Replace 'sudo' with 'setpriv' for dropping privileges

Lupul · Lupul · commit c1fc2f788279 · 2019-10-06T21:51:45.000+03:00
- sudo and su are meant for adding privileges

- using sudo also floods auth.log with env variables which could contain sensible data like passwords
diff --git a/bin/v-add-fs-archive b/bin/v-add-fs-archive
@@ -52,8 +52,7 @@ for src in $*; do
         src=$(echo "$src"| sed -e "s|/home/$user/||")
 
         # Creating tar.gz archive
-        sudo -u $user -- tar -rf "${archive/.gz/}" -C /home/$user $src >\
-            /dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -rf "${archive/.gz/}" -C /home/$user $src >/dev/null 2>&1
         if [ "$?" -ne 0 ]; then
             echo "Error: archive $archive was not created"
             exit 3
@@ -64,7 +63,7 @@ done
 
 # Checking gzip
 if [[ "$archive" =~ \.gz$ ]]; then
-    sudo -u $user -- gzip "${archive/.gz/}" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- gzip "${archive/.gz/}" >/dev/null 2>&1
     if [ "$?" -ne 0 ]; then
         echo "Error: archive $archive was not gziped"
         exit 3
diff --git a/bin/v-add-fs-directory b/bin/v-add-fs-directory
@@ -33,7 +33,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Adding directory
-sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: directory $dst_dir was not created"
     exit 3
diff --git a/bin/v-add-fs-file b/bin/v-add-fs-file
@@ -33,7 +33,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Creating file
-sudo -u $user -- touch "$dst_file" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- touch "$dst_file" >/dev/null 2>&1
 if [ $? -ne 0 ]; then 
     echo "Error: file $dst_file was not created"
     exit 3
diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain
@@ -83,7 +83,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
     $HOMEDIR/$user/web/$domain/logs/
 
 # Adding domain skeleton
-sudo -u $user -- cp -r $WEBTPL/skel/* "$HOMEDIR/$user/web/$domain/" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- cp -r $WEBTPL/skel/* "$HOMEDIR/$user/web/$domain/" >/dev/null 2>&1
 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
     sed -i "s/%domain%/$domain/g" $file
 done
diff --git a/bin/v-change-fs-file-permission b/bin/v-change-fs-file-permission
@@ -40,7 +40,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Changing file permissions
-sudo -u $user -- chmod -R $permissions "$src_file" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- chmod -R $permissions "$src_file" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: access permission on $src_file was not changed"
     exit 3
diff --git a/bin/v-check-fs-permission b/bin/v-check-fs-permission
@@ -35,7 +35,7 @@ if [ ! -z "$src" ]; then
 fi
 
 # Checking if file has readable permission
-sudo -u $user -- ls "$src" > /dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- ls "$src" > /dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: can't read $src"
     exit 1
diff --git a/bin/v-copy-fs-directory b/bin/v-copy-fs-directory
@@ -47,7 +47,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Copying directory
-sudo -u $user -- cp -rf "$src_dir" "$dst_dir" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- cp -rf "$src_dir" "$dst_dir" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: directory $src_dir was not copied"
     exit 3
diff --git a/bin/v-copy-fs-file b/bin/v-copy-fs-file
@@ -47,7 +47,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Copying file
-sudo -u $user -- cp "$src_file" "$dst_file" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- cp "$src_file" "$dst_file" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: file $src_file was not copied"
     exit 3
diff --git a/bin/v-delete-fs-directory b/bin/v-delete-fs-directory
@@ -34,7 +34,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Deleting directory
-sudo -u $user -- rm -rf "$dst_dir" # >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- rm -rf "$dst_dir" # >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: directory $dst_dir was not deleted"
     exit 3
diff --git a/bin/v-delete-fs-file b/bin/v-delete-fs-file
@@ -34,7 +34,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Deleting file
-sudo -u $user -- rm -f "$dst_file" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- rm -f "$dst_file" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: file $dst_file was not deleted"
     exit 3
diff --git a/bin/v-extract-fs-archive b/bin/v-extract-fs-archive
@@ -52,11 +52,11 @@ fi
 if [ ! -z "$(echo $src_file |egrep -i  '.tgz|.tar.gz')" ]; then
     x='yes'
     if [ -z "$test" ] || [ "$test" = "no" ]; then
-        sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-        sudo -u $user -- tar -xzf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xzf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
         rc=$?
     else
-        sudo -u $user -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
         rc=$?
     fi
 
