#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/mailperm Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited package scripts::mailperm; use strict; use warnings; use Digest::MD5 (); use Getopt::Long (); use IO::Handle (); use Try::Tiny; use Cpanel::PwCache::Helpers (); use Cpanel::PwCache::Build (); use Cpanel::Exim (); use Cpanel::Signal (); use Cpanel::SafeFind (); use Cpanel::Logger (); use Cpanel::FileUtils::TouchFile (); use Cpanel::Rlimit (); use Cpanel::AccessIds::ReducedPrivileges (); use Cpanel::PwCache (); use Cpanel::Config::LoadUserDomains (); use Cpanel::ConfigFiles (); use Cpanel::Email::MX (); use Cpanel::Email::Perms (); use Cpanel::Email::Perms::System (); use Cpanel::Email::Perms::User (); use Cpanel::MailTools::DBS (); use Cpanel::LoginDefs (); use Cpanel::Config::LoadConfig (); my $logger = Cpanel::Logger->new(); my @MAILDIR_FILES_TO_SKIP = qw( dovecot-keywords dovecot-uidlist dovecot-uidvalidity.* dovecot\\.index dovecot\\.index.cache dovecot\\.index.log dovecot\\.index.log.2 maildirsize subscriptions ); my $maildir_files_to_skip_re = join '|', @MAILDIR_FILES_TO_SKIP; exit main(@ARGV) unless caller; sub main { my (@args) = @_; local $@; my $verbose = 0; my $skiplocal = 0; my $skipmxcheck = 0; my $skipperm = 0; my $dirsonly = 0; my $no_restart_cpsrvd = 0; my $help = 0; # Argument processing my %arg_ops = ( 'help' => \$help, 'verbose' => \$verbose, 'skiplocaldomains' => \$skiplocal, 'skipmxcheck' => \$skipmxcheck, 'skipserverperm' => \$skipperm, 'dirsonly' => \$dirsonly, 'no-restart-cpsrvd' => \$no_restart_cpsrvd, ); Getopt::Long::GetOptionsFromArray( \@args, %arg_ops, ) or return _usage(1); return _usage(0) if $help; my %opts = map { $_ => ${ $arg_ops{$_} } } keys %arg_ops; if (@args) { $opts{'checkuser'} = $args[-1]; } my ( $status, $message ) = eval { __PACKAGE__->script(%opts) }; if ($@) { print "$@\n"; return 1; } return 0 if $status; if ($message) { print STDERR $message . "\n"; } return 1; } sub script { my ( $class, %OPTS ) = @_; my ( $checkuser, $skiplocal, $skipmxcheck, $skipperm, $dirsonly, $verbose ) = @OPTS{qw( checkuser skiplocaldomains skipmxcheck skipserverperm dirsonly verbose)}; return 1 if ( $ENV{'DONT_RUN_MAILPERM'} ); Cpanel::Rlimit::set_rlimit(); my $pidfile = '/var/run/mailperms.pid'; my $is_global = 0; my $previous_command_name = $0; if ($checkuser) { if ( !( Cpanel::PwCache::getpwnam($checkuser) )[0] ) { warn "!! Specified user is not a valid system account !!\n\n"; _usage(); return ( 0, "The specified user '$checkuser' is not a valid system account" ); } $0 = 'mailperm - single user'; } else { $is_global = 1; $0 = 'mailperm - global'; require Cpanel::Unix::PID::Tiny; my $upid = Cpanel::Unix::PID::Tiny->new(); if ( !$upid->pid_file($pidfile) ) { my $pid = $upid->get_pid_from_pidfile($pidfile); $logger->warn("mailperm - previous instance: [$pid]"); $0 = $previous_command_name; return ( 0, 'Another mailperm instance is running' ); } } my ( $exim_bin, $exim_version, $exim_caps ) = Cpanel::Exim::fetch_caps(); my $needs_mail_gid_shadow = ( $exim_caps->{'dovecot'} ) ? 0 : 1; $Cpanel::Email::Perms::VERBOSE = $verbose; my $changed_external_auth = 0; # Signal cpsrvd to reload its config. # do not restart cpsrvd on a fresh install ( cpsrvd is running but is restarted later ) # this avoids to solve continuously "perl dependencies issues" in the exim rpm Cpanel::Signal::send_hup_cpsrvd() if $changed_external_auth && !$OPTS{'no-restart-cpsrvd'}; Cpanel::Email::Perms::System::ensure_system_perms(); if ( !$skipperm ) { require '/usr/local/cpanel/scripts/checkexim.pl'; ## no critic qw(RequireBarewordIncludes) scripts::checkexim::checkeximperms(); } chmod( 0666, '/dev/null' ); _update_local_domains( 'checkuser' => $checkuser, 'skipmxcheck' => $skipmxcheck, 'verbose' => $verbose ) if !$skiplocal; _set_perms( 'checkuser' => $checkuser, 'dirsonly' => $dirsonly, 'verbose' => $verbose, 'is_global' => $is_global ) if !