def set_sys_user_version(username, version):
"""
Modify a system user's path so that a specific version of php is used by
default for that user.
Args:
username - The username of the system user
version - The PHP version to use
"""
user_info = pwd.getpwnam(username)
os.setegid(user_info.pw_gid)
os.seteuid(user_info.pw_uid)
try:
target = user.home_dir(username) + '.bashrc'
new_content = ''
file_filter.UpdateSection(
target, '# START PHP VERSION PATH', '# END PHP VERSION PATH',
'export PATH=/opt/php-' + version + '/bin' + os.pathsep +
'$PATH').run()
link_dir = '/home/' + username + '/.local/bin/'
link_path = link_dir + 'php'
target_path = '/opt/php-' + version + '/bin/php'
if os.path.exists(link_path):
os.unlink(link_path)
if not os.path.exists(link_dir):
os.makedirs(link_dir)
os.symlink(target_path, link_path)
finally:
os.setegid(0)
os.seteuid(0)
def get_keyfile_name(username, home_dir=False):
"""
Get the file used to hold authorized ssh keys.
Args:
username - The local sytem user
home_dir - (optional) The local system user's home directory
"""
if not home_dir:
home_dir = user.home_dir(username)
return home_dir + '.ssh/authorized_keys'
def mail_directory(domain, email_user, sys_user=False):
"""
Get the directory used to store email messages for an email address.
Args:
domain - The domain of the email address
email_user - The email username exluding the "@" and domain
sys_user - (optional) The system user's username
"""
if sys_user == False:
sys_user = get_account_from_domain(domain)
return user.home_dir(sys_user) + 'mail/' + domain + '/' + email_user + '/'
def set_config_value(name, value, sys_user, path):
"""
Update a text value in a WordPress installation's configuraiton file.
Args:
sys_user - The system user that the WorpPress site is stored in
db_name - The new database name
db_user - The new database user
db_password - The new database password
path - (optional) the webroot for the WordPress installation
"""
if path == False:
path = user.home_dir(sys_user) + 'public_html/'
os.system('sudo -u "' + sys_user + '" -i wp config set ' + ' --path="' +
path + '" "' + name + '" "' + value + '"')
def remove_local_certificates(domain):
"""
Remove any certificates that were deployed to the matching user's ~/cert
folder.
Args:
domain - The domain to unregister
"""
domain = domain.strip()
username = nginx.user_from_domain(domain)
target_dir = user.home_dir(username) + 'certs/'
count = 0
for file in glob.glob(target_dir + '*.pem'):
os.remove(file)
count += 1
return count
def deploy_locals():
"""
Deploy certificates to local system users' "cert" folder
"""
count = 0
for domain in get_local_deploy_domains():
username = nginx.user_from_domain(domain)
target_dir = user.home_dir(username) + 'certs/'
uid = getpwnam(username).pw_uid
gid = getgrnam(username).gr_gid
if not os.path.exists(target_dir):
os.mkdir(target_dir)
if deploy('/etc/letsencrypt/live/' + domain + '/', target_dir, uid,
gid):
print('Deployed ' + username + ' certificate to ~/certs/')
count += 1
return count
def update_config(sys_user, db_name, db_user, db_password, path=False):
"""
Update the database name, user and password for a WordPress installation.
Args:
sys_user - The system user that the WorpPress site is stored in
db_name - The new database name
db_user - The new database user
db_password - The new database password
path - (optional) the webroot for the WordPress installation
"""
if path == False:
path = user.home_dir(sys_user) + 'public_html/'
set_config_value('DB_USER', db_user, sys_user, path)
set_config_value('DB_PASSWORD', db_password, sys_user, path)
set_config_value('DB_NAME', db_name, sys_user, path)
def make_vhost(username, domain, template_name='php', template_fields=False):
"""
Create a new vhost file for a given domain.
Args:
username - The system username that stores the sitesfiles
domain - The domain associated with the new vhost file
template_name - The name of the nginx vhost template to use
"""
modsec = get_modsec_path(domain)
home = user.home_dir(username)
dash_domain = domain.replace('.', '-', 100)
under_domain = domain.replace('.', '_', 100)
vhost_path = get_vhost_path(domain)
local_ip = settings.get('local_ip')
public_ip = settings.get('public_ip')
read_path = template_path(template_name)
fields = get_vhost_headers(read_path)[0]
if not template_fields:
template_fields = []
for key, value in fields:
value = input_util.prompt_value(key, value)
template_fields.append([key, value])
if not os.path.exists(modsec_exception_dir):
os.makedirs(modsec_exception_dir)
if not os.path.exists(vhost_dir):
os.makedirs(vhost_dir)
with open(modsec, 'a+'):
pass
with open(read_path) as template:
with open(vhost_path, 'w') as host:
for line in template:
line = line.replace('DOMAINNAMEE', domain, 10000)
line = line.replace('USERNAMEE', username, 10000)
line = line.replace('DASHDOMAINN', dash_domain, 10000)
line = line.replace('UNDERDOMAINN', under_domain, 10000)
line = line.replace('HOMEDIRR', home, 10000)
line = line.replace('LOCALIPP', local_ip, 10000)
line = line.replace('PUBLICIPP', public_ip, 10000)
line = line.replace('MODSECC', modsec, 10000)
for key, value in template_fields:
line = line.replace(key, value, 10000)
host.write(line)
print('Created ' + vhost_path)
reload()
def create_account(email_user, domain):
"""
Register a new email address in the mail system.
