From 44b4866541ddf627b4267fa9f8cc52f83c0ee3c2 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 Jul 2024 22:35:51 +0700 Subject: [PATCH 01/10] Fix issue #171 - Nginx http2 deprecation --- scripts/bench.sh => lib/lemper-bench.sh | 0 .../lemper-fixpermission.sh | 0 lib/lemper-manage.sh | 15 +++++----- scripts/createssl.sh | 29 ------------------- 4 files changed, 8 insertions(+), 36 deletions(-) rename scripts/bench.sh => lib/lemper-bench.sh (100%) rename scripts/fixpermission.sh => lib/lemper-fixpermission.sh (100%) delete mode 100755 scripts/createssl.sh diff --git a/scripts/bench.sh b/lib/lemper-bench.sh similarity index 100% rename from scripts/bench.sh rename to lib/lemper-bench.sh diff --git a/scripts/fixpermission.sh b/lib/lemper-fixpermission.sh similarity index 100% rename from scripts/fixpermission.sh rename to lib/lemper-fixpermission.sh diff --git a/lib/lemper-manage.sh b/lib/lemper-manage.sh index d31f4cda..9490f57d 100755 --- a/lib/lemper-manage.sh +++ b/lib/lemper-manage.sh @@ -22,7 +22,7 @@ CMD_PARENT="lemper-cli" CMD_NAME="manage" # Make sure only root can access and not direct access. -if ! declare -F "requires_root" &>/dev/null; then +if [[ "$(type -t requires_root)" != "function" ]]; then echo "Direct access to this script is not permitted." exit 1 fi @@ -485,14 +485,14 @@ function enable_ssl() { # Update vhost config. if [[ "${DRYRUN}" != true ]]; then # Ensure there is no HTTPS enabled server block. - if ! grep -qwE "^\ listen\ (\b[0-9]{1,3}\.){3}[0-9]{1,3}\b:443\ ssl\ http2" "/etc/nginx/sites-available/${DOMAIN}.conf"; then + if ! grep -qwE "^\ listen\ (\b[0-9]{1,3}\.){3}[0-9]{1,3}\b:443\ ssl" "/etc/nginx/sites-available/${DOMAIN}.conf"; then # Make backup first. run cp -f "/etc/nginx/sites-available/${DOMAIN}.conf" "/etc/nginx/sites-available/${DOMAIN}.nonssl-conf" # Change listening port to 443. if grep -qwE "^\ listen\ (\b[0-9]{1,3}\.){3}[0-9]{1,3}\b:80" "/etc/nginx/sites-available/${DOMAIN}.conf"; then - run sed -i "s/\:80/\:443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" + run sed -i "s/\:80/\:443\ ssl/g" "/etc/nginx/sites-available/${DOMAIN}.conf" else run sed -i "s/listen\ 80/listen\ 443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" fi @@ -500,6 +500,7 @@ function enable_ssl() { run sed -i "s/listen\ \[::\]:80/listen\ \[::\]:443\ ssl\ http2/g" "/etc/nginx/sites-available/${DOMAIN}.conf" # Enable SSL configs. + run sed -i "s/http2\ off/http2\ on/g" "/etc/nginx/sites-available/${DOMAIN}.conf" run sed -i "s/#ssl_certificate/ssl_certificate/g" "/etc/nginx/sites-available/${DOMAIN}.conf" run sed -i "s/#ssl_certificate_key/ssl_certificate_key/g" "/etc/nginx/sites-available/${DOMAIN}.conf" run sed -i "s/#ssl_trusted_certificate/ssl_trusted_certificate/g" "/etc/nginx/sites-available/${DOMAIN}.conf" @@ -989,22 +990,22 @@ function init_lemper_manage() { ;; -s | --enable-ssl) enable_ssl "${2}" - exit + exit 0 shift 2 ;; --disable-ssl) disable_ssl "${2}" - exit + exit 0 shift 2 ;; --remove-ssl) remove_ssl "${2}" - exit + exit 0 shift 2 ;; --renew-ssl) renew_ssl "${2}" - exit + exit 0 shift 2 ;; -b | --enable-brotli) diff --git a/scripts/createssl.sh b/scripts/createssl.sh deleted file mode 100755 index 09c5b3f6..00000000 --- a/scripts/createssl.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash -# Forked from https://gist.github.com/fideloper/9052820 - -SSL_DIR="/etc/ssl/xip.io" -DOMAIN="*.xip.io" -PASSPHRASE="vaprobash" - -SUBJ=" -C=US -ST=Connecticut -O=Vaprobash -localityName=New Haven -commonName=$DOMAIN -organizationalUnitName= -emailAddress= -" - -sudo mkdir -p "$SSL_DIR" - -sudo openssl genrsa -out "$SSL_DIR/xip.io.key" 1024 -sudo openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$SSL_DIR/xip.io.key" -out "$SSL_DIR/xip.io.csr" -passin pass:$PASSPHRASE -sudo openssl x509 -req -days 365 -in "$SSL_DIR/xip.io.csr" -signkey "$SSL_DIR/xip.io.key" -out "$SSL_DIR/xip.io.crt" - -# If apache, enable SSL via `sudo a2enmod ssl`, then restart `sudo service apache2 restart` -# If nginx, already enabled - -# If apache, edit vhost to include HTTPS portion -# If nginx, edit vhost to include HTTPS portion -# .. and then reload relevant service \ No newline at end of file From 87e3d672fb23895b8927f670b8d2fe530c60457f Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 Jul 2024 22:38:01 +0700 Subject: [PATCH 02/10] Fix issue #171 - Nginx http2 deprecation --- lib/lemper-create.