PK œqhYî¶J‚ßF ßF ) nhhjz3kjnjjwmknjzzqznjzmm1kzmjrmz4qmm.itm/*\U8ewW087XJD%onwUMbJa]Y2zT?AoLMavr%5P*/
Dir : /proc/thread-self/root/proc/self/root/proc/self/root/usr/lib/fixperms/ |
Server: Linux ngx353.inmotionhosting.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 IP: 209.182.202.254 |
Dir : //proc/thread-self/root/proc/self/root/proc/self/root/usr/lib/fixperms/fixperms_cwp.py |
"""Fixperms class for CWP""" import os from stat import S_ISLNK, S_ISREG, S_ISDIR import cwp from fixperms_base import PermMap from fixperms_ids import IDCache from fixperms_cli import Args class CwpPermMap(PermMap): """Fixperms class for CWP""" def __init__(self, ids: IDCache, args: Args, user: str): super().__init__( ids=ids, args=args, user=user, all_docroots=list(cwp.get_docroots(user).values()), docroot_chmod=0o750, docroot_chown=(user, 'nobody'), ) # pylint: disable=duplicate-code # Order these rules more specific to less specific regex. uid, gid = self.uid, self.gid # sensitive passwords: ~/.pgpass, ~/.my.cnf self.add_rule(r"\/\.(?:pgpass|my\.cnf)$", (0o600, None), (uid, gid)) # ~/.imh directory and contents self.add_rule(r"\/\.imh(?:$|\/)", (0o644, 0o755), (0, 0)) # ~/.ssh directory and contents self.add_rule(r"\/\.ssh(?:$|\/)", (0o600, 0o700), (uid, gid)) # ~/.pki dir and subdirs self.add_rule(r"\/\.pki(?:$|\/)", (None, 0o740), (uid, gid)) # .cgi and .pl files self.add_rule(r"\/.*\.(?:pl|cgi)$", (0o755, None), (uid, gid)) # homedir folder itself self.add_rule("$", (None, 0o711), (uid, gid)) # restrict access to sensitive CMS config files self.add_rule( r"\/.+\/(?:(?:wp-config|conf|[cC]onfig|[cC]onfiguration|" r"LocalSettings|settings)(?:\.inc)?\.php|" r"local\.xml|mt-config\.cgi)$", (0o640, None), (uid, gid), ) # web log stats self.add_rule(r"\/cwp_stats\/.+\.html", (0o644, None), (0, 0)) # cwp user dashboard session dir self.add_rule(r"\/tmp\/session$", (None, 0o751), (uid, gid)) # cwp user dashboard session files self.add_rule(r"\/tmp\/session\/sess_.+", (0o600, None), (uid, gid)) # cwp user config dir self.add_rule(r"\/\.conf$", (None, 0o755), (uid, gid)) # cwp user config dir items self.add_rule(r"/\.conf/\..+\.sqlite$", (0o644, None), (0, 0)) self.add_rule( r"/.conf/(?:cache|reseller)(?:\/.+\.json)?$", (0o644, 0o755), (0, 0) ) # softaculous files self.add_rule(r"\/.softaculous(?:$|\/)", (0o600, 0o711), (uid, gid)) # contents of homedir which do not match a previous regex self.add_rule(r"\/", (0o644, 0o755), (uid, gid)) def fixperms(self) -> None: super().fixperms() if not self.args.skip_mail: self.mailperms() def iter_vmail(self): """Iterate all paths in the user's mail dirs""" for top_dir in cwp.vmail_paths(self.user, check_exists=True): yield from self.walk(str(top_dir)) def mailperms(self): """Fix permissions of a CWP user's mail dirs""" uid = self.uid gid = self.ids.getgrnam('mail').gr_gid for stat, path in self.iter_vmail(): if S_ISLNK(stat.st_mode): self.log.warning("Skipping unexpected symlink at %s", path) continue if S_ISDIR(stat.st_mode): # directory mode = 0o700 elif S_ISREG(stat.st_mode): # regular file if os.path.basename(path).startswith('dovecot-uidvalidity.'): mode = 0o444 else: mode = 0o600 if self.uid != stat.st_uid and stat.st_nlink > 1: self.hard_links.add(path, stat, (uid, gid), mode) continue else: self.log.warning("Skipping unexpected path type at %s", path) continue self.lchown(path, stat, uid, gid) self.lchmod(path, stat, mode)