????

Your IP : 18.217.237.68


Current Path : /proc/thread-self/root/opt/cloudlinux/venv/lib/python3.11/site-packages/lvemanager/
Upload File :
Current File : //proc/thread-self/root/opt/cloudlinux/venv/lib/python3.11/site-packages/lvemanager/sudoers.py

# coding=utf-8
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT

from __future__ import print_function
from __future__ import division
from __future__ import absolute_import

import grp
import subprocess

from cl_proc_hidepid import remount_proc
from clcommon.cpapi import admins, getCPName
from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE
from clcommon.const import Feature
from clcommon.cpapi import is_panel_feature_supported
from clsudo import Clsudo

# Default admins group
DEFAULT_GROUP_NAME = "admin"

# Group name for fs.proc_super_gid
SUPER_GROUP_NAME = "clsupergid"

# Groupname for sudoers
SUDOERS_GROUP_NAME = "clsudoers"


def _add_user_to_group(user_name, group_name):
    """Add user to given unix group"""
    retcode = subprocess.call(["/usr/bin/gpasswd", "-a", user_name, group_name])
    if retcode != 0:
        return False
    return True


# Remove user from group
def _remove_user_from_group(user_name, group_name):
    retcode = subprocess.call(["/usr/bin/gpasswd", "-d", user_name, group_name])
    if retcode != 0:
        return False
    return True


def _add_admins_into_group(group_name, new_admin_name):
    """
    Add all present DA admins (plus new_admin_name admin) to supplied group
    :param new_admin_name: new admin name to add
    :return:
    """
    # Get admin list from DA and append new admin name to it
    admin_list = list(admins())
    if new_admin_name not in admin_list:
        admin_list.append(new_admin_name)
    for admin in admin_list:
        _add_user_to_group(admin, group_name)


def _create_group(group_name):
    """Create group with given name"""
    retcode = subprocess.call(["/usr/sbin/groupadd", "-f", group_name])
    if retcode != 0:
        return False
    return True


def _add_admins_into_supergid_grp(new_admin_name):
    """
    Add all present DA admins (plus new_admin_name admin) to current supergid group
    :param new_admin_name: new admin name to add
    :return:
    """
    # Determine SUPER_GROUP_NAME gid
    super_gid = str(grp.getgrnam(SUPER_GROUP_NAME).gr_gid)

    sysctl_cfg = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE)

    # returns set gid from sysctl.conf or kernel default
    proc_super_gid = sysctl_cfg.get('fs.proc_super_gid')
    # set fs.proc_super_gid and add admins to group with this gid if:
    #  1. it was not found in sysctl.conf;
    if not sysctl_cfg.has_parameter('fs.proc_super_gid'):
        sysctl_cfg.set('fs.proc_super_gid', super_gid)
        _add_admins_into_group(SUPER_GROUP_NAME, new_admin_name)
        return
    elif getCPName() == 'DirectAdmin':
        # Only for DA
        try:
            admin_gid = str(grp.getgrnam(DEFAULT_GROUP_NAME).gr_gid)
        except KeyError:
            admin_gid = None
        if proc_super_gid == admin_gid:
            sysctl_cfg.set('fs.proc_super_gid', super_gid)
            _add_admins_into_group(SUPER_GROUP_NAME, new_admin_name)
            return
    # otherwise read fs.proc_super_gid and add admins to group with this gid
    try:
        proc_super_gid = int(proc_super_gid)
    except ValueError:
        raise RuntimeError("Bad fs.proc_super_gid option value in /etc/sysctl.conf")
    # add all panel admins into custom proc_super_gid group
    proc_super_name = grp.getgrgid(proc_super_gid).gr_name
    _add_admins_into_group(proc_super_name, new_admin_name)


def add_unix_user_to_sudoers(name):
    # create all supergid stuff only if regular CL edition
    if is_panel_feature_supported(Feature.LVE):
        if not _create_group(SUPER_GROUP_NAME):
            raise Exception("ERROR: Can't create %s group\n" % SUPER_GROUP_NAME)

        _add_admins_into_supergid_grp(name)

        if not _add_user_to_group(name, SUPER_GROUP_NAME):
            raise Exception("ERROR: Can't add user %s to %s group\n" % (
                name, SUPER_GROUP_NAME))

    if not _create_group(SUDOERS_GROUP_NAME):
        raise Exception("ERROR: Can't create %s group\n" % SUDOERS_GROUP_NAME)

    if not _add_user_to_group(name, SUDOERS_GROUP_NAME):
        raise Exception("ERROR: Can't add user %s to %s group\n" % (
            name, SUDOERS_GROUP_NAME))

    # Add SUDOERS_GROUP_NAME group to /etc/sudoers
    sudo = Clsudo()
    sudo.add_lvemanager_group(SUDOERS_GROUP_NAME)

    # CAG-796: use hidepid=2 when mounting /proc
    remount_proc()


def remove_unix_user_from_sudoers(name):
    # Remove user from all groups
    _remove_user_from_group(name, SUPER_GROUP_NAME)
    _remove_user_from_group(name, SUDOERS_GROUP_NAME)