Args:
user - The email username exluding the "@" and domain
domain - The domain of the email address
"""
sys_user = get_account_from_domain(domain)
pwd_user = pwd.getpwnam(sys_user)
shadow_line = email_user + "@" + domain + '::'
shadow_line += str(pwd_user.pw_uid) + ':' + str(
pwd_user.pw_gid) + '::' + user.home_dir(sys_user) + '::'
shadow_line += 'userdb_mail=maildir:~/mail/%Ld/%Ln\n'
with open(settings.get('mail_shadow_file'), 'a+') as shadow:
shadow.write(shadow_line)
user.make_user_dir(configuration_directory(domain, email_user, sys_user),
pwd_user.pw_uid, pwd_user.pw_gid) # for filters
user.make_user_dir(mail_directory(domain, email_user, sys_user),
pwd_user.pw_uid, pwd_user.pw_gid) # for maildir
def ensure_keyfile_exists(username):
"""
Create the file used to hold authorized ssh keys if it does not already
exist.
Args:
username - The local sytem user
"""
home = user.home_dir(username)
keyfile_name = get_keyfile_name(username, home)
uid = getpwnam(username).pw_uid
gid = getgrnam(username).gr_gid
if not os.path.isdir(home + '.ssh'):
os.mkdir(home + '.ssh')
os.chown(home + '.ssh', uid, gid)
os.chmod(home + '.ssh', 0o700)
if not os.path.exists(keyfile_name):
with open(keyfile_name, 'a+') as ak:
pass
os.chown(keyfile_name, uid, gid)
os.chmod(keyfile_name, 0o600)
return home + '.ssh/authorized_keys'
def install_files(sys_user, db_name, db_user, db_password, path=False):
"""
Download Wordpress for a given system user. Then set the database name, user
and password for the new WordPress installation.
Args:
sys_user - The system user that the WorpPress site is stored in
db_name - The existing database name
db_user - The existing database user
db_password - The existing database password
path - (optional) the webroot for the WordPress installation
"""
if path == False:
path = user.home_dir(sys_user) + 'public_html/'
# Set environment
pwd = os.getcwd()
whoami = os.geteuid()
os.seteuid(getpwnam(sys_user).pw_uid)
os.chdir(path)
# Download WordPress
os.system("su - '" + sys_user + "' -c \"wp core download --path='" + path +
"'\"")
# Configure WordPress
command = "su - '" + sys_user + "' -c \"wp config create --skip-check" + \
" --path='" + path + "'" + \
" --dbname='" + db_name + "'" + \
" --dbuser='******'" + \
" --dbpass='******'" + \
"\""
print(command)
os.system(command)
# Reset environment
os.seteuid(whoami)
os.chdir(pwd)
def create_le_certs(domains, username):
"""
Create a certificate for the given array of domains, using the given user's
public_html folder for validation.
Args:
domains - An array of domains that will be covered by the new
certificate
username - The system user assigned to the domain
"""
domain_string = ''
for dom in domains:
domain_string += ' -d ' + dom.lower().strip()
command = 'letsencrypt certonly --noninteractive --webroot' + domain_string + ' --webroot-path "' + user.home_dir(
username.strip()) + '/public_html/"'
print(command)
return 0 == os.system(command)
def add_ssl_to_site_hosts(domain):
"""
Replace a non-SSL nginx vhost configuration file with it's corresponding
SSL-enabled version. If there are already SSL configuration lines detected
in the file, it will not be modified.
Args:
domain - The domain associated with the nginx vhost file
"""
full_file = get_vhost_path(domain)
local_ip = settings.get('local_ip')
public_ip = settings.get('public_ip')
modsec = get_modsec_path(domain)
fields, username, domain, template = get_vhost_headers(full_file)
dash_domain = domain.replace('.', '-')
under_domain = domain.replace('.', '_')
field_needle = re.compile('^# Field')
home = user.home_dir(username)
if not (template.endswith('-ssl') or template.endswith('-hsts')):
template += '-ssl'
template_path = settings.get(
'install_path') + 'etc/nginx-templates/' + template
if not os.path.exists(template_path):
print('Unable to find template: ' + template)
return False
with open(template_path) as template_file:
with open(full_file, 'w') as vhost:
for line in template_file:
if field_needle.search(line) != None:
field_fiedles = field_header_extract.search(line)
key = field_fiedles.group(2)
value = ''
for entry in fields:
if key == entry[0]:
value = entry[1]
break
line = field_fiedles.group(1) + \
key + \
field_fiedles.group(3) + \
value
else:
line = line.replace('DOMAINNAMEE', domain, 100)
line = line.replace('USERNAMEE', username, 100)
line = line.replace('DASHDOMAINN', dash_domain, 100)
line = line.replace('UNDERDOMAINN', under_domain, 100)
line = line.replace('HOMEDIRR', home, 10000)
line = line.replace('LOCALIPP', local_ip, 10000)
line = line.replace('PUBLICIPP', public_ip, 10000)
line = line.replace('MODSECC', modsec, 10000)
for field in fields:
key, value = field
line = line.replace(key, value, 100)
vhost.write(line)
reload()
print('Updated ' + full_file)
return True