You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.4 KiB
94 lines
2.4 KiB
2 years ago
|
#!/bin/bash
|
||
|
|
# info: run cli command
|
||
|
|
# options: USER CMD [ARG...]
|
||
|
|
#
|
||
|
|
# example: v-run-cli-cmd user composer require package
|
||
|
|
#
|
||
|
|
# This function runs a limited list of cli commands with dropped privileges as the specific hestia user
|
||
|
|
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
# Variables & Functions #
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
|
||
|
|
user=$1
|
||
|
|
clicmd=$2
|
||
|
|
|
||
|
|
# Includes
|
||
|
|
# shellcheck source=/etc/hestiacp/hestia.conf
|
||
|
|
source /etc/hestiacp/hestia.conf
|
||
|
|
# shellcheck source=/usr/local/hestia/func/main.sh
|
||
|
|
source $HESTIA/func/main.sh
|
||
|
|
# load config file
|
||
|
|
source_conf "$HESTIA/conf/hestia.conf"
|
||
|
|
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
# Verifications #
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
|
||
|
|
check_args '2' "$#" 'USER CMD [ARGS]'
|
||
|
|
is_format_valid 'user'
|
||
|
|
is_object_valid 'user' 'USER' "$user"
|
||
|
|
|
||
|
|
# Checking user homedir
|
||
|
|
homedir=$(grep "^$user:" /etc/passwd | cut -f 6 -d :)
|
||
|
|
if [ -z "$homedir" ]; then
|
||
|
|
check_result "$E_NOTEXIST" "Error: user home directory doesn't exist"
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ "$clicmd" = "composer" ]; then
|
||
|
|
clicmd="$homedir/.composer/composer"
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ "$clicmd" = "wp" ]; then
|
||
|
|
clicmd="$homedir/.wp-cli/wp"
|
||
|
|
fi
|
||
|
|
|
||
|
|
if [ -z "$(which "$clicmd")" ]; then
|
||
|
|
check_result "$E_NOTEXIST" "Cli command does not exist $clicmd"
|
||
|
|
fi
|
||
|
|
basecmd="$(basename "$clicmd")"
|
||
|
|
if [ "$basecmd" != 'ps' -a \
|
||
|
|
"$basecmd" != 'ls' -a \
|
||
|
|
"$basecmd" != 'tar' -a \
|
||
|
|
"$basecmd" != 'zip' -a \
|
||
|
|
"$basecmd" != 'unzip' -a \
|
||
|
|
"$basecmd" != 'gzip' -a \
|
||
|
|
"$basecmd" != 'gunzip' -a \
|
||
|
|
"$basecmd" != 'mkdir' -a \
|
||
|
|
"$basecmd" != 'find' -a \
|
||
|
|
"$basecmd" != 'id' -a \
|
||
|
|
"$basecmd" != 'grep' -a \
|
||
|
|
"$basecmd" != 'egrep' -a \
|
||
|
|
"$basecmd" != 'sed' -a \
|
||
|
|
"$basecmd" != 'cat' -a \
|
||
|
|
"$basecmd" != 'php5.6' -a \
|
||
|
|
"$basecmd" != 'php7.0' -a \
|
||
|
|
"$basecmd" != 'php7.1' -a \
|
||
|
|
"$basecmd" != 'php7.2' -a \
|
||
|
|
"$basecmd" != 'php7.3' -a \
|
||
|
|
"$basecmd" != 'php7.4' -a \
|
||
|
|
"$basecmd" != 'php8.0' -a \
|
||
|
|
"$basecmd" != 'php8.1' -a \
|
||
|
|
"$basecmd" != 'php8.2' -a \
|
||
|
|
"$basecmd" != 'php' -a \
|
||
|
|
"$basecmd" != "wp" -a \
|
||
|
|
"$basecmd" != 'composer' ]; then
|
||
|
|
check_result "$E_FORBIDEN" "Error: Cli command not enabled"
|
||
|
|
fi
|
||
|
|
|
||
|
|
all_scriptargs=("$@")
|
||
|
|
for ((I = 3; I <= $#; I++)); do
|
||
|
|
cmdArgs="$cmdArgs ${all_scriptargs[${I} - 1]}"
|
||
|
|
done
|
||
|
|
|
||
|
|
runuser -u "$user" -- $clicmd $cmdArgs 2>&1
|
||
|
|
if [ $? -ne 0 ]; then
|
||
|
|
echo "Error: cmd exited with errors"
|
||
|
|
exit 3
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Logging
|
||
|
|
log_event "$OK" "$ARGUMENTS"
|
||
|
|
|
||
|
|
exit
|