yosoyhendrix
/
hestiacp


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
							#!/bin/bash
# info: run cli command
# options: USER CMD [ARG...]
#
# example: v-run-cli-cmd user composer require package
#
# This function runs a limited list of cli commands with dropped privileges as the specific hestia user

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

user=$1
clicmd=$2

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '2' "$#" 'USER CMD [ARGS]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"

# Checking user homedir
homedir=$(grep "^$user:" /etc/passwd | cut -f 6 -d :)
if [ -z "$homedir" ]; then
	check_result "$E_NOTEXIST" "Error: user home directory doesn't exist"
fi

if [ "$clicmd" = "composer" ]; then
	clicmd="$homedir/.composer/composer"
fi

if [ "$clicmd" = "wp" ]; then
	clicmd="$homedir/.wp-cli/wp"
fi

if [ -z "$(which "$clicmd")" ]; then
	check_result "$E_NOTEXIST" "Cli command does not exist $clicmd"
fi
basecmd="$(basename "$clicmd")"
if [ "$basecmd" != 'ps' -a \
	"$basecmd" != 'ls' -a \
	"$basecmd" != 'wget' -a \
	"$basecmd" != 'tar' -a \
	"$basecmd" != 'zip' -a \
	"$basecmd" != 'unzip' -a \
	"$basecmd" != 'gzip' -a \
	"$basecmd" != 'gunzip' -a \
	"$basecmd" != 'mkdir' -a \
	"$basecmd" != 'find' -a \
	"$basecmd" != 'id' -a \
	"$basecmd" != 'grep' -a \
	"$basecmd" != 'egrep' -a \
	"$basecmd" != 'sed' -a \
	"$basecmd" != 'cat' -a \
	"$basecmd" != 'php5.6' -a \
	"$basecmd" != 'php7.0' -a \
	"$basecmd" != 'php7.1' -a \
	"$basecmd" != 'php7.2' -a \
	"$basecmd" != 'php7.3' -a \
	"$basecmd" != 'php7.4' -a \
	"$basecmd" != 'php8.0' -a \
	"$basecmd" != 'php8.1' -a \
	"$basecmd" != 'php8.2' -a \
	"$basecmd" != 'php8.3' -a \
	"$basecmd" != 'php8.4' -a \
	"$basecmd" != 'php' -a \
	"$basecmd" != "wp" -a \
	"$basecmd" != 'composer' ]; then
	check_result "$E_FORBIDEN" "Error: Cli command not enabled"
fi

all_scriptargs=("$@")
for ((I = 3; I <= $#; I++)); do
	cmdArgs="$cmdArgs ${all_scriptargs[${I} - 1]}"
done

runuser -u "$user" -- $clicmd $cmdArgs 2>&1
if [ $? -ne 0 ]; then
	echo "Error: cmd exited with errors"
	exit 3
fi

# Logging
log_event "$OK" "$ARGUMENTS"

exit