File: //usr/sbin/cagefsctl-user
#!/opt/cloudlinux/venv/bin/python3 -sbb
# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
"""
User-level CLI utility for managing website isolation.
This script runs via proxyexec with root privileges but operates on behalf
of the calling user. It validates that the user only manages domains they own.
Commands:
site-isolation-enable --domain DOMAIN[,DOMAIN2,...] Enable site isolation for domain(s)
site-isolation-disable --domain DOMAIN[,DOMAIN2,...] Disable site isolation for domain(s)
site-isolation-list List domains with site isolation enabled
All commands output JSON:
Success: {"result": "success", "enabled_sites": ["domain1", "domain2"]}
Error: {"result": "ERROR_CODE"}
"""
import argparse
import json
import logging
import os
import sys
import pwd
from clcommon.cpapi import domain_owner
from clcommon.cpapi.cpapiexceptions import NoDomain
from clcagefslib.cli import (
call_via_proxyexec,
in_cagefs,
is_running_via_proxyexec,
)
from clcagefslib.domain import (
enable_website_isolation,
disable_website_isolation,
get_websites_with_enabled_isolation,
is_website_isolation_allowed_server_wide,
is_website_isolation_allowed_for_user,
)
from clcagefslib.fs import user_exists
# Logging configuration
LOG_FILE = "/var/log/cloudlinux/cagefsctl-user.log"
# Proxyexec alias for all cagefsctl-user commands
PROXYEXEC_ALIAS = "CAGEFSCTL_USER"
def setup_logger():
"""
Set up logging to file only (no console output).
Returns:
logging.Logger: Configured logger instance
"""
logger = logging.getLogger("cagefsctl-user")
logger.setLevel(logging.INFO)
# Disable propagation to root logger to prevent console output
logger.propagate = False
try:
fh = logging.FileHandler(LOG_FILE)
fh.setFormatter(logging.Formatter(
"[%(levelname)s | %(asctime)s]: %(message)s"
))
logger.addHandler(fh)
except (IOError, OSError):
# Cannot write to log file, continue without file logging
pass
return logger
logger = setup_logger()
class ErrorCodes:
"""Error codes for JSON responses."""
SITE_ISOLATION_NOT_ALLOWED = "Site isolation feature is not allowed"
DOMAIN_NOT_FOUND = "Specified domain is not found"
USER_NOT_FOUND = "User not found"
INTERNAL_ERROR = "Internal error"
MISSING_DOMAIN = "Domain is not specified"
ROOT_NOT_ALLOWED = "Utility cannot be run as root"
def get_calling_user():
"""
Get the username of the calling user from proxyexec environment.
When running via proxyexec, PROXYEXEC_UID contains the original user's UID.
Falls back to current process UID if not set.
Returns:
str: Username of the calling user
None: If user cannot be determined
"""
proxyexec_uid = os.environ.get("PROXYEXEC_UID")
if not proxyexec_uid:
return None
try:
uid = int(proxyexec_uid)
pw = pwd.getpwuid(uid)
return pw.pw_name
except (ValueError, KeyError):
return None
def json_response(result, enabled_sites=None, message=None):
"""
Create a JSON response dictionary.
Args:
result: "success" or error code
enabled_sites: Optional list of enabled sites (for success responses)
message: Optional error message with additional details
Returns:
dict: Response dictionary
"""
response = {"result": result}
if enabled_sites is not None:
response["enabled_sites"] = enabled_sites
if message is not None:
response["message"] = message
return response
def output_json(response):
"""Print JSON response to stdout."""
print(json.dumps(response))
def validate_domain_ownership(username, domain):
"""
Validate that a domain belongs to the specified user.
Args:
username: The username to check ownership for
domain: The domain to validate
Returns:
tuple: (is_valid, error_code)
is_valid: True if domain belongs to user
error_code: Error code if validation fails, None otherwise
"""
try:
owner = domain_owner(domain)
if owner is None:
return False, ErrorCodes.DOMAIN_NOT_FOUND
if owner != username:
return False, ErrorCodes.DOMAIN_NOT_FOUND
return True, None
except NoDomain:
return False, ErrorCodes.DOMAIN_NOT_FOUND
except Exception:
return False, ErrorCodes.INTERNAL_ERROR
def get_validated_user():
"""
Get the calling user and validate they exist.
Returns:
tuple: (username, error_code)
username: The validated username, or None if validation failed
error_code: Error code if validation failed, or None if successful
"""
username = get_calling_user()
if not username:
logger.error("User not found")
return None, ErrorCodes.USER_NOT_FOUND
if not user_exists(username):
logger.error("User %s does not exist", username)
return None, ErrorCodes.USER_NOT_FOUND
return username, None
def validate_domain_for_user(username, domain):
"""
Validate domain argument and ownership for a user.
Args:
username: The username to check ownership for
domain: The domain to validate
Returns:
tuple: (is_valid, error_code)
is_valid: True if domain is valid and belongs to user
error_code: Error code if validation failed, None otherwise
"""
if not domain:
logger.error("Missing domain argument")
return False, ErrorCodes.MISSING_DOMAIN
is_valid, error_code = validate_domain_ownership(username, domain)
if not is_valid:
logger.error("Domain validation failed: user=%s, domain=%s, error=%s",
username, domain, error_code)
return False, error_code
return True, None
def parse_domains(domain_arg):
"""
Parse comma-separated domain argument into a list of domains.
