D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
cloudlinux
/
venv
/
lib
/
python3.11
/
site-packages
/
clcagefslib
/
webisolation
/
Filename :
admin_config.py
back
Copy
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENSE.TXT """ Admin-level configuration for website isolation. Stores path constants for global feature flags and per-user mode directories, and provides helpers that implement the CageFS-style per-user directory layout: <basedir>/<prefix>/<username> where *prefix* is ``uid % 100`` zero-padded to two digits and each user entry is an empty marker file. Directory permissions: ``0o751`` (``drwxr-x--x``). File permissions: ``0o644`` (``-rw-r--r--``). """ import os from ..fs import get_user_prefix WEBSITE_ISOLATION_MARKER = "/opt/cloudlinux/flags/enabled-flags.d/website-isolation.flag" WEBSITE_ISOLATION_AVAILABLE_MARKER = ( "/opt/cloudlinux/flags/available-flags.d/website-isolation.flag" ) # Per-user mode directories (CageFS-style layout): # <dir>/<prefix>/<username> (empty marker file, prefix = uid % 100) # In "Allow All" mode this directory exists and contains denied users (exceptions). ISOLATION_DENIED_DIR = "/etc/cagefs/site-isolation.users.denied" # In "Deny All" mode this directory exists and contains allowed users (exceptions). ISOLATION_ALLOWED_DIR = "/etc/cagefs/site-isolation.users.allowed" DIR_MODE = 0o751 # drwxr-x--x (matches CageFS convention) FILE_MODE = 0o644 # -rw-r--r-- def user_in_dir(dirpath: str, username: str) -> bool: """Check whether *username* has a marker file inside *dirpath*.""" prefix = get_user_prefix(username) return os.path.isfile(os.path.join(dirpath, prefix, username)) def add_user_to_dir(dirpath: str, username: str) -> None: """Create an empty marker file for *username* inside *dirpath*.""" prefix = get_user_prefix(username) prefix_dir = os.path.join(dirpath, prefix) os.makedirs(prefix_dir, mode=DIR_MODE, exist_ok=True) filepath = os.path.join(prefix_dir, username) open(filepath, "w").close() os.chmod(filepath, FILE_MODE) def remove_user_from_dir(dirpath: str, username: str) -> None: """Remove the marker file for *username* inside *dirpath*. Also cleans up the now-empty prefix sub-directory, if applicable. """ prefix = get_user_prefix(username) filepath = os.path.join(dirpath, prefix, username) try: os.remove(filepath) except (IOError, OSError): pass # Remove empty prefix directory prefix_dir = os.path.join(dirpath, prefix) try: os.rmdir(prefix_dir) except (IOError, OSError): pass def list_users_in_dir(dirpath: str) -> set[str]: """Return the set of usernames that have marker files inside *dirpath*.""" users: set[str] = set() try: for entry in os.listdir(dirpath): prefix_path = os.path.join(dirpath, entry) if not os.path.isdir(prefix_path): continue for username in os.listdir(prefix_path): if os.path.isfile(os.path.join(prefix_path, username)): users.add(username) except (FileNotFoundError, OSError): pass return users