$skipperm; chmod( 0666, '/dev/null' ); $0 = $previous_command_name; return 1; } sub _update_local_domains { my (%OPTS) = @_; my ( $checkuser, $skipmxcheck, $verbose ) = @OPTS{qw( checkuser skipmxcheck verbose )}; Cpanel::FileUtils::TouchFile::touchfile($Cpanel::ConfigFiles::REMOTEDOMAINS_FILE); Cpanel::FileUtils::TouchFile::touchfile($Cpanel::ConfigFiles::LOCALDOMAINS_FILE); my $localdomains_ref = Cpanel::Config::LoadConfig::loadConfig( $Cpanel::ConfigFiles::LOCALDOMAINS_FILE, undef, '' ); my $remotedomains_ref = Cpanel::Config::LoadConfig::loadConfig( $Cpanel::ConfigFiles::REMOTEDOMAINS_FILE, undef, '' ); my $secondarymx_ref = Cpanel::Config::LoadConfig::loadConfig( $Cpanel::ConfigFiles::SECONDARYMX_FILE, undef, '' ); my $userdomains_ref = Cpanel::Config::LoadUserDomains::loaduserdomains( undef, 1 ); my %missing_domains; require Cpanel::Hostname; my $hostname = Cpanel::Hostname::gethostname(); $userdomains_ref->{$hostname} = 1; foreach my $domain ( keys %{$userdomains_ref} ) { if ( !exists $localdomains_ref->{$domain} && !exists $remotedomains_ref->{$domain} ) { $missing_domains{$domain} = 1; } } if ( !$skipmxcheck ) { require Whostmgr::DNS::MX; foreach my $domain ( sort keys %{$userdomains_ref} ) { next if ( $domain =~ m/^\*/ ); my $user = $userdomains_ref->{$domain}; next if ( !$user || $user eq 'root' || ( $checkuser && $checkuser ne $user ) ); print "Checking mx configuration for $domain ($user)..." if $verbose; my $alwaysaccept = Cpanel::Email::MX::get_mxcheck_configuration( $domain, $user ); print "[$alwaysaccept]..." if $verbose; # # We need to update proxysubdomains here because nothing else # will be doing it for us # if ( $alwaysaccept eq 'local' && ( !exists $localdomains_ref->{$domain} || exists $remotedomains_ref->{$domain} || exists $secondarymx_ref->{$domain} ) ) { Cpanel::MailTools::DBS::setup( $domain, 'localdomains' => 1, 'remotedomains' => 0, 'secondarymx' => 0, 'update_proxy_subdomains' => 1 ); } elsif (( $alwaysaccept eq 'secondary' || $alwaysaccept eq 'backup' ) && ( exists $localdomains_ref->{$domain} || !exists $remotedomains_ref->{$domain} || !exists $secondarymx_ref->{$domain} ) ) { Cpanel::MailTools::DBS::setup( $domain, 'localdomains' => 0, 'remotedomains' => 1, 'secondarymx' => 1, 'update_proxy_subdomains' => 1 ); } elsif ( $alwaysaccept eq 'remote' && ( exists $localdomains_ref->{$domain} || !exists $remotedomains_ref->{$domain} || exists $secondarymx_ref->{$domain} ) ) { Cpanel::MailTools::DBS::setup( $domain, 'localdomains' => 0, 'remotedomains' => 1, 'secondarymx' => 0, 'update_proxy_subdomains' => 1 ); } elsif ( $missing_domains{$domain} ) { { no warnings 'once'; my $checkmx = Whostmgr::DNS::MX::checkmx( $domain, undef, $alwaysaccept, $Whostmgr::DNS::MX::NO_UPDATEUSERDOMAINS, $Whostmgr::DNS::MX::DO_UPDATE_PROXY_SUBDOMAINS ); } } print "Done\n" if $verbose; } } else { foreach my $domain ( keys %missing_domains ) { Cpanel::MailTools::DBS::setup( $domain, 'localdomains' => 1, 'remotedomains' => 0, 'secondarymx' => 0, 'update_proxy_subdomains' => 1 ); } } return; } sub _set_perms { ## no critic (Subroutines::ProhibitExcessComplexity) my (%OPTS) = @_; my $checkuser = $OPTS{'checkuser'}; my $dirsonly = $OPTS{'dirsonly'} ? 1 : 0; my $verbose = $OPTS{'verbose'} ? 1 : 0; my $is_global = $OPTS{'is_global'} || 0; my $mailgid = ( Cpanel::PwCache::getpwnam('mail') )[3]; my $pwcache_ref; if ($checkuser) { my @pw_data = Cpanel::PwCache::getpwnam($checkuser); $pwcache_ref = [ \@pw_data ]; } else { Cpanel::PwCache::Build::init_passwdless_pwcache(); Cpanel::PwCache::Helpers::no_uid_cache(); #uid cache only needed if we are going to make lots of getpwuid calls $pwcache_ref = Cpanel::PwCache::Build::fetch_pwcache(); } Cpanel::SafeFind::find( sub { }, '/dev/null' ); #init File::Find my $userdomains_ref = Cpanel::Config::LoadUserDomains::loaduserdomains( undef, 0, 1 ); my $uid_min = Cpanel::LoginDefs::get_uid_min(); my ( $cpuser, $useruid, $usergid, $homedir ); foreach my $pwref ( sort { $a->[0] cmp $b->[0] } grep { exists $userdomains_ref->{ $_->[0] } && $_->[2] >= $uid_min } @$pwcache_ref ) { ( $cpuser, $useruid, $usergid, $homedir ) = ( (@$pwref)[ 0, 2, 3, 7 ] ); next if ( $checkuser && $cpuser ne $checkuser ); if ( !