Mini Shell

Direktori : /usr/share/cagefs/
Upload File :
Current File : //usr/share/cagefs/clean_user_alt_php_sessions_plesk

#!/opt/cloudlinux/venv/bin/python3 -bb

from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from future import standard_library
standard_library.install_aliases()
from builtins import *
import sys
import os
import glob
import time
import secureio
import subprocess
from collections import defaultdict
from clcommon import login_defs
from future.utils import iteritems
sys.path.append('/usr/share/cagefs')
from cagefslib import (
	get_alt_dirs,
	clean_dir_from_old_session_files,
	get_opts_from_php_ini,
	is_clean_user_php_sessions_enabled
)


# default period 1440 sec = 24 min
_DEFAULT_TIMEOUT = 1440
_PLESK_PHP_SESSIONS_NATIVE_DIR = '/var/lib/php/session'
_PLESK_MAX_LIFETIME_SCRIPT = '/usr/lib64/plesk-9.0/maxlifetime'


def _get_alt_php_dirs_timeouts(alt_php_dir_list):
	"""
	Retrieve alt_php_versions list
	:param alt_php_dir_list: alt-php directories list
	:return: dict such as
		{'55': {'/tmp': 1440}, '54': {'/tmp': 2880}}
	"""
	alt_php_dirs_timeouts = defaultdict(dict)
	# Read /opt/alt/phpXX/etc/php.ini
	for alt_php_dir in alt_php_dir_list:
		alt_php_ini_file = '/opt/alt/%s/etc/php.ini' % alt_php_dir
		session_path, session_lifetime = get_opts_from_php_ini(alt_php_ini_file, _DEFAULT_TIMEOUT)
		if session_lifetime < _DEFAULT_TIMEOUT:
			session_lifetime = _DEFAULT_TIMEOUT
		alt_php_dirs_timeouts[alt_php_dir] = {session_path: session_lifetime}
	return alt_php_dirs_timeouts


def _clean_user(user_pw, alt_php_dirs_timeouts):
	"""
	Clean directory from old files
	:param user_pw: user's pwd object
	:param alt_php_dirs_timeouts: alt_php versions, paths and timeouts list
		{'php52': {'/tmp': 1440}, 'php53': {'/tmp': 1440}}
	:return: None
	"""
	# Directory to lifetime map. Example:
	# {'/var/www/vhosts/cltest1.com/.cagefs/tmp': 1440,
	#  '/var/www/vhosts/cltest1.com/.cagefs/opt/alt/php54/var/lib/php/session': 2880}
	dir_to_lifetime_map = dict()
	cagefs_base_path = os.path.join(user_pw.pw_dir, '.cagefs')
	# 1. Add alt-php session dirs
	for php_dir, php_ver_dir_lifetime_dict in alt_php_dirs_timeouts.items():
		for session_path, session_lifetime in php_ver_dir_lifetime_dict.items():
			if session_path.startswith('/'):
				# Remove leading /
				session_path = session_path[1:]
			# Add path to dict fo clean
			dir_to_add = os.path.join(cagefs_base_path, session_path)
			dir_to_lifetime_map[dir_to_add] = session_lifetime
	# 2. Add Plesk native dir /var/lib/php/session inside Cagefs
	if os.path.isfile(_PLESK_MAX_LIFETIME_SCRIPT):
		# Plesk script present - determine maxlifetime from it
		process = subprocess.Popen([_PLESK_MAX_LIFETIME_SCRIPT],
								stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
		std_out, _ = process.communicate()
		try:
			# Plesk script gives maxlivetime in minutes, so convert it to seconds
			session_lifetime = int(std_out.strip()) * 60
			# Add path to dict fo clean
			dir_to_add = os.path.join(cagefs_base_path, _PLESK_PHP_SESSIONS_NATIVE_DIR[1:])
			dir_to_lifetime_map[dir_to_add] = session_lifetime
		except ValueError:
			# If plesk script gives invalid output - ignore Plesk dir
			pass
	# Drop permissions
	res = secureio.set_user_perm(user_pw.pw_uid, user_pw.pw_gid, exit=False)
	if res == -1:
		return
	# Clean all dirs in dict
	for sess_dir_name, sess_lifetime in dir_to_lifetime_map.items():
		clean_dir_from_old_session_files(sess_dir_name, sess_lifetime)
	# get back root permissions
	secureio.set_root_perm()


def main():
	if not is_clean_user_php_sessions_enabled():
		sys.exit(0)
	alt_php_dirs_timeouts = _get_alt_php_dirs_timeouts(get_alt_dirs())
	min_uid = int(login_defs('UID_MIN', 500))
	for _, pwnam in secureio.clpwd.get_user_dict().items():
		if pwnam.pw_uid >= min_uid:
			_clean_user(pwnam, alt_php_dirs_timeouts)


if __name__ == "__main__":
	main()

Zerion Mini Shell 1.0