D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
/
lvemanager
/
Filename :
sudoers.py
back
Copy
# coding=utf-8 # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2019 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT from __future__ import print_function from __future__ import division from __future__ import absolute_import import grp import subprocess from cl_proc_hidepid import remount_proc from clcommon.cpapi import admins, getCPName from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE from clcommon.const import Feature from clcommon.cpapi import is_panel_feature_supported from clsudo import Clsudo # Default admins group DEFAULT_GROUP_NAME = "admin" # Group name for fs.proc_super_gid SUPER_GROUP_NAME = "clsupergid" # Groupname for sudoers SUDOERS_GROUP_NAME = "clsudoers" def _add_user_to_group(user_name, group_name): """Add user to given unix group""" retcode = subprocess.call(["/usr/bin/gpasswd", "-a", user_name, group_name]) if retcode != 0: return False return True # Remove user from group def _remove_user_from_group(user_name, group_name): retcode = subprocess.call(["/usr/bin/gpasswd", "-d", user_name, group_name]) if retcode != 0: return False return True def _add_admins_into_group(group_name, new_admin_name): """ Add all present DA admins (plus new_admin_name admin) to supplied group :param new_admin_name: new admin name to add :return: """ # Get admin list from DA and append new admin name to it admin_list = list(admins()) if new_admin_name not in admin_list: admin_list.append(new_admin_name) for admin in admin_list: _add_user_to_group(admin, group_name) def _create_group(group_name): """Create group with given name""" retcode = subprocess.call(["/usr/sbin/groupadd", "-f", group_name]) if retcode != 0: return False return True def _add_admins_into_supergid_grp(new_admin_name): """ Add all present DA admins (plus new_admin_name admin) to current supergid group :param new_admin_name: new admin name to add :return: """ # Determine SUPER_GROUP_NAME gid super_gid = str(grp.getgrnam(SUPER_GROUP_NAME).gr_gid) sysctl_cfg = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE) # returns set gid from sysctl.conf or kernel default proc_super_gid = sysctl_cfg.get('fs.proc_super_gid') # set fs.proc_super_gid and add admins to group with this gid if: # 1. it was not found in sysctl.conf; if not sysctl_cfg.has_parameter('fs.proc_super_gid'): sysctl_cfg.set('fs.proc_super_gid', super_gid) _add_admins_into_group(SUPER_GROUP_NAME, new_admin_name) return elif getCPName() == 'DirectAdmin': # Only for DA try: admin_gid = str(grp.getgrnam(DEFAULT_GROUP_NAME).gr_gid) except KeyError: admin_gid = None if proc_super_gid == admin_gid: sysctl_cfg.set('fs.proc_super_gid', super_gid) _add_admins_into_group(SUPER_GROUP_NAME, new_admin_name) return # otherwise read fs.proc_super_gid and add admins to group with this gid try: proc_super_gid = int(proc_super_gid) except ValueError: raise RuntimeError("Bad fs.proc_super_gid option value in /etc/sysctl.conf") # add all panel admins into custom proc_super_gid group proc_super_name = grp.getgrgid(proc_super_gid).gr_name _add_admins_into_group(proc_super_name, new_admin_name) def add_unix_user_to_sudoers(name): # create all supergid stuff only if regular CL edition if is_panel_feature_supported(Feature.LVE): if not _create_group(SUPER_GROUP_NAME): raise Exception("ERROR: Can't create %s group\n" % SUPER_GROUP_NAME) _add_admins_into_supergid_grp(name) if not _add_user_to_group(name, SUPER_GROUP_NAME): raise Exception("ERROR: Can't add user %s to %s group\n" % ( name, SUPER_GROUP_NAME)) if not _create_group(SUDOERS_GROUP_NAME): raise Exception("ERROR: Can't create %s group\n" % SUDOERS_GROUP_NAME) if not _add_user_to_group(name, SUDOERS_GROUP_NAME): raise Exception("ERROR: Can't add user %s to %s group\n" % ( name, SUDOERS_GROUP_NAME)) # Add SUDOERS_GROUP_NAME group to /etc/sudoers sudo = Clsudo() sudo.add_lvemanager_group(SUDOERS_GROUP_NAME) # CAG-796: use hidepid=2 when mounting /proc remount_proc() def remove_unix_user_from_sudoers(name): # Remove user from all groups _remove_user_from_group(name, SUPER_GROUP_NAME) _remove_user_from_group(name, SUDOERS_GROUP_NAME)