$useruid || !$usergid || !$homedir ) { warn "Skipping invalid user $cpuser"; next; } if ( exists $userdomains_ref->{$cpuser} ) { foreach my $domain ( @{ $userdomains_ref->{$cpuser} } ) { Cpanel::Email::Perms::System::ensure_domain_system_perms( $useruid, $domain ); } } if ( -e "$homedir/mail" || -e "$homedir/etc" ) { Cpanel::AccessIds::ReducedPrivileges::call_as_user( sub { local $0 = 'mailperm - ' . ( $is_global ? 'global ' : '' ) . 'processing ' . $cpuser; my ( $mode, $fuid, $fgid, $safefile ); Cpanel::SafeFind::find( { 'wanted' => sub { return if ( !$File::Find::name || -l $File::Find::name ); ( $mode, $fuid, $fgid ) = ( stat(_) )[ 2, 4, 5 ]; ($safefile) = $File::Find::name =~ /(.*)/; if ( $fuid != $useruid || ( $fgid != $usergid && $fgid != $mailgid ) ) { my $changed = chown( $useruid, $usergid, $safefile ); if ($verbose) { if ($changed) { print "Fixed ownership on $File::Find::name: was ($fuid:$fgid), now ($useruid:$usergid)\n"; } else { print "Unable to fix ownership on $File::Find::name: currently ($fuid:$fgid), should be ($useruid:$usergid)\n"; } } } return if ( $File::Find::name =~ m/\/(?:$maildir_files_to_skip_re)$/ || $File::Find::name =~ m/\.cppop\.cache(?:\.msgs)?$/ ); ( $mode, my $want ) = map { sprintf '%04o', $_ & 07777 } $mode, $Cpanel::Email::Perms::MAILDIR_PERMS; if ( -d _ ) { # All dirs must now be 0751 with dovecot 2.2. # in order to avoid: # "Renaming not supported across conflicting directory permissions." if ( $mode ne $want ) { #all of these are ok my $changed = chmod( $Cpanel::Email::Perms::MAILDIR_PERMS, $safefile ); if ($verbose) { if ($changed) { print "Fixed permissions on $File::Find::name : was ($mode), now ($want)\n"; } else { print "Unable to fix permissions on $File::Find::name : currently ($mode), should be ($want)\n"; } } } if ( $dirsonly && $safefile =~ m{\/\.[^\/]+\/[^\/]+$} ) { no warnings 'once'; return ( $File::Find::prune = 1 ); } return; } #NOTE: Until 11.54 this was 0660. Cobra #couldn’t think of any reason why anyone #but the user should be modifying the home #directory, though, so we changed it to 0640. # elsif ( !$dirsonly && $mode ne '0640' ) { my $changed = chmod( 0640, $safefile ); if ($verbose) { if ($changed) { print "Fixed permissions on $File::Find::name: was ($mode), now (0640)\n"; } else { print "Unable to fix permissions on $File::Find::name: currently ($mode), should be (0640)\n"; } } } }, 'follow' => 0, 'no_chdir' => 1 }, $homedir . '/mail' ); return 1; }, $useruid, $usergid, $mailgid ) || do { warn "Could not setuid to $cpuser ($useruid,$usergid + $mailgid)"; }; try { Cpanel::Email::Perms::User::ensure_all_perms($homedir); } catch { warn $_; }; } else { print "Skipping $homedir (etc and mail missing)\n"; } } return; } sub _usage { my ($retval) = @_; my $fh = $retval ? \*STDERR : \*STDOUT; $fh->print(<<'EOM'); Usage: mailperm <modifier> <user> Arguments: <user> - Optional argument to specify the scope of the permissions checks. The specified user must be a valid system account. Modifier Flags: --skiplocaldomains - This optional argument bypasses addition of missing domains to the /etc/localdomains file when specified. The localdomains file specifies to Exim that it should always accept delivery for the listed domains. Remote domains are removed from /etc/localdomains regardless of this flag. --skipmxcheck - This optional argument bypasses synchronizing the mail exchanger setting from the cpanel users file to the system. --dirsonly - This optional flag limits setting permissions to only modifying directories. NOTE: The “maildirsize” files are always fixed if needed. --skipserverperm - This optional flag prevents modification of the mail system files used by Exim and limits the scope of permission modifications to the mail account files. --verbose - This optional flag signals the utility to report detected permissions problems per user prior to modifying any permissions. --help - display this message and exit. EOM return $retval; } 1;

