ok
Direktori : /bin/ |
Current File : //bin/cagefs_enter |
#!/bin/bash get_binary() { temp=`whereis -b $1` array=( $temp ) length=${#array[@]} if [ "$length" -eq 1 ]; then echo $1 fi length=$(($length - 1)) for i in `seq 1 $let`; do if [ -x "${array[$i]}" ]; then echo ${array[$i]} fi done } ID=$(get_binary id) WHOAMI=$(get_binary whoami) TAIL=$(get_binary tail) PWD=$(get_binary pwd) SSH=$(get_binary ssh) CAT=$(get_binary cat) GREP=$(get_binary grep) is_cagefs_enabled() { # return 0 when cagefs is enabled for user /bin/cagefs_enter.proxied ls -ld /var/.cagefs > /dev/null 2>&1 return $? } is_proxy_enabled() { # return 0 when execution via proxy is enabled if $GREP -P '^cagefs_enter_proxied\s*=\s*0' /etc/sysconfig/cloudlinux > /dev/null 2>&1; then return 1 fi return 0 } ##CageFS proxyexec wrapper - ver 14 USR=`$WHOAMI` if [ "$USR" == "root" ]; then echo "This program can not be run as root" exit 1 fi is_proxy_enabled proxy_enabled=$? if [ "$proxy_enabled" -ne 0 ]; then # when proxy is disabled - call original cagefs_enter binary /bin/cagefs_enter.proxied "$@" exit $? fi PREFIX=`$ID -u|$TAIL -c 3` USER_TOKEN_PATH="/var/cagefs/$PREFIX/$USR/.cagefs/.cagefs.token" if [ ! -f "$USER_TOKEN_PATH" ]; then # try to create token is_cagefs_enabled cagefs_enabled=$? fi if [ ! -f "$USER_TOKEN_PATH" ]; then # when token does not exist - call original cagefs_enter binary /bin/cagefs_enter.proxied "$@" exit $? fi TOKEN=`$CAT $USER_TOKEN_PATH` CWD=`$PWD` if [ -e /var/.cagefs/origin ]; then ORIGIN=`$CAT /var/.cagefs/origin` REMOTE="$SSH -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN" $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" CAGEFS_ENTER $$ "$@" else CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" CAGEFS_ENTER $$ "$@" fi exit $?