Edit File by line
/home/barbar84/www/wp-conte.../plugins/sujqvwi/AnonR/smanonr..../lib/fixperms
File: fixperms_cwp.py
"""Fixperms class for CWP"""
[0] Fix | Delete
import os
[1] Fix | Delete
from stat import S_ISLNK, S_ISREG, S_ISDIR
[2] Fix | Delete
import cwp
[3] Fix | Delete
from fixperms_base import PermMap
[4] Fix | Delete
from fixperms_ids import IDCache
[5] Fix | Delete
from fixperms_cli import Args
[6] Fix | Delete
[7] Fix | Delete
[8] Fix | Delete
class CwpPermMap(PermMap):
[9] Fix | Delete
"""Fixperms class for CWP"""
[10] Fix | Delete
[11] Fix | Delete
def __init__(self, ids: IDCache, args: Args, user: str):
[12] Fix | Delete
super().__init__(
[13] Fix | Delete
ids=ids,
[14] Fix | Delete
args=args,
[15] Fix | Delete
user=user,
[16] Fix | Delete
all_docroots=list(cwp.get_docroots(user).values()),
[17] Fix | Delete
docroot_chmod=0o750,
[18] Fix | Delete
docroot_chown=(user, 'nobody'),
[19] Fix | Delete
)
[20] Fix | Delete
# pylint: disable=duplicate-code
[21] Fix | Delete
# Order these rules more specific to less specific regex.
[22] Fix | Delete
uid, gid = self.uid, self.gid
[23] Fix | Delete
# sensitive passwords: ~/.pgpass, ~/.my.cnf
[24] Fix | Delete
self.add_rule(r"\/\.(?:pgpass|my\.cnf)$", (0o600, None), (uid, gid))
[25] Fix | Delete
# ~/.imh directory and contents
[26] Fix | Delete
self.add_rule(r"\/\.imh(?:$|\/)", (0o644, 0o755), (0, 0))
[27] Fix | Delete
# ~/.ssh directory and contents
[28] Fix | Delete
self.add_rule(r"\/\.ssh(?:$|\/)", (0o600, 0o700), (uid, gid))
[29] Fix | Delete
# ~/.pki dir and subdirs
[30] Fix | Delete
self.add_rule(r"\/\.pki(?:$|\/)", (None, 0o740), (uid, gid))
[31] Fix | Delete
# .cgi and .pl files
[32] Fix | Delete
self.add_rule(r"\/.*\.(?:pl|cgi)$", (0o755, None), (uid, gid))
[33] Fix | Delete
# homedir folder itself
[34] Fix | Delete
self.add_rule("$", (None, 0o711), (uid, gid))
[35] Fix | Delete
# restrict access to sensitive CMS config files
[36] Fix | Delete
self.add_rule(
[37] Fix | Delete
r"\/.+\/(?:(?:wp-config|conf|[cC]onfig|[cC]onfiguration|"
[38] Fix | Delete
r"LocalSettings|settings)(?:\.inc)?\.php|"
[39] Fix | Delete
r"local\.xml|mt-config\.cgi)$",
[40] Fix | Delete
(0o640, None),
[41] Fix | Delete
(uid, gid),
[42] Fix | Delete
)
[43] Fix | Delete
# web log stats
[44] Fix | Delete
self.add_rule(r"\/cwp_stats\/.+\.html", (0o644, None), (0, 0))
[45] Fix | Delete
# cwp user dashboard session dir
[46] Fix | Delete
self.add_rule(r"\/tmp\/session$", (None, 0o751), (uid, gid))
[47] Fix | Delete
# cwp user dashboard session files
[48] Fix | Delete
self.add_rule(r"\/tmp\/session\/sess_.+", (0o600, None), (uid, gid))
[49] Fix | Delete
# cwp user config dir
[50] Fix | Delete
self.add_rule(r"\/\.conf$", (None, 0o755), (uid, gid))
[51] Fix | Delete
# cwp user config dir items
[52] Fix | Delete
self.add_rule(r"/\.conf/\..+\.sqlite$", (0o644, None), (0, 0))
[53] Fix | Delete
self.add_rule(
[54] Fix | Delete
r"/.conf/(?:cache|reseller)(?:\/.+\.json)?$", (0o644, 0o755), (0, 0)
[55] Fix | Delete
)
[56] Fix | Delete
# softaculous files
[57] Fix | Delete
self.add_rule(r"\/.softaculous(?:$|\/)", (0o600, 0o711), (uid, gid))
[58] Fix | Delete
# contents of homedir which do not match a previous regex
[59] Fix | Delete
self.add_rule(r"\/", (0o644, 0o755), (uid, gid))
[60] Fix | Delete
[61] Fix | Delete
def fixperms(self) -> None:
[62] Fix | Delete
super().fixperms()
[63] Fix | Delete
if not self.args.skip_mail:
[64] Fix | Delete
self.mailperms()
[65] Fix | Delete
[66] Fix | Delete
def iter_vmail(self):
[67] Fix | Delete
"""Iterate all paths in the user's mail dirs"""
[68] Fix | Delete
for top_dir in cwp.vmail_paths(self.user, check_exists=True):
[69] Fix | Delete
yield from self.walk(str(top_dir))
[70] Fix | Delete
[71] Fix | Delete
def mailperms(self):
[72] Fix | Delete
"""Fix permissions of a CWP user's mail dirs"""
[73] Fix | Delete
uid = self.uid
[74] Fix | Delete
gid = self.ids.getgrnam('mail').gr_gid
[75] Fix | Delete
for stat, path in self.iter_vmail():
[76] Fix | Delete
if S_ISLNK(stat.st_mode):
[77] Fix | Delete
self.log.warning("Skipping unexpected symlink at %s", path)
[78] Fix | Delete
continue
[79] Fix | Delete
if S_ISDIR(stat.st_mode): # directory
[80] Fix | Delete
mode = 0o700
[81] Fix | Delete
elif S_ISREG(stat.st_mode): # regular file
[82] Fix | Delete
if os.path.basename(path).startswith('dovecot-uidvalidity.'):
[83] Fix | Delete
mode = 0o444
[84] Fix | Delete
else:
[85] Fix | Delete
mode = 0o600
[86] Fix | Delete
if self.uid != stat.st_uid and stat.st_nlink > 1:
[87] Fix | Delete
self.hard_links.add(path, stat, (uid, gid), mode)
[88] Fix | Delete
continue
[89] Fix | Delete
else:
[90] Fix | Delete
self.log.warning("Skipping unexpected path type at %s", path)
[91] Fix | Delete
continue
[92] Fix | Delete
self.lchown(path, stat, uid, gid)
[93] Fix | Delete
self.lchmod(path, stat, mode)
[94] Fix | Delete
[95] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function