06-30 17:50:41 -05:00
fix: add missing sudoers permissions and nginx dir ownership for account creation
- useradd/userdel/usermod/chpasswd for hosting account management - mkdir/chown/chmod for home directory provisioning - nginx sites-available and sites-enabled write permissions - certbot, opendkim-genkey, rndc, named-checkzone for SSL and DKIM - chown root:www-data on nginx vhost dirs so VhostManager can write configs directly Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LP9Q4kfCAYAjJnsbHBrViZ
This commit is contained in:
+21
@@ -225,6 +225,9 @@ server {
|
|||||||
}
|
}
|
||||||
NGXCONF
|
NGXCONF
|
||||||
ln -sf "$PANEL_WEB_CONF" /etc/nginx/sites-enabled/novacpx
|
ln -sf "$PANEL_WEB_CONF" /etc/nginx/sites-enabled/novacpx
|
||||||
|
# Allow www-data to manage customer vhost configs
|
||||||
|
chown root:www-data /etc/nginx/sites-available /etc/nginx/sites-enabled
|
||||||
|
chmod 775 /etc/nginx/sites-available /etc/nginx/sites-enabled
|
||||||
|
|
||||||
else
|
else
|
||||||
apt-get install -y -qq apache2 libapache2-mod-fcgid >> "$LOG" 2>&1
|
apt-get install -y -qq apache2 libapache2-mod-fcgid >> "$LOG" 2>&1
|
||||||
@@ -721,7 +724,25 @@ www-data ALL=(root) NOPASSWD: /bin/systemctl start php*-fpm
|
|||||||
www-data ALL=(root) NOPASSWD: /bin/systemctl stop php*-fpm
|
www-data ALL=(root) NOPASSWD: /bin/systemctl stop php*-fpm
|
||||||
# Web config file management (scoped paths only)
|
# Web config file management (scoped paths only)
|
||||||
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/conf.d/*
|
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/conf.d/*
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-available/*
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/nginx/sites-enabled/*
|
||||||
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/apache2/conf-enabled/*
|
www-data ALL=(root) NOPASSWD: /usr/bin/tee /etc/apache2/conf-enabled/*
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/ln -sf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/*
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/rm /etc/nginx/sites-available/novacpx-*
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/rm /etc/nginx/sites-enabled/novacpx-*
|
||||||
|
# Account management (user creation and home directories)
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/useradd
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/userdel
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/usermod
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/chpasswd
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/mkdir
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/chown
|
||||||
|
www-data ALL=(root) NOPASSWD: /bin/chmod
|
||||||
|
# SSL and DKIM
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/bin/certbot
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/bin/opendkim-genkey
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/rndc reload
|
||||||
|
www-data ALL=(root) NOPASSWD: /usr/sbin/named-checkzone *
|
||||||
SUDOERS
|
SUDOERS
|
||||||
chmod 440 /etc/sudoers.d/novacpx-firewall
|
chmod 440 /etc/sudoers.d/novacpx-firewall
|
||||||
log "Sudoers rules installed"
|
log "Sudoers rules installed"
|
||||||
|
|||||||
Reference in New Issue
Block a user