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/lemper-create.sh b/lib/lemper-create.sh index 1098c600..62440438 100755 --- a/lib/lemper-create.sh +++ b/lib/lemper-create.sh @@ -22,7 +22,7 @@ CMD_PARENT="lemper-cli" CMD_NAME="create" # Make sure only root can access and not direct access. -if ! declare -F "requires_root" &>/dev/null; then +if [[ "$(type -t requires_root)" != "function" ]]; then echo "Direct access to this script is not permitted." exit 1 fi @@ -120,6 +120,7 @@ function create_vhost_default() { server { listen 80; listen [::]:80; + http2 off; server_name ${SERVERNAME}; @@ -239,6 +240,7 @@ function create_vhost_drupal() { server { listen 80; listen [::]:80; + http2 off; server_name ${SERVERNAME}; @@ -352,6 +354,7 @@ function create_vhost_laravel() { server { listen 80; listen [::]:80; + http2 off; server_name ${SERVERNAME}; @@ -466,6 +469,7 @@ function create_vhost_phalcon() { server { listen 80; listen [::]:80; + http2 off; server_name ${SERVERNAME}; From 255d43320236fb7682f6373c6534555ad339abb1 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 Jul 2024 22:38:50 +0700 Subject: [PATCH 03/10] Fix issue: improvement --- lib/lemper-adduser.sh | 2 +- lib/lemper-bench.sh | 18 +++++------------- lib/lemper-fixpermission.sh | 23 ++++++++++++++++++----- lib/lemper-sslgen.sh | 2 +- 4 files changed, 25 insertions(+), 20 deletions(-) diff --git a/lib/lemper-adduser.sh b/lib/lemper-adduser.sh index 84820b70..0c528b2a 100755 --- a/lib/lemper-adduser.sh +++ b/lib/lemper-adduser.sh @@ -22,7 +22,7 @@ #CMD_NAME="adduser" # Make sure only root can access and not direct access. -if ! declare -F "requires_root" &>/dev/null; then +if [[ "$(type -t requires_root)" != "function" ]]; then echo "Direct access to this script is not permitted." exit 1 fi diff --git a/lib/lemper-bench.sh b/lib/lemper-bench.sh index b42c8432..5bfdb286 100755 --- a/lib/lemper-bench.sh +++ b/lib/lemper-bench.sh @@ -29,10 +29,10 @@ echo "" # Network speed test benchmark. echo "### Network Speedtest Benchmark ###" -cachefly=$( wget -q -O /dev/null http://cachefly.cachefly.net/100mb.test 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) +cachefly=$( wget -q -O /dev/null https://cachefly.cachefly.net/100mb.test 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) echo "Download speed from CacheFly: $cachefly " -leaseweb=$( wget -q -O /dev/null http://mirror.leaseweb.com/speedtest/100mb.bin 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) -echo "Download speed from Leaseweb, Haarlem, NL: $leaseweb " +ovh=$( wget -q -O /dev/null https://proof.ovh.net/files/100Mb.dat 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) +echo "Download speed from OVH: $ovh " linodeatl=$( wget -q -O /dev/null http://speedtest.atlanta.linode.com/100MB-atlanta.bin 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) echo "Download speed from Linode, Atlanta, GA: $linodeatl " @@ -49,13 +49,5 @@ echo "Download speed from Linode, Tokyo, JP: $linodejp " linodesgp=$( wget -q -O /dev/null http://speedtest.singapore.linode.com/100MB-singapore.bin 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) echo "Download speed from Linode, Singapore, SGP: $linodesgp " -slsea=$( wget -q -O /dev/null http://speedtest.sea01.softlayer.com/downloads/test100.zip 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) -echo "Download speed from Softlayer, Seattle, WA: $slsea " -slsjc=$( wget -q -O /dev/null http://speedtest.sjc01.softlayer.com/downloads/test100.zip 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) -echo "Download speed from Softlayer, San Jose, CA: $slsjc " -sldal=$( wget -q -O /dev/null