yosoyhendrix
/
hestiacp


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
							#!/bin/bash
# info: run cli command
# options: USER CMD [ARG...]
#
# example: v-run-cli-cmd user composer require package
#
# This function runs a limited list of cli commands with dropped privileges as the specific hestia user

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

user=$1
clicmd=$2

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

check_args '2' "$#" 'USER CMD [ARGS]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user"

# Checking user homedir
homedir=$(grep "^$user:" /etc/passwd | cut -f 6 -d :)
if [ -z "$homedir" ]; then
    check_result "$E_NOTEXIST" "Error: user home directory doesn't exist"
fi

if [ "$clicmd" = "composer" ]; then
    clicmd="$homedir/.composer/composer"
fi

if [ "$clicmd" = "wp" ]; then
    clicmd="$homedir/.wp/wp-cli"
fi

if [ -z "$(which "$clicmd")" ]; then
    check_result "$E_NOTEXIST" "Error: Cli command does not exist"
fi
basecmd="$(basename "$clicmd")"

if [ "$basecmd" != 'ps'         -a \
     "$basecmd" != 'ls'         -a \
     "$basecmd" != 'tar'        -a \
     "$basecmd" != 'zip'        -a \
     "$basecmd" != 'unzip'      -a \
     "$basecmd" != 'gzip'       -a \
     "$basecmd" != 'gunzip'     -a \
     "$basecmd" != 'mkdir'      -a \
     "$basecmd" != 'find'       -a \
     "$basecmd" != 'id'         -a \
     "$basecmd" != 'grep'       -a \
     "$basecmd" != 'egrep'      -a \
     "$basecmd" != 'sed'        -a \
     "$basecmd" != 'cat'        -a \
     "$basecmd" != 'php5.6'     -a \
     "$basecmd" != 'php7.0'     -a \
     "$basecmd" != 'php7.1'     -a \
     "$basecmd" != 'php7.2'     -a \
     "$basecmd" != 'php7.3'     -a \
     "$basecmd" != 'php7.4'     -a \
     "$basecmd" != 'php8.0'     -a \
     "$basecmd" != 'php'        -a \
     "$basecmd" != "wp"      -a \
     "$basecmd" != 'composer' ]; then
    check_result "$E_FORBIDEN" "Error: Cli command not enabled"
fi

all_scriptargs=("$@")
for ((I=3; I <= $# ; I++)); do
    cmdArgs="$cmdArgs ${all_scriptargs[${I}-1]}"
done

runuser -u "$user" -- $clicmd $cmdArgs
if [ $? -ne 0 ]; then 
    echo "Error: cmd exited with errors"
    exit 3
fi

# Logging
log_event "$OK" "$ARGUMENTS"

exit