Viewing File: /opt/cloudlinux/venv/lib/python3.11/site-packages/clcagefslib/webisolation/admin_config.py

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
"""
Admin-level configuration for website isolation.

Stores path constants for global feature flags and per-user mode
directories, and provides helpers that implement the CageFS-style
per-user directory layout:

    <basedir>/<prefix>/<username>

where *prefix* is ``uid % 100`` zero-padded to two digits and each user
entry is an empty marker file.

Directory permissions: ``0o751`` (``drwxr-x--x``).
File permissions:      ``0o644`` (``-rw-r--r--``).
"""
import os

from ..fs import get_user_prefix

WEBSITE_ISOLATION_MARKER = "/opt/cloudlinux/flags/enabled-flags.d/website-isolation.flag"
WEBSITE_ISOLATION_AVAILABLE_MARKER = (
    "/opt/cloudlinux/flags/available-flags.d/website-isolation.flag"
)

# Per-user mode directories (CageFS-style layout):
#   <dir>/<prefix>/<username>  (empty marker file, prefix = uid % 100)
# In "Allow All" mode this directory exists and contains denied users (exceptions).
ISOLATION_DENIED_DIR = "/etc/cagefs/site-isolation.users.denied"
# In "Deny All" mode this directory exists and contains allowed users (exceptions).
ISOLATION_ALLOWED_DIR = "/etc/cagefs/site-isolation.users.allowed"

DIR_MODE = 0o751    # drwxr-x--x  (matches CageFS convention)
FILE_MODE = 0o644   # -rw-r--r--


def user_in_dir(dirpath: str, username: str) -> bool:
    """Check whether *username* has a marker file inside *dirpath*."""
    prefix = get_user_prefix(username)
    return os.path.isfile(os.path.join(dirpath, prefix, username))


def add_user_to_dir(dirpath: str, username: str) -> None:
    """Create an empty marker file for *username* inside *dirpath*."""
    prefix = get_user_prefix(username)
    prefix_dir = os.path.join(dirpath, prefix)
    os.makedirs(prefix_dir, mode=DIR_MODE, exist_ok=True)
    filepath = os.path.join(prefix_dir, username)
    open(filepath, "w").close()
    os.chmod(filepath, FILE_MODE)


def remove_user_from_dir(dirpath: str, username: str) -> None:
    """Remove the marker file for *username* inside *dirpath*.

    Also cleans up the now-empty prefix sub-directory, if applicable.
    """
    prefix = get_user_prefix(username)
    filepath = os.path.join(dirpath, prefix, username)
    try:
        os.remove(filepath)
    except (IOError, OSError):
        pass

    # Remove empty prefix directory
    prefix_dir = os.path.join(dirpath, prefix)
    try:
        os.rmdir(prefix_dir)
    except (IOError, OSError):
        pass


def list_users_in_dir(dirpath: str) -> set[str]:
    """Return the set of usernames that have marker files inside *dirpath*."""
    users: set[str] = set()
    try:
        for entry in os.listdir(dirpath):
            prefix_path = os.path.join(dirpath, entry)
            if not os.path.isdir(prefix_path):
                continue
            for username in os.listdir(prefix_path):
                if os.path.isfile(os.path.join(prefix_path, username)):
                    users.add(username)
    except (FileNotFoundError, OSError):
        pass
    return users