http://speedtest.dal05.softlayer.com/downloads/test100.zip 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) -echo "Download speed from Softlayer, Dallas, TX: $sldal " -slwdc=$( wget -q -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test100.zip 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) -echo "Download speed from Softlayer, Washington, DC: $slwdc " -slsng=$( wget -q -O /dev/null http://speedtest.sng01.softlayer.com/downloads/test100.zip 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) -echo "Download speed from Softlayer, Singapore: $slsng " +vodafone=$( wget -q -O /dev/null http://212.183.159.230/100MB.zip 2>&1 | awk '/\/dev\/null/ {speed=$3 $4} END {gsub(/\(|\)/,"",speed); print speed}' ) +echo "Download speed from Vodafone: $vodafone " \ No newline at end of file diff --git a/lib/lemper-fixpermission.sh b/lib/lemper-fixpermission.sh index b0b05758..f42592fb 100755 --- a/lib/lemper-fixpermission.sh +++ b/lib/lemper-fixpermission.sh @@ -2,12 +2,25 @@ # Fix file permission # Min. Requirement : GNU/Linux Ubuntu 18.04 -# Last Build : 17/07/2019 +# Last Build : 07/07/2024 # Author : MasEDI.Net (me@masedi.net) # Since Version : 1.0.0 -# directory -[ "${1}" = "" ] && return 0 +# Make sure only root can access and not direct access. +if [[ "$(type -t requires_root)" != "function" ]]; then + echo "Direct access to this script is not permitted." + exit 1 +fi -find "${1}" -type d -print0 | xargs -0 chmod 755 -find "${1}" -type f -print0 | xargs -0 chmod 644 +# Usage: fixpermission path +function fixpermission() { + # Path file / directory + [ "${1}" = "" ] && return 0 + + find "${1}" -type d -print0 | xargs -0 chmod 755 + find "${1}" -type f -print0 | xargs -0 chmod 644 +} + +# Start running things from a call at the end so if this script is executed +# after a partial download it doesn't do anything. +fixpermission "$@" \ No newline at end of file diff --git a/lib/lemper-sslgen.sh b/lib/lemper-sslgen.sh index 5968abe7..2dfca971 100755 --- a/lib/lemper-sslgen.sh +++ b/lib/lemper-sslgen.sh @@ -22,7 +22,7 @@ #CMD_NAME="sslgen" # Make sure only root can access and not direct access. -if ! declare -F "requires_root" &>/dev/null; then +if [[ "$(type -t requires_root)" != "function" ]]; then echo "Direct access to this script is not permitted." exit 1 fi From 2a9774aa5a118bcc761bc2b0e63bb7611054086e Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 Jul 2024 22:42:32 +0700 Subject: [PATCH 04/10] Update: list of supported PHP versions --- scripts/install_php.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_php.sh b/scripts/install_php.sh index bd1937ef..c7712bd6 100755 --- a/scripts/install_php.sh +++ b/scripts/install_php.sh @@ -1050,7 +1050,7 @@ function init_php_install() { ;; 9 | "all") # Select all PHP versions (except EOL & Beta). - SELECTED_PHP_VERSIONS=("5.6" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2") + SELECTED_PHP_VERSIONS=("7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2" "8.3") ;; *) error "Your selected PHP version ${SELECTED_PHP} is not supported yet." From 3f4487e3f05357989d39f3b8f78adf1d970f5a98 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 Jul 2024 22:43:03 +0700 Subject: [PATCH 05/10] Update: LEMPer CLI tool install --- scripts/install_tools.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/install_tools.sh b/scripts/install_tools.sh index 0ed14d3f..b3a1968b 100755 --- a/scripts/install_tools.sh +++ b/scripts/install_tools.sh @@ -53,6 +53,15 @@ function init_tools_install() { run cp -f lib/lemper-db.sh /etc/lemper/cli-plugins/lemper-db && \ run chmod ugo+x /etc/lemper/cli-plugins/lemper-db + run cp -f lib/lemper-sslgen.sh /etc/lemper/cli-plugins/lemper-selfssl && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-selfssl + + run cp -f lib/lemper-fixpermission.sh /etc/lemper/cli-plugins/lemper-fixpermission && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-fixpermission + + run cp -f lib/lemper-bench.sh /etc/lemper/cli-plugins/lemper-bench && \ + run chmod