En construcción …

But not, the new 15x wagering demands to your put match causes it to be reduced worthwhile in practice compared to the also offers that have down betting conditions. Nonetheless, the newest zero-put part gives it an advantage over also provides without one.step 3. Games Eligibility (15%) – (4.0/5)The newest $20 added bonus is bound…
For those venturing right into the lively globe of on-line gaming, a well-designed incentive can be greater than simply a perk– it becomes part of the experience. I lately had the advantage of working together with the group at OnlyWin to create an engaging visual identification for their latest advertising emphasize, a no deposit bonus…
It’s in the much more than simply and therefore sportsbook contains the better opportunity – we view from customer service through to playing have and offers. Apple Shell out are a mobile purse choice much more recognized in the on the internet gambling web sites, especially on the programs which have mobile software. Fruit Pay…
A lot more basically, the opportunity calculator allows you to determine the entire odds of an excellent parlay wager, from to around one hundred selections. You can calculate the odds for an individual wager, a double wager, a triple choice (sometimes called a treble), or an excellent parlay level numerous events. It means a great…
You can find approximate dates however and Bing within the accurate week-end the entire year pay a visit to. Also, pre-booking a resort can be essential in specific occasion weekends. If you want to spend your day in the Klaipėda sightseeing, here are the greatest details utilizing your own ~7 totally free instances inside Klaipėda…
Avoid using an enthusiastic unlicensed gaming webpages as numerous of those are unethical and simply have to discount your finances. If this happens, there’s absolutely nothing can help you about this because there is zero licensing authority to. Our very own pros have verified you to definitely Sportsbetting.united states comes with a valid licenses which…
I siti di slot devono concedere preferenza alla variante mobilio, sviluppando app verso iOS addirittura Android ad esempio offrono un’esperienza di artificio snella. Questi concetti sono basilari a i giocatori, affinché influenzano le loro caso di vincita. Un payout di nuovo un RTP alti significano come il inganno è disinteressato anche restituisce una percentuale superiore…
Una versione interessante di corrente artificio è Book of Ra Magic, che aggiunge Casinò con prelievi rapidi nuove efficienza anche simboli speciali per rendere l’abilità ancora ancora avvincente. Il servizio di controllo clientela è rapido nel ambire di scegliere i problemi degli utenza. Le sezioni di appoggio sono complete di nuovo offrono informazioni aspetto agli fruitori…
Your wear’t buy gender ladysone nj because you perform with prostitutes – you only pay for their organization, and you may sex is a part of it… potentially. Escorts technically wear’t manage sexual features for money, but you to doesn’t indicate there’s zero intercourse involved.
Bilan acceptant disponible 24/7, jeu, établissement de bonus , ! arguments en compagnie de règlement allègres. Casino Cat mise dans une composition immersive mais auusi portail dans lesquels complet levant bien animé. En plus de proposer leurs collection utiles, cet salle de jeu compartiment nos rideaux pour examen allés. Avec 100 Quest, le but reste…