#!/opt/alt/python37/bin/python3 -sbb
# coding=utf-8
from __future__ import print_function
from __future__ import division
from __future__ import absolute_import
import subprocess
import sys
import getopt
import os
from clselect import (
clpassenger,
clprint,
clselectctl,
clselectctlphp,
clselectctlpython,
clselectctlruby,
utils,
)
from clselect.utils import in_cagefs, CAGEFS_ENTER_USER_BIN
def selector_executed_as_root():
"""
We check whos run selector: root or user
:return: True if root, False if user
"""
return os.geteuid() == 0
def _run_selectorctl_as_user_in_cagefs(user):
"""
All user-related actions must run inside
of cagefs for security reasons.
When selector is executed as root and we
know username, we start new subprocess using su.
But when selector is started by user and
selectorctl is NOT in cagefs, we force cagefs_enter.
"""
if selector_executed_as_root():
if user is None:
return
cmd = [CAGEFS_ENTER_USER_BIN, user] + sys.argv + ['--skip-cagefs-check']
elif not in_cagefs():
cmd = ['/bin/cagefs_enter'] + sys.argv + ['--skip-cagefs-check']
else:
return
p = subprocess.Popen(cmd, stdout=sys.stdout, stdin=sys.stdin, env={})
p.communicate()
sys.exit(p.returncode)
def usage():
print('Usage: ' + sys.argv[0] + ' [OPTIONS]')
print('Options:')
print()
print(' -i | --interpreter : Interpreter. If omitted php implied')
print(' -h | --help : Show this message')
print(' -A | --fix-homedir : Fix paths after home directory change')
print()
print('According to selected interpreter options differs')
print(' PHP:')
clselectctlphp.usage()
print()
print(' Python:')
clselectctlpython.usage()
print()
print(' Ruby:')
clselectctlruby.usage()
def main():
try:
opts, args = getopt.getopt(
sys.argv[1:],
'hi:lSsCcB:Y:N:E:D:R:v:Gu:b:ge:d:r:atpVLT:k:m:x:QqPjwWzynfFZo:AK:U', [
'help',
'setup-without-cagefs',
'revert-to-cagefs',
'interpreter=',
'list',
'list-user-webapps',
'summary',
'user-summary',
'current',
'user-current',
'set-current=',
'enable-alternative=',
'disable-alternative=',
'enable-extensions=',
'disable-extensions=',
'replace-extensions=',
'version=',
'list-extensions',
'user=',
'domain=',
'set-user-current=',
'list-user-extensions',
'enable-user-extensions=',
'disable-user-extensions=',
'replace-user-extensions=',
'all',
'reset-user-extensions',
'print-summary',
'show-native-version',
'list-users',
'change-to-version=',
'add-options=',
'replace-options=',
'delete-options=',
'base64',
'quiet',
'print-options',
'print-options-safe',
'apply-symlinks-rules',
'json',
'csv',
'perl',
'api-version=',
'verbose',
'reset-options',
'create-webapp',
'update-interpreter',
'destroy-webapp',
'relocate-webapp',
'transit-webapp',
'restart-webapp',
'start-webapp',
'stop-webapp',
'setup-wsgi=',
'fix-homedir',
'list-extensions-version=',
'recreate-virtualenv',
'freeze-requirements',
'update-backup',
'apply-global-php-ini',
'app-mode=',
'startup-file=',
'env-vars=',
'set-variables',
'skip-cagefs-check',
'exclude-pid-list=',
'for-all-users'
])
except getopt.GetoptError:
usage()
sys.exit(1)
action = None
interpreter = 'php'
fmt = 'text'
user = None
domain = None
# getopt is a little bit stupid parser
# after a non-option argument, all further arguments are
# considered also non-options
# so sometimes my '--skip' option was ignored
skip_enter_cagefs = '--skip-cagefs-check' in sys.argv
if skip_enter_cagefs:
sys.argv.remove('--skip-cagefs-check')
# Catch this options in any position
if '-h' in sys.argv or '--help' in sys.argv:
usage()
sys.exit(0)
for o, a in opts:
if o in ['-i', '--interpreter']:
interpreter = a.lower()
elif o in ['-j', '--json']:
fmt = 'json'
elif o in ['-w', '--csv']:
fmt = 'csv'
elif o in ['-W', '--perl']:
fmt = 'perl'
elif o in ['-A', '--fix-homedir']:
action = 'fix-homedir'
elif o == '--update-interpreter':
action = 'update-interpreter'
elif o in ['-u', '--user']:
user = a
elif o == '--domain':
domain = a
if interpreter == 'php':
return clselectctlphp.main()
# Skip special "wildcard user" that is used only with "update-interpreter"
if not (action == 'update-interpreter' and user == '*'):
user, _ = utils.safely_resolve_username_and_doc_root(
user, domain, fmt, True)
if not skip_enter_cagefs and \
(interpreter in ['ruby', 'nodejs']
or (interpreter == 'python' and not action == 'update-interpreter')):
_run_selectorctl_as_user_in_cagefs(user)
if action == 'fix-homedir':
fix_homedir(user)
sys.exit()
if interpreter == 'python':
clselectctlpython.main()
elif interpreter == 'ruby':
clselectctlruby.main()
elif interpreter == 'nodejs':
clprint.print_diag(
fmt, {'status': 'ERROR',
'details': 'For --interpreter nodejs please use cloudlinux-selector utility instead'})
sys.exit(1)
else:
clprint.print_diag(
fmt, {'status': 'ERROR', 'message': 'Unknown interpreter'})
sys.exit(1)
def fix_homedir(user):
user = clselectctl.get_user(user)
clpassenger.fix_homedir(user)
clselectctlpython.fix_homedir(user)
if __name__ == '__main__':
main()