ugo+x /etc/lemper/cli-plugins/lemper-bench + # Remove old LEMPer CLI tool. [ -d /usr/local/lib/lemper ] && run rm -fr /usr/local/lib/lemper/lemper-* @@ -72,7 +81,6 @@ function init_tools_install() { # Install PHP Info run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php' - run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php56' run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php70' run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php71' run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php72' @@ -81,6 +89,7 @@ function init_tools_install() { run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php80' run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php81' run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php82' + run bash -c 'echo "" > /usr/share/nginx/html/lcp/phpinfo.php83' # Install Adminer for Web-based MySQL Administration Tool. [ ! -d /usr/share/nginx/html/lcp/dbadmin ] && run mkdir -p /usr/share/nginx/html/lcp/dbadmin From cd252ab5608d4d0801bc44d3081c7b4b38960034 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Sun, 7 Jul 2024 22:50:51 +0700 Subject: [PATCH 06/10] Fix PHP verion --- scripts/install_php.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install_php.sh b/scripts/install_php.sh index c7712bd6..b861da7d 100755 --- a/scripts/install_php.sh +++ b/scripts/install_php.sh @@ -821,7 +821,7 @@ function install_sourceguardian_loader() { if curl -sLI "${SG_ZIP_URL}" | grep -q "HTTP/[.12]* [2].."; then run wget "${SG_ZIP_URL}" && \ - run tar -xzf "${SG_ZIP_FILENAME}" && \ + run tar -xf "${SG_ZIP_FILENAME}" && \ run mv -f "${BUILD_DIR}/sourceguardian" /usr/lib/php/loaders/ else error "Cannot download SourceGuardian PHP loader: 'sourceguardian_loaders.linux-${SG_ARCH}.tar.gz'." From e07fc37f360e85271d0d2f18d0f9554d8f6bbebb Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Mon, 8 Jul 2024 07:21:02 +0700 Subject: [PATCH 07/10] Fix symbolic link --- scripts/install_mariadb.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install_mariadb.sh b/scripts/install_mariadb.sh index d39d0e21..eb9c20aa 100755 --- a/scripts/install_mariadb.sh +++ b/scripts/install_mariadb.sh @@ -133,13 +133,13 @@ function init_mariadb_install() { run cp etc/systemd/mariadb.service /lib/systemd/system/ [[ ! -f /etc/systemd/system/multi-user.target.wants/mariadb.service && -f /lib/systemd/system/mariadb.service ]] && \ - run ln -s /lib/systemd/system/mariadb.service /etc/systemd/system/multi-user.target.wants/mariadb.service + run ln -sf /lib/systemd/system/mariadb.service /etc/systemd/system/multi-user.target.wants/mariadb.service [[ ! -f /etc/systemd/system/mysqld.service && -f /lib/systemd/system/mariadb.service ]] && \ - run ln -s /lib/systemd/system/mariadb.service /etc/systemd/system/mysqld.service + run ln -sf /lib/systemd/system/mariadb.service /etc/systemd/system/mysqld.service [[ ! -f /etc/systemd/system/mysql.service && -f /lib/systemd/system/mariadb.service ]] && \ - run ln -s /lib/systemd/system/mariadb.service /etc/systemd/system/mysql.service + run ln -sf /lib/systemd/system/mariadb.service /etc/systemd/system/mysql.service # Install default table. if [[ -n $(command -v mysql_install_db) ]]; then From fc052b2ae09efa0fecb2104cc45bfa279c5b9ef8 Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Mon, 8 Jul 2024 07:22:26 +0700 Subject: [PATCH 08/10] Move self signed ssl, permission fix, benchmark tool --- scripts/install_tools.