ok
Direktori : /proc/thread-self/root/bin/ |
Current File : //proc/thread-self/root/bin/clsupergid_process |
#!/opt/cloudlinux/venv/bin/python3 -bb # -*- coding: utf-8 -*- # # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENCE.TXT # pylint: disable=no-absolute-import import sys import os import grp import pwd import subprocess from clcommon.sysctl import SysCtlConf, SYSCTL_CL_CONF_FILE from cl_proc_hidepid import remount_proc, get_gid_from_mounts from clcommon.lib.cledition import lve_supported_or_exit def _is_group_present_by_id(gid: int): """ Checks if group present in system :param gid: Gid to check :return: True/False - present/absent """ try: grp.getgrgid(gid) except KeyError: return False return True def polkitd_process(gids_to_add_list: list): """ Add polkitd user to groups :param gids_to_add_list: List of gids to add user """ polkitd_username = "polkitd" try: pwd.getpwnam(polkitd_username) except KeyError: return # Determine group names list to add user group_names_to_add = [] for gid in gids_to_add_list: try: _grp = grp.getgrgid(gid) if polkitd_username not in _grp.gr_mem: group_names_to_add.append(_grp.gr_name) except KeyError: pass if group_names_to_add: print("INFO: adding user '%s' to group(s)" % polkitd_username, group_names_to_add) # usermod -a -G group1,group2 username cmd = '/usr/sbin/usermod -a -G ' + ','.join(group_names_to_add) + ' ' + polkitd_username subprocess.run(cmd, shell=True, executable='/bin/bash') @lve_supported_or_exit def main(): print("INFO: Checking fs.proc_super_gid group...") sysctl = SysCtlConf(config_file=SYSCTL_CL_CONF_FILE) sgid_key = 'fs.proc_super_gid' proc_super_gid = 0 try: # sysctl.get may return empty string in some cases like cldeploy # when CL kernel is not loaded yet and proc has no such param proc_super_gid = int(sysctl.get(sgid_key)) except ValueError: pass if proc_super_gid == 0 or (proc_super_gid != 0 and not _is_group_present_by_id(proc_super_gid)): print("INFO: clsupergid group absent, creating ...") sgid_name = 'clsupergid' subprocess.run('/usr/sbin/groupadd -f ' + sgid_name, shell=True, executable='/bin/bash') proc_super_gid = grp.getgrnam(sgid_name).gr_gid sysctl.set(sgid_key, proc_super_gid) print("INFO: clsupergid group created, gid is", proc_super_gid) else: print("INFO: fs.proc_super_gid group already present (gid is {}).".format(proc_super_gid)) remount_proc() gids_to_add_list = [proc_super_gid] gid_from_mounts = get_gid_from_mounts() if gid_from_mounts != proc_super_gid and _is_group_present_by_id(gid_from_mounts): gids_to_add_list.append(gid_from_mounts) polkitd_process(gids_to_add_list) sys.exit(0) if __name__ == "__main__": main()