7hSrSSKrSSKrSSKJrJr SSKJrJ r SSK J r J r J r SSKrSSKJr SSKJr SSKJr "S S \5rg) Fixperms class for cPanelN)quotejoin)CalledProcessError check_call)S_ISLNKS_ISREGS_ISDIR)PermMap)Args)IDCachec^\rSrSrSrS\S\S\4U4SjjrS\S\ 4S jr S r SU4S jjr S \ RS\4U4S jjrS\S\4SjrSrSrU=r$) CpanelPermMapridsargsuserc >[TU]UUU[R"U5RSUS4S9 [R S:HUlURR[RRURS55 URR[RRURS55 /Ul URURpTUR!SSXE45 UR!S S XE45 UR!S S S 5 UR!SSXE45 UR!SSXE45 UR!SSXE45 UR!SSXE45 UR!SSXE45 UR!SS XE45 [RRURS5[RRURS51UlSUR$S3S/n[&R("SRU55UlUR[RRSUR,5[RRS UR,5[RRS!UR,5S"S#S$S%S&1 Ulg)'Ninobody)rrr all_docroots docroot_chmod docroot_chownsharedmailetcz"\/\.(?:accesshash|pgpass|my\.cnf)$)Nz\/\.imh\/nginx(?:$|\/))iiz\/\.imh(?:$|\/))i)rrz\/\.ssh(?:$|\/))riz\/\.pki(?:$|\/))Niz\/.*\.(?:pl|cgi)$)rN$)Nizx\/.+\/(?:(?:wp-config|conf|[cC]onfig|[cC]onfiguration|LocalSettings|settings)(?:\.inc)?\.php|local\.xml|mt-config\.cgi)$)iNz\/z.cphorde/meta/latestwwwz(?:z\/(?:etc|mail|logs)\/)z(?:.*\/\.ea-php-cli\.cache$)|z/usr/local/apache/domlogsz/etc/apache2/logs/domlogsz/var/log/apache2/domlogsz/home/shrusr/SharedHtDocsDirz/var/lib/mysql/mysql.sockz/var/run/postgres/.s.PGSQL.5432z/run/postgres/.s.PGSQL.5432z:/usr/local/cpanel/base/frontend/paper_lantern/styled/retro)super__init__radsUserData all_rootsIMH_ROLE is_sharedskipaddospathrhomedir bad_linksuidgidadd_rule safe_link_srchome_rerecompilesafe_link_src_rersafe_link_dest)selfrrrr.r/r5 __class__s $/usr/lib/fixperms/fixperms_cpanel.pyr"CpanelPermMap.__init__s= t,66*  (2 bggll4<<89 bggll4<<7888TXXS 1=3*  /#L (.&A (.3*E (-#D *MC:F c=3*5  +  J   e^cZ8 GGLL'= > GGLLu -  4<<. 6 7 + !# 3884D+E F LL GGLL4dii @ GGLL4dii @ GGLL3TYY ? * ' - ) H  r+returncUR(dgXR;ag[RR U5UR ;agUR RU5(ag[U5S[[R"U553nURRU5 URRSU5 [R"U5 g)z6Determine if a symlink is "unsafe" for a shared serverFz -> z*Potentially malicious symlink detected: %sT)r'r1r*r+realpathr6r5matchrreadlinkr-appendlogwarningunlink)r7r+bad_links r9 link_unsafeCpanelPermMap.link_unsafeUs~~ %% % 77  D !T%8%8 8  & &t , ,Dk]$uR[[->'?&@A h' ExP $r;c URR(agURSUR5 URSURR S5R 5 SSSUR/nURRS[U55 URR(ag[U5 g![[4a' URRS[U55 ef=f) zRun /scripts/mailpermNrrz"/usr/local/cpanel/scripts/mailpermz--skiplocaldomainsz --skipmxcheckz Running: %szError running: %s)r skip_mail mailperm_fixr/rgetgrnamgr_gidrrBdebugcmd_joinnooprrOSErrorerror)r7cmd_argss r9 mailpermsCpanelPermMap.mailpermses 99    &$((+ %!2!26!:!A!AB 0  II   }hx&89 99>>   x "G,  HHNN.0B C  s C 7Dcb>[TU]5 UR5 UR5 gN)r!fixpermssend_strrS)r7r8s r9rWCpanelPermMap.fixpermszs!   r;statc>[UR5(aURU5(ag[TU]X5 grV)rst_moderFr! check_path)r7rZr+r8s r9r]CpanelPermMap.check_paths2 4<< T%5%5d%;%;  4&r;subdirdir_gidc,[RRURU5nURR S5R nURU1nURUSS9GHupg[UR5(aURURU4;aSnO URnURUR:wa;URS:a+URR!XvURU4S5 MUR#XvURU5 M[%UR5(aPURU;a UR#XvURS5 GM UR#XvURU5 GM)['UR5(aCUR)U5(aGM\UR#XvURUR5 GMUR*R-SU5 GM g)z6Fix permissions not caught by cPanel's mailperm scriptrT) ignore_skipsNz#Skipping unexpected path type at %s)r*r+rr,rrKrLr/walkr r\st_gidr.st_uidst_nlink hard_linksr)lchownr rrFrBrC) r7r_r`top_dirmail_giddir_gidsrZr+r/s r9rJCpanelPermMap.mailperm_fixsv'',,t||V488$$V,33HHg&))G$)?JDt||$$;;488X"66C((C88t{{*t}}q/@OO''TXXsOTJ D#6&&;;(*KKDHHb9KKDHHg>&&##D)) D$((;  !FM/@r;cUR(dgSRUR5nSnURRS5 URR (ag[ R"SSUR3USU3SS 9 g![aKnURR[U55 URRS S U5 SnAgSnAff=f) zASend an email to str@imhadmin.net if malicious symlinks are foundN zFixperms detected and removed the following symlinks. While these symlinks have been removed from the account in question the account requires further investigationz/An STR will now be sent for review by T2S staffzstr@imhadmin.netzAUTO STR: bad symlinks on z T)to_addrsubjectbodyerrsz4Failed to send STR. An escalation must be sent to anz2available T2S. Include the following information ) r-rrBinforrOr# send_emailrrPrQstr)r7r-topexcs r9rXCpanelPermMap.send_strs~~ IIdnn-  5  GH 99>>   OO*4TYYK@uD ,     HHNN3s8 $ HHMMFF   s()B C'AC""C')r-r'r6r1r5)r<N)__name__ __module__ __qualname____firstlineno____doc__r r rwr"boolrFrSrWr* stat_resultr]intrJrX__static_attributes__ __classcell__)r8s@r9rrsv#B GB 4B sB H * 'r~~'S' 3<r;r)rr*r3shlexrrrN subprocessrrrZrr r r# fixperms_baser fixperms_clir fixperms_idsr rr;r9rs4 )5** ! nGnr;