@@ -66,63 +66,63 @@ fi
 if [ ! -z "$(echo $src_file |egrep -i  '.tbz|.tar.bz')" ]; then
     x='yes'
     if [ -z "$test" ] || [ "$test" = "no" ]; then
-        sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-        sudo -u $user -- tar -xjf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xjf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
         rc=$?
     else
-        sudo -u $user -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
         rc=$?
     fi
 fi
 
 # Extracting gziped file
 if [ ! -z "$(echo $src_file |grep -i  '.gz')" ] && [ -z "$x" ]; then
-    sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- mv "$src_file" "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- gzip -d "$dst_dir/$(basename $src_file)" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mv "$src_file" "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- gzip -d "$dst_dir/$(basename $src_file)" >/dev/null 2>&1
     rc=$?
 fi
 
 # Extracting bziped file
 if [ ! -z "$(echo $src_file |grep -i  '.bz')" ] && [ -z "$x" ]; then
-    sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- mv "$src_file" "$dst_dir"# >/dev/null 2>&1
-    sudo -u $user -- bzip2 -d "$dst_dir/$(basename $src_file)" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mv "$src_file" "$dst_dir"# >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- bzip2 -d "$dst_dir/$(basename $src_file)" >/dev/null 2>&1
     rc=$?
 fi
 
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.zip')" ]; then
-    sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- unzip "$src_file" -d "$dst_dir" >/dev/null 2>&1
     rc=$?
 fi
 
 # Extracting ziped archive
 if [ ! -z "$(echo $src_file |grep -i  '.7z')" ]; then
-    sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- mv "$src_file" "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- p7zip -d "$src_file" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mv "$src_file" "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- p7zip -d "$src_file" >/dev/null 2>&1
     rc=$?
 fi
 
 # Extracting tared archive
 if [ ! -z "$(echo $src_file |grep -i '.tar')" ] && [ -z "$x" ]; then
     x='yes'
     if [ -z "$test" ] || [ "$test" = "no" ]; then
-        sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-        sudo -u $user -- tar -xf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
         rc=$?
     else
-        sudo -u $user -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
         rc=$?
     fi
 fi
 
 # Extracting rared archive
 if [ ! -z "$(echo $src_file |grep -i  '.rar')" ]; then
-    sudo -u $user -- mkdir -p "$dst_dir" >/dev/null 2>&1
-    sudo -u $user -- unrar "$src_file"  "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
+    setpriv --init-groups --reuid "$user" --regid "$user" -- unrar "$src_file"  "$dst_dir" >/dev/null 2>&1
     rc=$?
 fi
 
diff --git a/bin/v-get-fs-file-type b/bin/v-get-fs-file-type
@@ -33,7 +33,7 @@ if [ -z "$(echo $rpath |grep $homedir)" ]; then
 fi
 
 # Listing file type
-sudo -u $user -- file -i -b "$path" 2>/dev/null
+setpriv --init-groups --reuid "$user" --regid "$user" -- file -i -b "$path" 2>/dev/null
 
 # Exiting
 exit $?
diff --git a/bin/v-list-fs-directory b/bin/v-list-fs-directory
@@ -37,7 +37,7 @@ else
 fi
 
 # Listing directory
-sudo -u $user -- find "$path" -maxdepth 1 \
+setpriv --init-groups --reuid "$user" --regid "$user" -- find "$path" -maxdepth 1 \
     -printf "%y|%m|%TY-%Tm-%Td|%TH:%TM|%u|%g|%s|%P\n" 2>/dev/null
 
