Mini Shell

Direktori : /usr/share/cagefs/
Upload File :
Current File : //usr/share/cagefs/exclude_users_cleaner.py

#!/opt/cloudlinux/venv/bin/python3 -bb
# -*- coding: utf-8 -*-

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

from __future__ import print_function
from __future__ import absolute_import
from __future__ import division
from __future__ import unicode_literals
from future import standard_library
standard_library.install_aliases()
from builtins import *
import glob
import os
import sys
from pwd import getpwnam

from clcommon.utils import get_file_lines, write_file_lines
from clcommon.cpapi import cpusers, NotSupported
from clcommon.utils import mod_makedirs

# cagefs imports
LIBDIR = '/usr/share/cagefs'
sys.path.append(LIBDIR)
from cagefsctl import EXCLUDE_PATH

NEW_EXCLUDE_PATH = '/usr/share/cagefs/exclude.d'


def _is_user_present_in_system(username):
    try:
        getpwnam(username)
        return True
    except KeyError:
        return False


def _is_exclude_user(cp_users, username):
    """
    Determines whether the user should be excluded from CageFS
    :param cp_users: Panel users lst
    :param username: username to check
    :return: True - user should be excluded from CageFs, False - else
    """
    if username in cp_users:
        # Panel user should not be excluded from CageFS
        return False
    if _is_user_present_in_system(username):
        # User present in system, but absent in panel - exclude from CageFS
        return True
    return False


def _process_file(cp_users, source_filename, dest_filename):
    """
    Copies usernames from source file to destination file and excudes absent and panel users
    :param source_filename: Source filename (/usr/share/cagefs/exclude.d/..)
    :param dest_filename: Destination filename (/etc/cagefs/exclude/..)
    :return: None
    """
    source_lines = get_file_lines(source_filename)
    if os.path.isfile(dest_filename):
        dest_lines = get_file_lines(dest_filename)
    else:
        dest_lines = []
    # Determine manually added users to destination file and put them to output line list
    source_users = [x.strip() for x in source_lines]
    dest_users = [x.strip() for x in dest_lines]
    manually_added_users_list = list(set(dest_users) - set(source_users))
    lines_for_write = [line+'\n' for line in manually_added_users_list if line]
    for username in source_users:
        if _is_exclude_user(cp_users, username):
            lines_for_write.append(username + '\n')
    # Write new file if need
    if not lines_for_write:
        # Nothing to write
        try:
            os.remove(dest_filename)
        except (OSError, IOError):
            pass
    else:
        if sorted(dest_lines) != sorted(lines_for_write):
            write_file_lines(dest_filename, lines_for_write, 'w')
            os.chmod(dest_filename, 0o0600)


def main():
    # Create /etc/cagefs/exclude directory
    try:
        if not os.path.isdir(EXCLUDE_PATH):
            mod_makedirs(EXCLUDE_PATH, 0o0751)
    except (OSError, IOError) as e:
        print("Error:", str(e))
        sys.exit(1)
    try:
        # Get panel users list
        cp_users = cpusers()
    except NotSupported:
        cp_users = ()
    exclude_file_list = glob.glob(os.path.join(NEW_EXCLUDE_PATH, '*'))
    is_error = False
    for exclude_file in exclude_file_list:
        exclude_file_to_write = os.path.join(EXCLUDE_PATH, os.path.basename(exclude_file))
        try:
            _process_file(cp_users, exclude_file, exclude_file_to_write)
        except (OSError, IOError) as e:
            print("Error:", str(e))
            is_error = True
    sys.exit(1 if is_error else 0)


if "__main__" == __name__:
    main()

Zerion Mini Shell 1.0