| Server IP : 213.136.93.164 / Your IP : 216.73.216.20 Web Server : Apache System : Linux m14200.contabo.net 5.14.0-611.54.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Wed May 6 18:03:03 EDT 2026 x86_64 User : ki692510 ( 1047) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/webisolation/crontab/ |
Upload File : |
# -*- coding: utf-8 -*-
#
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT
#
"""Utility functions for crontab operations."""
import os
import pwd
from clcommon.cpapi import userdomains
from .constants import DOCUMENT_ROOT_ENV
def get_document_root() -> str | None:
"""
Get the document root from environment variable.
When PROXYEXEC_DOCUMENT_ROOT is set, validate that it is one of the
calling user's real document roots — defence in depth against a user
invoking the wrapper directly with a forged value.
Returns:
Optional[str]: The document root path if PROXYEXEC_DOCUMENT_ROOT is set,
None otherwise.
Raises:
ValueError: If PROXYEXEC_DOCUMENT_ROOT is set but does not appear in
the calling user's docroot list.
"""
document_root = os.environ.get(DOCUMENT_ROOT_ENV)
if document_root is None:
return None
# normally this logic is called under user
uid = os.getuid()
if uid == 0:
return document_root
username = pwd.getpwuid(uid).pw_name
user_docroots = {docroot for _, docroot in userdomains(username)}
if document_root not in user_docroots:
raise ValueError(
f"Document root path {document_root!r} is not found for user"
)
return document_root