 # Exiting
diff --git a/bin/v-move-fs-directory b/bin/v-move-fs-directory
@@ -48,7 +48,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Moving directory
-sudo -u $user -- mv "$src_dir" "$dst_dir" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- mv "$src_dir" "$dst_dir" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: directory $src_dir was not moved"
     exit 3
diff --git a/bin/v-move-fs-file b/bin/v-move-fs-file
@@ -48,7 +48,7 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
 fi
 
 # Moving file
-sudo -u $user -- mv "$src_file" "$dst_file" >/dev/null 2>&1
+setpriv --init-groups --reuid "$user" --regid "$user" -- mv "$src_file" "$dst_file" >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     echo "Error: file $src_file was not moved"
     exit 3
diff --git a/bin/v-open-fs-file b/bin/v-open-fs-file
@@ -40,7 +40,7 @@ if [ ! -z "$src_file" ]; then
 fi
 
 # Reading file
-sudo -u $user -- cat "$src_file" 2>/dev/null
+setpriv --init-groups --reuid "$user" --regid "$user" -- cat "$src_file" 2>/dev/null
 if [ $? -ne 0 ]; then
     echo "Error: file $src_file was not opened"
     exit 3
diff --git a/bin/v-restore-user b/bin/v-restore-user
@@ -404,7 +404,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
             rm -rf $HOMEDIR/$user/web/$domain/public_html/*
         fi
         chmod u+w "$HOMEDIR/$user/web/$domain"
-        sudo -u $user -- tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
             -C "$HOMEDIR/$user/web/$domain/" \
             --exclude='logs/*'
         if [ "$?" -ne 0 ]; then
diff --git a/bin/v-search-fs-object b/bin/v-search-fs-object
@@ -38,7 +38,7 @@ else
 fi
 
 # Listing directory
-sudo -u $user -- find "$path" -name "$object" \
+setpriv --init-groups --reuid "$user" --regid "$user" -- find "$path" -name "$object" \
     -printf "%y|%m|%TY-%Tm-%Td|%TH:%TM|%u|%g|%s|%P\n" 2>/dev/null
 #    -printf "%y|%m|%TY-%Tm-%Td|%TH:%TM:%TS|%u|%g|%s|%P\n" 2>/dev/null
 
diff --git a/func/main.sh b/func/main.sh
@@ -257,7 +257,7 @@ parse_object_kv_list() {
     str=${str//\"/\\\"}
     IFS=$'\n'
 
-    suboutput=$(sudo -u nobody bash -c "PS4=''; set -xe; eval \"${str}\"" 2>&1)
+    suboutput=$(setpriv --init-groups --reuid nobody --regid nogroup bash -c "PS4=''; set -xe; eval \"${str}\"" 2>&1)
     check_result $? "Invalid object format: ${str}" $E_INVALID
 
     for objkv in $suboutput; do
diff --git a/func/rebuild.sh b/func/rebuild.sh
@@ -205,7 +205,7 @@ rebuild_web_domain_conf() {
 
     # Propagating html skeleton
     if [ -d "$WEBTPL/skel/document_errors/" ]; then
-        sudo -u $user -- cp -r "$WEBTPL/skel/document_errors/" "$HOMEDIR/$user/web/$domain/"
+        setpriv --init-groups --reuid "$user" --regid "$user" -- cp -r "$WEBTPL/skel/document_errors/" "$HOMEDIR/$user/web/$domain/"
     fi
 
