shlaguernetes/sh8s_deployer
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jeancloud.env cree, user accessible que par root

Browse Source
This commit is contained in:
eleonore12345 2024-08-12 11:54:12 +02:00
parent 549bfe74e3
commit bfc872dab8
2 changed files with 59 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/BashModule.cpp
View File

@ -51,7 +51,7 @@ int BashModule::executeScript(string serviceUsername, string script)
return status; return status;
} else { } else {
//child process //child process
if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", script.c_str(), (char *)0)==-1) if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--", script.c_str(), (char *)0)==-1)
{ {
cerr << "Error in the execl call of " << script << endl; cerr << "Error in the execl call of " << script << endl;
} }
@ -105,7 +105,7 @@ int BashModule::executeScriptAs(string serviceUsername, string script)
//executing as the user corresponding to the service //executing as the user corresponding to the service
setgid(p->pw_gid); setgid(p->pw_gid);
setuid(p->pw_uid); setuid(p->pw_uid);
if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", script.c_str(), serviceUsername, (char *)0)==-1) if(execl("/bin/bash", "/bin/bash", "--noediting", "--noprofile", "--norc", "--",script.c_str(), serviceUsername, (char *)0)==-1)
{ {
cerr << "Error in the execl call of " << script << endl; cerr << "Error in the execl call of " << script << endl;
} }

70
src/main.cpp
View File

@ -7,6 +7,7 @@
#include <iostream> #include <iostream>
#include <cstring> #include <cstring>
#include <filesystem> #include <filesystem>
#include <fstream>
#include "Services.h" #include "Services.h"
#include "Modules.h" #include "Modules.h"
#include "BashManager.h" #include "BashManager.h"
@ -33,7 +34,8 @@ int isServiceOnServer(string serviceUsername)
return 0; return 0;
} }
int createUser(string serviceUsername){ int createUser(string serviceUsername)
{
//this method creates a Unix user dedicated to the service //this method creates a Unix user dedicated to the service
//get the User ID from servers.csv //get the User ID from servers.csv
int uidStart=2000; //so that the uids do not overlap with existing uids int uidStart=2000; //so that the uids do not overlap with existing uids
@ -48,25 +50,65 @@ int createUser(string serviceUsername){
return 0; return 0;
} }
//create user //create user
string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername; string cmd2 ="useradd -u " + to_string(uid) + " " + serviceUsername + "&& usermod -s /sbin/nologin "+ serviceUsername; //no direct login
cout << cmd2 << endl; string res2 = BashManager::executeAndReadResult(cmd2);
int res2 = BashManager::execute(cmd2); if (res2 != ""){
if (res2 != 0){
cerr << "Error when executing the bash command to create a user specific to the service." << endl; cerr << "Error when executing the bash command to create a user specific to the service." << endl;
cerr << res2 << endl;
return -1; return -1;
} }
return 0; return 0;
} }
int createEnv(string serviceUsername){ int createEnvService(string serviceUsername)
//TO DO {
cout << "create env called" << endl; //create directories
//filesystem::create_directories()
/*
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
run chown $uid "$DATA_DIR"
run chmod 751 "$DATA_DIR"
run chown $uid:www-data -R "$HTTP_DIR"
if [ -d "$SECRET_DIR" ] ; then
run chown $uid "$SECRET_DIR" -R
run chmod 751 "$SECRET_DIR" -R
fi*/ return 0;
}
int removeEnvService()
{
/*
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"*/
return 0; return 0;
} }
int deployAll(){ int createEnv()
{
string proxyDir="etc/nginx";
string dns_certs_path="/data/dnscerts.jean-cloud.org/certs/live";
string http_certs_path="/etc/letsencrypt/live";
ofstream outfile ("/etc/jeancloud.env");
outfile << "proxy_dir=" << proxyDir << endl;
outfile << "nginx_conf_path=" << proxyDir << "/sites-enabled/" <<endl;
outfile << "new_nginx_conf_path=" << proxyDir << "/new-sites-enabled" << endl;
outfile << "dns_certs_path=" << dns_certs_path << endl;
outfile << "http_certs_path=" << http_certs_path << endl;
outfile << "dummy_cert_path=" << http_certs_path << "/dummy" <<endl;
outfile << "servicefile=/services/services.csv";
outfile << "services_uid_start=2000" << endl;
outfile.close();
return 0;
}
int deployAll()
{
//this method deploys all the services that are on this server //this method deploys all the services that are on this server
cout << "deploying all" <<endl; cout << "deploying all" <<endl;
createEnv();
//for each service deploy service
return 0; return 0;
} }
@ -78,8 +120,8 @@ int deployService(string serviceUsername){
return -1; return -1;
} }
//environment variables creation //environment variables creation
if(int envCreated = createEnv(serviceUsername);envCreated!=0){ if(int envCreated = createEnvService(serviceUsername);envCreated!=0){
return -1; return -1;
} }
//call to the deploy functionality of all modules //call to the deploy functionality of all modules
//the modules themselves determine their course of action depending on the service //the modules themselves determine their course of action depending on the service
@ -96,12 +138,14 @@ int deployService(string serviceUsername){
return 0; return 0;
} }
int removeAll(){ int removeAll()
{
cout << "removing all"<<endl; cout << "removing all"<<endl;
return 0; return 0;
} }
int removeService(string serviceUsername){ int removeService(string serviceUsername)
{
cout<< "removing service"<<endl; cout<< "removing service"<<endl;
return 0; return 0;
} }