ok

Mini Shell

Direktori : /proc/thread-self/root/bin/
Upload File :
Current File : //proc/thread-self/root/bin/clsupergid_process

#!/opt/cloudlinux/venv/bin/python3 -bb
# -*- coding: utf-8 -*-

#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT

# pylint: disable=no-absolute-import

import sys
import os
import grp
import pwd
import subprocess

from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE
from cl_proc_hidepid import remount_proc, get_gid_from_mounts

from clcommon.lib.cledition import lve_supported_or_exit


def _is_group_present_by_id(gid: int):
    """
    Checks if group present in system
    :param gid: Gid to check
    :return: True/False - present/absent
    """
    try:
        grp.getgrgid(gid)
    except KeyError:
        return False
    return True


def polkitd_process(gids_to_add_list: list):
    """
    Add polkitd user to groups
    :param gids_to_add_list: List of gids to add user
    """
    polkitd_username = "polkitd"
    try:
        pwd.getpwnam(polkitd_username)
    except KeyError:
        return
    # Determine group names list to add user
    group_names_to_add = []
    for gid in gids_to_add_list:
        try:
            _grp = grp.getgrgid(gid)
            if polkitd_username not in _grp.gr_mem:
                group_names_to_add.append(_grp.gr_name)
        except KeyError:
            pass
    if group_names_to_add:
        print("INFO: adding user '%s' to group(s)" % polkitd_username, group_names_to_add)
        # usermod -a -G group1,group2 username
        cmd = '/usr/sbin/usermod -a -G ' + ','.join(group_names_to_add) + ' ' + polkitd_username
        subprocess.run(cmd, shell=True, executable='/bin/bash')


@lve_supported_or_exit
def main():
    print("INFO: Checking fs.proc_super_gid group...")
    sysctl = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE)
    sgid_key = 'fs.proc_super_gid'
    proc_super_gid = 0
    try:
        # sysctl.get may return empty string in some cases like cldeploy
        # when CL kernel is not loaded yet and proc has no such param
        proc_super_gid = int(sysctl.get(sgid_key))
    except ValueError:
        pass

    if proc_super_gid == 0 or (proc_super_gid != 0 and not _is_group_present_by_id(proc_super_gid)):
        print("INFO: clsupergid group absent, creating ...")
        sgid_name = 'clsupergid'
        subprocess.run('/usr/sbin/groupadd -f ' + sgid_name, shell=True, executable='/bin/bash')
        proc_super_gid = grp.getgrnam(sgid_name).gr_gid
        sysctl.set(sgid_key, proc_super_gid)
        print("INFO: clsupergid group created, gid is", proc_super_gid)
    else:
        print("INFO: fs.proc_super_gid group already present (gid is {}).".format(proc_super_gid))
    remount_proc()

    gids_to_add_list = [proc_super_gid]
    gid_from_mounts = get_gid_from_mounts()
    if gid_from_mounts != proc_super_gid and _is_group_present_by_id(gid_from_mounts):
        gids_to_add_list.append(gid_from_mounts)
    polkitd_process(gids_to_add_list)
    sys.exit(0)


if __name__ == "__main__":
    main()

Zerion Mini Shell 1.0