Your IP : 18.220.204.184
# coding=utf-8
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
from __future__ import print_function
from __future__ import division
from __future__ import absolute_import
import grp
import subprocess
from cl_proc_hidepid import remount_proc
from clcommon.cpapi import admins, getCPName
from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE
from clcommon.const import Feature
from clcommon.cpapi import is_panel_feature_supported
from clsudo import Clsudo
# Default admins group
DEFAULT_GROUP_NAME = "admin"
# Group name for fs.proc_super_gid
SUPER_GROUP_NAME = "clsupergid"
# Groupname for sudoers
SUDOERS_GROUP_NAME = "clsudoers"
def _add_user_to_group(user_name, group_name):
"""Add user to given unix group"""
retcode = subprocess.call(["/usr/bin/gpasswd", "-a", user_name, group_name])
if retcode != 0:
return False
return True
# Remove user from group
def _remove_user_from_group(user_name, group_name):
retcode = subprocess.call(["/usr/bin/gpasswd", "-d", user_name, group_name])
if retcode != 0:
return False
return True
def _add_admins_into_group(group_name, new_admin_name):
"""
Add all present DA admins (plus new_admin_name admin) to supplied group
:param new_admin_name: new admin name to add
:return:
"""
# Get admin list from DA and append new admin name to it
admin_list = list(admins())
if new_admin_name not in admin_list:
admin_list.append(new_admin_name)
for admin in admin_list:
_add_user_to_group(admin, group_name)
def _create_group(group_name):
"""Create group with given name"""
retcode = subprocess.call(["/usr/sbin/groupadd", "-f", group_name])
if retcode != 0:
return False
return True
def _add_admins_into_supergid_grp(new_admin_name):
"""
Add all present DA admins (plus new_admin_name admin) to current supergid group
:param new_admin_name: new admin name to add
:return:
"""
# Determine SUPER_GROUP_NAME gid
super_gid = str(grp.getgrnam(SUPER_GROUP_NAME).gr_gid)
sysctl_cfg = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE)
# returns set gid from sysctl.conf or kernel default
proc_super_gid = sysctl_cfg.get('fs.proc_super_gid')
# set fs.proc_super_gid and add admins to group with this gid if:
# 1. it was not found in sysctl.conf;
if not sysctl_cfg.has_parameter('fs.proc_super_gid'):
sysctl_cfg.set('fs.proc_super_gid', super_gid)
_add_admins_into_group(SUPER_GROUP_NAME, new_admin_name)
return
elif getCPName() == 'DirectAdmin':
# Only for DA
try:
admin_gid = str(grp.getgrnam(DEFAULT_GROUP_NAME).gr_gid)
except KeyError:
admin_gid = None
if proc_super_gid == admin_gid:
sysctl_cfg.set('fs.proc_super_gid', super_gid)
_add_admins_into_group(SUPER_GROUP_NAME, new_admin_name)
return
# otherwise read fs.proc_super_gid and add admins to group with this gid
try:
proc_super_gid = int(proc_super_gid)
except ValueError:
raise RuntimeError("Bad fs.proc_super_gid option value in /etc/sysctl.conf")
# add all panel admins into custom proc_super_gid group
proc_super_name = grp.getgrgid(proc_super_gid).gr_name
_add_admins_into_group(proc_super_name, new_admin_name)
def add_unix_user_to_sudoers(name):
# create all supergid stuff only if regular CL edition
if is_panel_feature_supported(Feature.LVE):
if not _create_group(SUPER_GROUP_NAME):
raise Exception("ERROR: Can't create %s group\n" % SUPER_GROUP_NAME)
_add_admins_into_supergid_grp(name)
if not _add_user_to_group(name, SUPER_GROUP_NAME):
raise Exception("ERROR: Can't add user %s to %s group\n" % (
name, SUPER_GROUP_NAME))
if not _create_group(SUDOERS_GROUP_NAME):
raise Exception("ERROR: Can't create %s group\n" % SUDOERS_GROUP_NAME)
if not _add_user_to_group(name, SUDOERS_GROUP_NAME):
raise Exception("ERROR: Can't add user %s to %s group\n" % (
name, SUDOERS_GROUP_NAME))
# Add SUDOERS_GROUP_NAME group to /etc/sudoers
sudo = Clsudo()
sudo.add_lvemanager_group(SUDOERS_GROUP_NAME)
# CAG-796: use hidepid=2 when mounting /proc
remount_proc()
def remove_unix_user_from_sudoers(name):
# Remove user from all groups
_remove_user_from_group(name, SUPER_GROUP_NAME)
_remove_user_from_group(name, SUDOERS_GROUP_NAME)