| Dir : /opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/webisolation/ |
| Server: Linux premium279.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64 IP: 66.29.132.192 |
| Dir : //opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/webisolation/config.py |
# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2021 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
import dataclasses
import json
import os
import pathlib
from pathlib import Path
from clcommon import ClPwd
from clcagefslib.io import write_via_tmp
DOCROOTS_ISOLATED_BASE = Path("/var/clwebisolate/users")
@dataclasses.dataclass
class UserConfig:
enabled_websites: list[str] = dataclasses.field(default_factory=list)
def load_user_config(user: str) -> UserConfig:
path = _get_user_config_path(user)
if not path.exists():
return UserConfig()
try:
return UserConfig(**json.loads(path.read_text()))
except json.JSONDecodeError:
return UserConfig()
def save_user_config(user: str, config: UserConfig | None) -> None:
path = _get_user_config_path(user)
if not config or not config.enabled_websites:
path.unlink(missing_ok=True)
return
path.parent.mkdir(parents=True, exist_ok=True)
write_via_tmp(str(path.parent), str(path), json.dumps(dataclasses.asdict(config), indent=4))
# Set ownership and permissions so user can read their config (but not write)
# root:user_group with 0o640 = owner (root) can read/write, group (user_group) can read only
# User can read via group membership but cannot write because group has no write permission
pw = ClPwd().get_pw_by_name(user)
os.chown(path, os.getuid(), pw.pw_gid) # root:user_group
os.chmod(path, 0o640) # rw-r-----
def _get_user_config_path(user: str) -> pathlib.Path:
pw = ClPwd().get_pw_by_name(user)
directory = DOCROOTS_ISOLATED_BASE / str(pw.pw_uid)
return Path(directory / f"{pw.pw_uid}.json")