Mini Shell
Direktori : /usr/share/cagefs/ |
|
Current File : //usr/share/cagefs/clean_user_alt_php_sessions_plesk |
#!/opt/cloudlinux/venv/bin/python3 -bb
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from future import standard_library
standard_library.install_aliases()
from builtins import *
import sys
import os
import glob
import time
import secureio
import subprocess
from collections import defaultdict
from clcommon import login_defs
from future.utils import iteritems
sys.path.append('/usr/share/cagefs')
from cagefslib import (
get_alt_dirs,
clean_dir_from_old_session_files,
get_opts_from_php_ini,
is_clean_user_php_sessions_enabled
)
# default period 1440 sec = 24 min
_DEFAULT_TIMEOUT = 1440
_PLESK_PHP_SESSIONS_NATIVE_DIR = '/var/lib/php/session'
_PLESK_MAX_LIFETIME_SCRIPT = '/usr/lib64/plesk-9.0/maxlifetime'
def _get_alt_php_dirs_timeouts(alt_php_dir_list):
"""
Retrieve alt_php_versions list
:param alt_php_dir_list: alt-php directories list
:return: dict such as
{'55': {'/tmp': 1440}, '54': {'/tmp': 2880}}
"""
alt_php_dirs_timeouts = defaultdict(dict)
# Read /opt/alt/phpXX/etc/php.ini
for alt_php_dir in alt_php_dir_list:
alt_php_ini_file = '/opt/alt/%s/etc/php.ini' % alt_php_dir
session_path, session_lifetime = get_opts_from_php_ini(alt_php_ini_file, _DEFAULT_TIMEOUT)
if session_lifetime < _DEFAULT_TIMEOUT:
session_lifetime = _DEFAULT_TIMEOUT
alt_php_dirs_timeouts[alt_php_dir] = {session_path: session_lifetime}
return alt_php_dirs_timeouts
def _clean_user(user_pw, alt_php_dirs_timeouts):
"""
Clean directory from old files
:param user_pw: user's pwd object
:param alt_php_dirs_timeouts: alt_php versions, paths and timeouts list
{'php52': {'/tmp': 1440}, 'php53': {'/tmp': 1440}}
:return: None
"""
# Directory to lifetime map. Example:
# {'/var/www/vhosts/cltest1.com/.cagefs/tmp': 1440,
# '/var/www/vhosts/cltest1.com/.cagefs/opt/alt/php54/var/lib/php/session': 2880}
dir_to_lifetime_map = dict()
cagefs_base_path = os.path.join(user_pw.pw_dir, '.cagefs')
# 1. Add alt-php session dirs
for php_dir, php_ver_dir_lifetime_dict in alt_php_dirs_timeouts.items():
for session_path, session_lifetime in php_ver_dir_lifetime_dict.items():
if session_path.startswith('/'):
# Remove leading /
session_path = session_path[1:]
# Add path to dict fo clean
dir_to_add = os.path.join(cagefs_base_path, session_path)
dir_to_lifetime_map[dir_to_add] = session_lifetime
# 2. Add Plesk native dir /var/lib/php/session inside Cagefs
if os.path.isfile(_PLESK_MAX_LIFETIME_SCRIPT):
# Plesk script present - determine maxlifetime from it
process = subprocess.Popen([_PLESK_MAX_LIFETIME_SCRIPT],
stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
std_out, _ = process.communicate()
try:
# Plesk script gives maxlivetime in minutes, so convert it to seconds
session_lifetime = int(std_out.strip()) * 60
# Add path to dict fo clean
dir_to_add = os.path.join(cagefs_base_path, _PLESK_PHP_SESSIONS_NATIVE_DIR[1:])
dir_to_lifetime_map[dir_to_add] = session_lifetime
except ValueError:
# If plesk script gives invalid output - ignore Plesk dir
pass
# Drop permissions
res = secureio.set_user_perm(user_pw.pw_uid, user_pw.pw_gid, exit=False)
if res == -1:
return
# Clean all dirs in dict
for sess_dir_name, sess_lifetime in dir_to_lifetime_map.items():
clean_dir_from_old_session_files(sess_dir_name, sess_lifetime)
# get back root permissions
secureio.set_root_perm()
def main():
if not is_clean_user_php_sessions_enabled():
sys.exit(0)
alt_php_dirs_timeouts = _get_alt_php_dirs_timeouts(get_alt_dirs())
min_uid = int(login_defs('UID_MIN', 500))
for _, pwnam in secureio.clpwd.get_user_dict().items():
if pwnam.pw_uid >= min_uid:
_clean_user(pwnam, alt_php_dirs_timeouts)
if __name__ == "__main__":
main()
Zerion Mini Shell 1.0