Fix bug with sftp jail and username containing - (#3941)

* Bug with / not mounting due error with systemd files when username contain -

* Use double qoutes

* Add test regarding sftp jail

* Fix folder not created

* Use mkdir -p

* Improve chown

bin/v-add-web-domain-ftp

@@ -80,10 +80,11 @@ else
 		log_event "$E_INVALID" "$ARGUMENTS"
 		exit "$E_INVALID"
 	fi
+
 	# Creating ftp user home directory
 	if [ ! -e "$ftp_path_a" ]; then
-		$BIN/v-add-fs-directory "$user" "$ftp_path_a"
-		chown $user:$user "$ftp_path_a"
+		mkdir -p "$ftp_path_a"
+		chown --no-dereference $user:$user "$ftp_path_a"
 		chmod 751 "$ftp_path_a"
 	fi
 fi

bin/v-change-web-domain-ftp-path

@@ -65,8 +65,8 @@ check_hestia_demo_mode
 
 # MKDIR if path doesn't exist
 if [ ! -e "$ftp_path_a" ]; then
-	$BIN/v-add-fs-directory "$user" "$ftp_path_a"
-	chown $user:$user "$ftp_path_a"
+	mkdir -p "$ftp_path_a"
+	chown --no-dereference $user:$user "$ftp_path_a"
 	chmod 751 "$ftp_path_a"
 fi
 

func/main.sh

@@ -1726,7 +1726,8 @@ add_chroot_jail() {
 		chmod 755 /srv/jail/$user/home
 	fi
 
-	cat > /etc/systemd/system/srv-jail-$user-home.mount << EOF
+	systemd=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+	cat > "/etc/systemd/system/$systemd" << EOF
 [Unit]
 Description=Mount $user's home directory to the jail chroot
 Before=local-fs.target
@@ -1743,16 +1744,17 @@ RequiredBy=local-fs.target
 EOF
 
 	systemctl daemon-reload > /dev/null 2>&1
-	systemctl enable srv-jail-$user-home.mount > /dev/null 2>&1
-	systemctl start srv-jail-$user-home.mount > /dev/null 2>&1
+	systemctl enable "$systemd" > /dev/null 2>&1
+	systemctl start "$systemd" > /dev/null 2>&1
 }
 
 delete_chroot_jail() {
 	local user=$1
 
-	systemctl stop srv-jail-$user-home.mount > /dev/null 2>&1
-	systemctl disable srv-jail-$user-home.mount > /dev/null 2>&1
-	rm -f /etc/systemd/system/srv-jail-$user-home.mount
+	systemd=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+	systemctl stop "$systemd" > /dev/null 2>&1
+	systemctl disable "$systemd" > /dev/null 2>&1
+	rm -f "/etc/systemd/system/$systemd"
 	systemctl daemon-reload > /dev/null 2>&1
 	rmdir /srv/jail/$user/home > /dev/null 2>&1
 	rmdir /srv/jail/$user > /dev/null 2>&1

test/test.bats

@@ -415,6 +415,8 @@ function check_ip_not_banned(){
 
     run stat -c '%U' /home/$user
     assert_output --partial "$user"
+		mount_file=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+		assert_file_not_exist /etc/systemd/system/$mount_file
 }
 
 @test "User: Change user invalid shell" {
@@ -430,6 +432,8 @@ function check_ip_not_banned(){
 
     run stat -c '%U' /home/$user
     assert_output --partial 'root'
+		mount_file=$(systemd-escape -p --suffix=mount "/srv/jail/$user/home")
+		assert_file_exist /etc/systemd/system/$mount_file
 }