Args:
domain_arg: Comma-separated domain string (e.g., "domain1.com,domain2.com")
Returns:
list: List of domain names, with whitespace stripped
"""
if not domain_arg:
return []
return [d.strip() for d in domain_arg.split(",") if d.strip()]
def cmd_site_isolation_enable(args):
"""Handle site-isolation-enable command."""
domains = parse_domains(args.domain)
logger.info("site-isolation-enable called: domains=%s", domains)
if not domains:
logger.error("No domains specified")
output_json(json_response(ErrorCodes.MISSING_DOMAIN))
return 1
username, error = get_validated_user()
if error:
output_json(json_response(error))
return 1
if not is_website_isolation_allowed_server_wide():
logger.error("Site isolation not allowed server-wide")
output_json(json_response(ErrorCodes.SITE_ISOLATION_NOT_ALLOWED))
return 1
if not is_website_isolation_allowed_for_user(username):
logger.error("Site isolation not allowed for user %s", username)
output_json(json_response(ErrorCodes.SITE_ISOLATION_NOT_ALLOWED))
return 1
# Validate all domains first
for domain in domains:
is_valid, error = validate_domain_for_user(username, domain)
if not is_valid:
output_json(json_response(error))
return 1
try:
for domain in domains:
enable_website_isolation(username, domain)
enabled_sites = get_websites_with_enabled_isolation(username)
logger.info("Site isolation enabled: user=%s, domains=%s, enabled_sites=%s",
username, domains, enabled_sites)
output_json(json_response("success", enabled_sites))
return 0
except Exception as e:
logger.exception("Failed to enable site isolation: user=%s, domains=%s, error=%s",
username, domains, e)
output_json(json_response(ErrorCodes.INTERNAL_ERROR, message=str(e)))
return 1
def cmd_site_isolation_disable(args):
"""Handle site-isolation-disable command."""
domains = parse_domains(args.domain)
logger.info("site-isolation-disable called: domains=%s", domains)
if not domains:
logger.error("No domains specified")
output_json(json_response(ErrorCodes.MISSING_DOMAIN))
return 1
username, error = get_validated_user()
if error:
output_json(json_response(error))
return 1
# Validate all domains first
for domain in domains:
is_valid, error = validate_domain_for_user(username, domain)
if not is_valid:
output_json(json_response(error))
return 1
try:
for domain in domains:
disable_website_isolation(username, domain)
enabled_sites = get_websites_with_enabled_isolation(username)
logger.info("Site isolation disabled: user=%s, domains=%s, enabled_sites=%s",
username, domains, enabled_sites)
output_json(json_response("success", enabled_sites))
return 0
except Exception as e:
logger.exception("Failed to disable site isolation: user=%s, domains=%s, error=%s",
username, domains, e)
output_json(json_response(ErrorCodes.INTERNAL_ERROR, message=str(e)))
return 1
def cmd_site_isolation_list(args):
"""Handle site-isolation-list command."""
logger.info("site-isolation-list called")
username, error = get_validated_user()
if error:
output_json(json_response(error))
return 1
try:
enabled_sites = get_websites_with_enabled_isolation(username)
logger.info("Site isolation list: user=%s, enabled_sites=%s", username, enabled_sites)
output_json(json_response("success", enabled_sites))
return 0
except Exception as e:
logger.exception("Failed to list site isolation: user=%s, error=%s", username, e)
output_json(json_response(ErrorCodes.INTERNAL_ERROR, message=str(e)))
return 1
def create_parser():
"""Create argument parser for cagefsctl-user."""
parser = argparse.ArgumentParser(
prog="cagefsctl-user",
description="User-level CLI utility for managing website isolation.",
)
subparsers = parser.add_subparsers(
title="commands",
dest="command",
help="Available commands",
)
# site-isolation-enable command
enable_parser = subparsers.add_parser(
"site-isolation-enable",
help="Enable site isolation for domain(s)",
)
enable_parser.add_argument(
"--domain",
required=True,
help="Domain name(s) to enable site isolation for (comma-separated)",
)
enable_parser.set_defaults(func=cmd_site_isolation_enable)
# site-isolation-disable command
disable_parser = subparsers.add_parser(
"site-isolation-disable",
help="Disable site isolation for domain(s)",
)
disable_parser.add_argument(
"--domain",
required=True,
help="Domain name(s) to disable site isolation for (comma-separated)",
)
disable_parser.set_defaults(func=cmd_site_isolation_disable)
# site-isolation-list command
list_parser = subparsers.add_parser(
"site-isolation-list",
help="List domains with site isolation enabled",
)
list_parser.set_defaults(func=cmd_site_isolation_list)
return parser
def main(argv=None):
"""Main entry point."""
parser = create_parser()
args = parser.parse_args(argv)
# Guard: do not allow running as root unless via proxyexec
# When running via proxyexec, PROXYEXEC_UID is set
if os.getuid() == 0 and not is_running_via_proxyexec():
logger.error("Direct root invocation not allowed")
output_json(json_response(ErrorCodes.ROOT_NOT_ALLOWED))
return 1
# If running as user (not root via proxyexec)
if os.getuid() != 0:
if not in_cagefs():
print("This utility is only available inside CageFS.\n"
"Please run it via: cagefs_enter cagefsctl-user <command>",
file=sys.stderr)
return 1
# Inside CageFS - call via proxyexec to get root privileges
if not args.command:
parser.print_help()
return 1
# Build args list for proxyexec
args_list = sys.argv[1:] # Pass all original args
result = call_via_proxyexec(PROXYEXEC_ALIAS, args_list)
if result is None:
output_json(json_response(
ErrorCodes.INTERNAL_ERROR,
message="Failed to execute via proxyexec"
))
return 1
return result
# Running as root via proxyexec - execute the command
if not hasattr(args, "func"):
parser.print_help()
return 1
return args.func(args)
if __name__ == "__main__":
sys.exit(main())