From 7f9f60682e7299e09552e839df778acf5b6c750d Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Sat, 7 Aug 2021 14:28:10 +0500 Subject: [PATCH] security fix: CP-13: Admin Back Up Create Back Up --- plogical/backupUtilities.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/plogical/backupUtilities.py b/plogical/backupUtilities.py index c6bf2b532..cae8db3eb 100755 --- a/plogical/backupUtilities.py +++ b/plogical/backupUtilities.py @@ -291,7 +291,7 @@ class backupUtilities: metaFile = open(metaPath, 'w') metaFile.write(xmlpretty.decode()) metaFile.close() - os.chmod(metaPath, 0o777) + os.chmod(metaPath, 0o600) ## meta generated @@ -2023,6 +2023,9 @@ def submitBackupCreation(tempStoragePath, backupName, backupPath, backupDomain): command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, status) ProcessUtilities.executioner(command) + command = 'chown %s:%s %s' % (website.externalApp, website.externalApp, result[2]) + ProcessUtilities.executioner(command) + execPath = "sudo nice -n 10 /usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/backupUtilities.py" execPath = execPath + " startBackup --tempStoragePath " + tempStoragePath + " --backupName " \ + backupName + " --backupPath " + backupPath + ' --backupDomain ' + backupDomain + ' --metaPath %s' % ( @@ -2039,6 +2042,9 @@ def submitBackupCreation(tempStoragePath, backupName, backupPath, backupDomain): ## Backing up databases + command = 'chown cyberpanel:cyberpanel %s' % (result[2]) + ProcessUtilities.executioner(command) + backupMetaData = ElementTree.parse(result[2]) databases = backupMetaData.findall('Databases/database')