I found that my users' .htpasswd files are not updated, e.g. after users change their passwords. This behavior was introduced with ISPconfig 2.2.37. Apparently, someone complained that .htpasswd files get overwritten every night. Indeed this happened due to a bug but the logic of its fix escapes me. I understand that users might want to use .htpasswd to manually add users, but if I am not mistaken, $webname/.htpasswd was never intended to be used by users (as, unfortunately, it has been suggested in this forum even by ISPconfig maintainers). These .htpasswd files should reflect the current passwd/shadow files. I might even want to suggest to change the permissions from 664 to 644, i.e. do not allow the group to modify the file. The current situation, that these files are not updated, clearly is unsatisfactory, to say the least. For a quick and dirty workaround to have the files updated, remove the ! from line 122 in /root/ispconfig/scripts/shell/webalizer.php and line 118 in /root/ispconfig/scripts/shell/awstats.php, i.e. (it's the same line in both files) Code: if(!@is_file($web_home."/".$webname."/.htpasswd")) {
Seems to me that this resolution does not work (2.2.38 in my case). Does 2.2.40 resolve this problem?
AFAIK there have been no changes on this side. I am running 2.2.40 and I have removed the ! as mentioned above. htpasswd files are updated.