Halaman utama Jelajahi Bantuan
Masuk
yosoyhendrix
/
hestiacp
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

Add restart flag to v-add-*-sftp-jail scripts and modify upgrade routine

This should help prevent service restart storm from issue #370
Kristan Kenney 6 tahun lalu
induk
4cf01b8bda
melakukan
09975da687
3 mengubah file dengan 16 tambahan dan 11 penghapusan
Unified View Tampilkan Statistik Diff
  1. 5 4
      bin/v-add-sys-sftp-jail
  2. 7 3
      bin/v-add-user-sftp-jail
  3. 4 4
      install/upgrade/1.00.0-190618.sh

+ 5 - 4
bin/v-add-sys-sftp-jail
Tampilan Berkas 

@@ -1,6 +1,6 @@
 
 #!/bin/bash
 
 #!/bin/bash
 
 # info: add system sftp jail
 
 # info: add system sftp jail
 
-# options: NONE
 
+# options: [RESTART]
 
 #
 
 #
 
 # The script enables sftp jailed environment
 
 # The script enables sftp jailed environment
 
 
 
@@ -14,6 +14,7 @@ source /etc/profile
 
 source $HESTIA/func/main.sh
 
 source $HESTIA/func/main.sh
 
 source $HESTIA/conf/hestia.conf
 
 source $HESTIA/conf/hestia.conf
 
 
 
+restart=$1
 
 
 
 #----------------------------------------------------------#
 
 #----------------------------------------------------------#
 
 #                    Verifications                         #
 
 #                    Verifications                         #
 
@@ -45,11 +46,12 @@ if [ -z "$sftp_i" ]; then
 
     echo "    X11Forwarding no" >> $config
 
     echo "    X11Forwarding no" >> $config
 
     echo "    AllowTCPForwarding no" >> $config
 
     echo "    AllowTCPForwarding no" >> $config
 
     echo "    ForceCommand internal-sftp" >> $config
 
     echo "    ForceCommand internal-sftp" >> $config
 
-    restart='yes'
 
 fi
 
 fi
 
 
 
 # Validating opensshd config
 
 # Validating opensshd config
 
-if [ "$restart" = 'yes' ]; then
 
+if [ "$restart" = 'no' ]; then
 
+    # Skip restarting SSH daemon
 
+else
 
     subj="OpenSSH restart failed"
 
     subj="OpenSSH restart failed"
 
     email=$(grep CONTACT $HESTIA/data/users/admin/user.conf |cut -f 2 -d \')
 
     email=$(grep CONTACT $HESTIA/data/users/admin/user.conf |cut -f 2 -d \')
 
     /usr/sbin/sshd -t >/dev/null 2>&1
 
     /usr/sbin/sshd -t >/dev/null 2>&1
 
@@ -59,7 +61,6 @@ if [ "$restart" = 'yes' ]; then
 
         echo -e "$mail_text" |$SENDMAIL -s "$subj" $email
 
         echo -e "$mail_text" |$SENDMAIL -s "$subj" $email
 
     else
 
     else
 
         service ssh restart >/dev/null 2>&1
 
         service ssh restart >/dev/null 2>&1
 
-        service sshd restart >/dev/null 2>&1
 
     fi
 
     fi
 
 fi
 
 fi

+ 7 - 3
bin/v-add-user-sftp-jail
Tampilan Berkas 

@@ -1,6 +1,6 @@
 
 #!/bin/bash
 
 #!/bin/bash
 
 # info: add user sftp jail
 
 # info: add user sftp jail
 
-# options: USER
 
+# options: USER [RESTART]
 
 #
 
 #
 
 # The script enables sftp jailed environment
 
 # The script enables sftp jailed environment
 
 
 
@@ -11,6 +11,7 @@
 
 
 
 # Argument definition
 
 # Argument definition
 
 user=$1
 
 user=$1
 
+restart=$2
 
 
 
 # Includes
 
 # Includes
 
 source $HESTIA/func/main.sh
 
 source $HESTIA/func/main.sh
 
@@ -62,8 +63,11 @@ chown root:root /home/$user
 
 #----------------------------------------------------------#
 
 #----------------------------------------------------------#
 
 
 
 # Restart ssh service
 
 # Restart ssh service
 
-service ssh restart > /dev/null 2>&1
 
-service sshd restart > /dev/null 2>&1
 
+if [ "$restart" = 'no' ]; then
 
+    # Skip restart of SSH daemon
 
+else
 
+    service ssh restart > /dev/null 2>&1
 
+fi
 
 
 
 # Logging
 
 # Logging
 
 log_event "$OK" "$ARGUMENTS"
 
 log_event "$OK" "$ARGUMENTS"

+ 4 - 4
install/upgrade/1.00.0-190618.sh
Tampilan Berkas 

@@ -323,14 +323,13 @@ if [ ! -z "$WEBALIZER_CHECK" ]; then
 
 fi
 
 fi
 
 
 
 # Run sftp jail once
 
 # Run sftp jail once
 
-$HESTIA/bin/v-add-sys-sftp-jail
 
+$HESTIA/bin/v-add-sys-sftp-jail no
 
 
 
 # Enable SFTP subsystem for SSH
 
 # Enable SFTP subsystem for SSH
 
 sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
 
 sftp_subsys_enabled=$(grep -iE "^#?.*subsystem.+(sftp )?sftp-server" /etc/ssh/sshd_config)
 
 if [ ! -z "$sftp_subsys_enabled" ]; then
 
 if [ ! -z "$sftp_subsys_enabled" ]; then
 
     echo "(*) Updating SFTP subsystem configuration..."
 
     echo "(*) Updating SFTP subsystem configuration..."
 
     sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
 
     sed -i -E "s/^#?.*Subsystem.+(sftp )?sftp-server/Subsystem sftp internal-sftp/g" /etc/ssh/sshd_config
 
-    systemctl restart ssh
 
 fi
 
 fi
 
 
 
 # Remove and migrate obsolete object keys
 
 # Remove and migrate obsolete object keys
 
@@ -423,8 +422,9 @@ if [ ! -z $DNS_SYSTEM ]; then
 
 	$BIN/v-restart-dns $restart
 
 	$BIN/v-restart-dns $restart
 
 fi
 
 fi
 
 
 
-# restart Hestia services (nginx,php-fpm)
 
-systemctl restart hestia
 
+$BIN/v-restart-service ssh $restart
 
+$BIN/v-restart-service hestia $restart
 
+
 
 
 
 echo ""
 
 echo ""
 
 echo "    Upgrade complete! Please report any bugs or issues to"
 
 echo "    Upgrade complete! Please report any bugs or issues to"