     # Set folder permissions
@@ -293,15 +293,15 @@ rebuild_web_domain_conf() {
         if [ ! -z "$STATS_USER" ]; then
             stats_dir="$HOMEDIR/$user/web/$domain/stats"
             if [ "$WEB_SYSTEM" = 'nginx' ]; then
-                echo "auth_basic \"Web Statistics\";"               |sudo -u $user -- tee    $stats_dir/auth.conf
-                echo "auth_basic_user_file $stats_dir/.htpasswd;"   |sudo -u $user -- tee -a $stats_dir/auth.conf
+                echo "auth_basic \"Web Statistics\";"               |setpriv --init-groups --reuid "$user" --regid "$user" -- tee    $stats_dir/auth.conf
+                echo "auth_basic_user_file $stats_dir/.htpasswd;"   |setpriv --init-groups --reuid "$user" --regid "$user" -- tee -a $stats_dir/auth.conf
             else
-                echo "AuthUserFile $stats_dir/.htpasswd"    |sudo -u $user -- tee    $stats_dir/.htaccess
-                echo "AuthName \"Web Statistics\""          |sudo -u $user -- tee -a $stats_dir/.htaccess
-                echo "AuthType Basic"                       |sudo -u $user -- tee -a $stats_dir/.htaccess
-                echo "Require valid-user"                   |sudo -u $user -- tee -a $stats_dir/.htaccess
+                echo "AuthUserFile $stats_dir/.htpasswd"    |setpriv --init-groups --reuid "$user" --regid "$user" -- tee    $stats_dir/.htaccess
+                echo "AuthName \"Web Statistics\""          |setpriv --init-groups --reuid "$user" --regid "$user" -- tee -a $stats_dir/.htaccess
+                echo "AuthType Basic"                       |setpriv --init-groups --reuid "$user" --regid "$user" -- tee -a $stats_dir/.htaccess
+                echo "Require valid-user"                   |setpriv --init-groups --reuid "$user" --regid "$user" -- tee -a $stats_dir/.htaccess
             fi
-            echo "$STATS_USER:$STATS_CRYPT" |sudo -u $user -- tee $stats_dir/.htpasswd
+            echo "$STATS_USER:$STATS_CRYPT" |setpriv --init-groups --reuid "$user" --regid "$user" -- tee $stats_dir/.htpasswd
         fi
     fi
 
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -38,7 +38,7 @@ if [ "$release" -eq 8 ]; then
         flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota
         e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
         bsdmainutils cron hestia hestia-nginx hestia-php expect libmail-dkim-perl
-        unrar-free vim-common acl sysstat"
+        unrar-free vim-common acl sysstat setpriv"
 elif [ "$release" -eq 9 ]; then
     software="nginx apache2 apache2-utils apache2-suexec-custom
         libapache2-mod-ruid2 libapache2-mod-fcgid libapache2-mod-php php
@@ -50,7 +50,7 @@ elif [ "$release" -eq 9 ]; then
         flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota
         e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
         bsdmainutils cron hestia hestia-nginx hestia-php expect libmail-dkim-perl
-        unrar-free vim-common acl sysstat rsyslog"
+        unrar-free vim-common acl sysstat rsyslog setpriv"
 else
     software="nginx apache2 apache2-utils apache2-suexec-custom
         apache2-suexec-pristine libapache2-mod-fcgid libapache2-mod-php php
@@ -62,7 +62,7 @@ else
         flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota
         e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils
         bsdmainutils cron hestia hestia-nginx hestia-php expect libmail-dkim-perl
-        unrar-free vim-common acl sysstat rsyslog"
+        unrar-free vim-common acl sysstat rsyslog setpriv"
 fi
 
 # Defining help function
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -36,7 +36,7 @@ software="apache2 apache2.2-common apache2-suexec-custom apache2-utils
     ntpdate php php-cgi php-common php-curl phpmyadmin php-mysql php-imap php-ldap
     php-apcu phppgadmin php-pgsql postgresql postgresql-contrib proftpd-basic quota
     roundcube-core roundcube-mysql roundcube-plugins rrdtool rssh spamassassin
-    sudo hestia hestia-nginx hestia-php vim-common vsftpd whois zip acl sysstat"
+    sudo hestia hestia-nginx hestia-php vim-common vsftpd whois zip acl sysstat setpriv"
 
 # Defining help function
 help() {
diff --git a/src/deb/hestia/control b/src/deb/hestia/control
@@ -6,7 +6,7 @@ Section: admin
 Maintainer: HestiaCP <info@hestiacp.com>
 Homepage: https://www.hestiacp.com
 Architecture: amd64
-Depends: bash, awk, sed, acl, sysstat
+Depends: bash, awk, sed, acl, sysstat, setpriv
 Description: hestia
  hestia is an open source hosting control panel.
  hestia has a clean and focused interface without the clutter.
