Server IP : 184.154.167.98 / Your IP : 18.119.113.73 Web Server : Apache System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 User : puertode ( 1767) PHP Version : 8.2.26 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/cagefs/ |
Upload File : |
#!/opt/cloudlinux/venv/bin/python3 -bb from __future__ import absolute_import from __future__ import division from __future__ import print_function from __future__ import unicode_literals from future import standard_library standard_library.install_aliases() from builtins import * import sys import os import glob import time import secureio import subprocess from collections import defaultdict from clcommon import login_defs from future.utils import iteritems sys.path.append('/usr/share/cagefs') from cagefslib import ( get_alt_dirs, clean_dir_from_old_session_files, get_opts_from_php_ini, is_clean_user_php_sessions_enabled ) # default period 1440 sec = 24 min _DEFAULT_TIMEOUT = 1440 _PLESK_PHP_SESSIONS_NATIVE_DIR = '/var/lib/php/session' _PLESK_MAX_LIFETIME_SCRIPT = '/usr/lib64/plesk-9.0/maxlifetime' def _get_alt_php_dirs_timeouts(alt_php_dir_list): """ Retrieve alt_php_versions list :param alt_php_dir_list: alt-php directories list :return: dict such as {'55': {'/tmp': 1440}, '54': {'/tmp': 2880}} """ alt_php_dirs_timeouts = defaultdict(dict) # Read /opt/alt/phpXX/etc/php.ini for alt_php_dir in alt_php_dir_list: alt_php_ini_file = '/opt/alt/%s/etc/php.ini' % alt_php_dir session_path, session_lifetime = get_opts_from_php_ini(alt_php_ini_file, _DEFAULT_TIMEOUT) if session_lifetime < _DEFAULT_TIMEOUT: session_lifetime = _DEFAULT_TIMEOUT alt_php_dirs_timeouts[alt_php_dir] = {session_path: session_lifetime} return alt_php_dirs_timeouts def _clean_user(user_pw, alt_php_dirs_timeouts): """ Clean directory from old files :param user_pw: user's pwd object :param alt_php_dirs_timeouts: alt_php versions, paths and timeouts list {'php52': {'/tmp': 1440}, 'php53': {'/tmp': 1440}} :return: None """ # Directory to lifetime map. Example: # {'/var/www/vhosts/cltest1.com/.cagefs/tmp': 1440, # '/var/www/vhosts/cltest1.com/.cagefs/opt/alt/php54/var/lib/php/session': 2880} dir_to_lifetime_map = dict() cagefs_base_path = os.path.join(user_pw.pw_dir, '.cagefs') # 1. Add alt-php session dirs for php_dir, php_ver_dir_lifetime_dict in alt_php_dirs_timeouts.items(): for session_path, session_lifetime in php_ver_dir_lifetime_dict.items(): if session_path.startswith('/'): # Remove leading / session_path = session_path[1:] # Add path to dict fo clean dir_to_add = os.path.join(cagefs_base_path, session_path) dir_to_lifetime_map[dir_to_add] = session_lifetime # 2. Add Plesk native dir /var/lib/php/session inside Cagefs if os.path.isfile(_PLESK_MAX_LIFETIME_SCRIPT): # Plesk script present - determine maxlifetime from it process = subprocess.Popen([_PLESK_MAX_LIFETIME_SCRIPT], stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) std_out, _ = process.communicate() try: # Plesk script gives maxlivetime in minutes, so convert it to seconds session_lifetime = int(std_out.strip()) * 60 # Add path to dict fo clean dir_to_add = os.path.join(cagefs_base_path, _PLESK_PHP_SESSIONS_NATIVE_DIR[1:]) dir_to_lifetime_map[dir_to_add] = session_lifetime except ValueError: # If plesk script gives invalid output - ignore Plesk dir pass # Drop permissions res = secureio.set_user_perm(user_pw.pw_uid, user_pw.pw_gid, exit=False) if res == -1: return # Clean all dirs in dict for sess_dir_name, sess_lifetime in dir_to_lifetime_map.items(): clean_dir_from_old_session_files(sess_dir_name, sess_lifetime) # get back root permissions secureio.set_root_perm() def main(): if not is_clean_user_php_sessions_enabled(): sys.exit(0) alt_php_dirs_timeouts = _get_alt_php_dirs_timeouts(get_alt_dirs()) min_uid = int(login_defs('UID_MIN', 500)) for _, pwnam in secureio.clpwd.get_user_dict().items(): if pwnam.pw_uid >= min_uid: _clean_user(pwnam, alt_php_dirs_timeouts) if __name__ == "__main__": main()