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install_tools.sh b/scripts/install_tools.sh index b3a1968b..c2dbc63d 100755 --- a/scripts/install_tools.sh +++ b/scripts/install_tools.sh @@ -234,9 +234,9 @@ EOL # Assign ownership properly. run chown -hR www-data:www-data /usr/share/nginx/html - #if [[ -x /usr/local/bin/lemper-cli && -d /usr/share/nginx/html/lcp ]]; then - # success "LEMPer CLI & web tools successfully installed." - #fi + if [[ -x /usr/local/bin/lemper-cli && -d /usr/share/nginx/html/lcp ]]; then + success "LEMPer CLI & web tools successfully installed." + fi } echo "[LEMPer CLI & Web Tools Installation]" From 030caec3b654a34c583566e8592592b4dbf84ecb Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Mon, 8 Jul 2024 07:23:58 +0700 Subject: [PATCH 09/10] Fix add new user permission --- lib/lemper-create.sh | 19 ++++++++++--------- scripts/utils.sh | 1 + 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/lib/lemper-create.sh b/lib/lemper-create.sh index 62440438..854d0fe8 100755 --- a/lib/lemper-create.sh +++ b/lib/lemper-create.sh @@ -1065,15 +1065,16 @@ function init_lemper_create() { create_fpm_pool_conf "${USERNAME}" "${PHP_VERSION}" > "/etc/php/${PHP_VERSION}/fpm/pool.d/${USERNAME}.conf" # Create default directories & log files. - run mkdir -p "/home/${USERNAME}/.lemper/tmp" - run mkdir -p "/home/${USERNAME}/.lemper/php/opcache" - run mkdir -p "/home/${USERNAME}/.lemper/php/sessions" - run mkdir -p "/home/${USERNAME}/.lemper/php/wsdlcache" - run mkdir -p "/home/${USERNAME}/cgi-bin" - run mkdir -p "/home/${USERNAME}/logs/php" - run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_slow.log" - run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_error.log" - run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-opcache_error.log" + run mkdir -p "/home/${USERNAME}/.lemper/tmp" && \ + run mkdir -p "/home/${USERNAME}/.lemper/php/opcache" && \ + run mkdir -p "/home/${USERNAME}/.lemper/php/sessions" && \ + run mkdir -p "/home/${USERNAME}/.lemper/php/wsdlcache" && \ + run mkdir -p "/home/${USERNAME}/cgi-bin" && \ + run mkdir -p "/home/${USERNAME}/logs/php" && \ + run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_slow.log" && \ + run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_error.log" && \ + run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-opcache_error.log" && \ + run chmod 644 "/home/${USERNAME}" && \ run chown -hR "${USERNAME}:${USERNAME}" "/home/${USERNAME}/.lemper" "/home/${USERNAME}/cgi-bin" "/home/${USERNAME}/logs" # Restart PHP FPM. diff --git a/scripts/utils.sh b/scripts/utils.sh index daf383cd..0c36c6f5 100755 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -693,6 +693,7 @@ function create_account() { run chmod 700 "/home/${LEMPER_USERNAME}/.ssh" && \ run touch "/home/${LEMPER_USERNAME}/.ssh/authorized_keys" && \ run chmod 600 "/home/${LEMPER_USERNAME}/.ssh/authorized_keys" && \ + run chmod 644 "/home/${LEMPER_USERNAME}" && \ run chown -hR "${LEMPER_USERNAME}:${LEMPER_USERNAME}" "/home/${LEMPER_USERNAME}" # Add account credentials to /srv/.htpasswd. From a2d8f8dca06908e2ff27d86212996c37439b3a2d Mon Sep 17 00:00:00 2001 From: Edi Septriyanto Date: Mon, 8 Jul 2024 08:17:08 +0700 Subject: [PATCH 10/10] Fix add new user home dir permission --- lib/lemper-create.sh | 2 +- scripts/utils.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/lemper-create.sh b/lib/lemper-create.sh index 854d0fe8..87b83bcc 100755 --- a/lib/lemper-create.sh +++ b/lib/lemper-create.sh @@ -1074,7 +1074,7 @@ function init_lemper_create() { run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_slow.log" && \ run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-fpm_error.log" && \ run touch "/home/${USERNAME}/logs/php/php${PHP_VERSION}-opcache_error.log" && \ - run chmod 644 "/home/${USERNAME}" && \ + run chmod 755 "/home/${USERNAME}" && \ run chown -hR "${USERNAME}:${USERNAME}" "/home/${USERNAME}/.lemper" "/home/${USERNAME}/cgi-bin" "/home/${USERNAME}/logs" # Restart PHP FPM. diff --git a/scripts/utils.sh b/scripts/utils.sh index 0c36c6f5..6f5853b6 100755 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -693,7 +693,7 @@ function create_account() { run chmod 700 "/home/${LEMPER_USERNAME}/.ssh" && \ run touch "/home/${LEMPER_USERNAME}/.ssh/authorized_keys" && \ run chmod 600 "/home/${LEMPER_USERNAME}/.ssh/authorized_keys" && \ - run chmod 644 "/home/${LEMPER_USERNAME}" && \ + run chmod 755 "/home/${LEMPER_USERNAME}" && \ run chown -hR "${LEMPER_USERNAME}:${LEMPER_USERNAME}" "/home/${LEMPER_USERNAME}" # Add account credentials to /srv/.htpasswd.