탐색 도움말
로그인
yosoyhendrix
/
hestiacp
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: 0aed60fa6a
브랜치 태그
hestiacp
/
bin
/
v-run-cli-cmd

v-run-cli-cmd 2.2 KB
히스토리 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. #!/bin/bash
    2. 

  2. # info: run cli command
    3. 

  3. # options: USER FILE
    4. 

  4. #
    5. 

  5. # The function runs a limited list of cli commands with dropped privileges as the specific hestia user
    6. 

  6. 

  7. user=$1
    8. 

  8. clicmd=$2
    9. 

  9. 

  10. # Includes
    11. 

  11. source $HESTIA/func/main.sh
    12. 

  12. 

  13. #----------------------------------------------------------#
    14. 

  14. #                    Verifications                         #
    15. 

  15. #----------------------------------------------------------#
    16. 

  16. 

  17. check_args '2' "$#" 'USER CMD [ARGS]'
    18. 

  18. is_format_valid 'user'
    19. 

  19. is_object_valid 'user' 'USER' "$user"
    20. 

  20. 

  21. # Checking user homedir
    22. 

  22. homedir=$(grep "^$user:" /etc/passwd | cut -f 6 -d :)
    23. 

  23. if [ -z $homedir ]; then
    24. 

  24.     check_result $E_NOTEXIST "Error: user home directory doesn't exist"
    25. 

  25. fi
    26. 

  26. 

  27. if [ "$clicmd" = "composer" ]; then
    28. 

  28.     realcmd="$homedir/.composer/composer"
    29. 

  29. else
    30. 

  30.     realcmd="$(which "$clicmd")"
    31. 

  31.     check_result $? "Unknown cli command" $E_NOTEXIST
    32. 

  32. fi
    33. 

  33. 

  34. if [ ! -x "$realcmd" ]; then
    35. 

  35.     check_result $E_NOTEXIST "Error: Cli command does not exist"
    36. 

  36. fi
    37. 

  37. 

  38. if [ "$realcmd" != '/bin/ps'            -a \
    39. 

  39.      "$realcmd" != '/bin/ls'            -a \
    40. 

  40.      "$realcmd" != '/bin/tar'           -a \
    41. 

  41.      "$realcmd" != '/bin/zip'           -a \
    42. 

  42.      "$realcmd" != '/usr/bin/unzip'     -a \
    43. 

  43.      "$realcmd" != '/bin/gzip'          -a \
    44. 

  44.      "$realcmd" != '/bin/gunzip'        -a \
    45. 

  45.      "$realcmd" != '/bin/mkdir'         -a \
    46. 

  46.      "$realcmd" != '/usr/bin/find'      -a \
    47. 

  47.      "$realcmd" != '/usr/bin/id'        -a \
    48. 

  48.      "$realcmd" != '/bin/grep'          -a \
    49. 

  49.      "$realcmd" != '/bin/egrep'         -a \
    50. 

  50.      "$realcmd" != '/bin/sed'           -a \
    51. 

  51.      "$realcmd" != '/bin/cat'           -a \
    52. 

  52.      "$realcmd" != '/usr/bin/php5.6'    -a \
    53. 

  53.      "$realcmd" != '/usr/bin/php7.0'    -a \
    54. 

  54.      "$realcmd" != '/usr/bin/php7.1'    -a \
    55. 

  55.      "$realcmd" != '/usr/bin/php7.2'    -a \
    56. 

  56.      "$realcmd" != '/usr/bin/php7.3'    -a \
    57. 

  57.      "$realcmd" != '/usr/bin/php7.4'    -a \
    58. 

  58.      "$realcmd" != '/usr/bin/php'       -a \
    59. 

  59.      "$clicmd"  != 'composer' ]; then
    60. 

  60.     check_result $E_FORBIDEN "Error: Cli command not enabled"
    61. 

  61. fi
    62. 

  62. 

  63. all_scriptargs=("$@")
    64. 

  64. for ((I=3; I <= $# ; I++)); do
    65. 

  65.     cmdArgs="$cmdArgs ${all_scriptargs[${I}-1]}"
    66. 

  66. done
    67. 

  67. 

  68. runuser -u "$user" -- $realcmd $cmdArgs
    69. 

  69. if [ $? -ne 0 ]; then 
    70. 

  70.     echo "Error: cmd exited with errors"
    71. 

  71.     exit 3
    72. 

  72. fi
    73. 

  73. 

  74. # Logging
    75. 

  75. log_event "$OK" "$ARGUMENTS"
    76. 

  76. 

  77. exit
    78.