　晋太元中，武陵人捕鱼为业。缘溪行，忘路之远近。忽逢桃花林，夹岸数百步，中无杂树，芳草鲜美，落英缤纷。渔人甚异之，复前行，欲穷其林。　　林尽水源，便得一山，山有小口，仿佛若有光。便舍船，从口入。初极狭，才通人。复行数十步，豁然开朗。土地平旷，屋舍俨然，有良田、美池、桑竹之属。阡陌交通，鸡犬相闻。其中往来种作，男女衣着，悉如外人。黄发垂髫，并怡然自乐。　　见渔人，乃大惊，问所从来。具答之。便要还家，设酒杀鸡作食。村中闻有此人，咸来问讯。自云先世避秦时乱，率妻子邑人来此绝境，不复出焉，遂与外人间隔。问今是何世，乃不知有汉，无论魏晋。此人一一为具言所闻，皆叹惋。余人各复延至其家，皆出酒食。停数日，辞去。此中人语云：“不足为外人道也。”(间隔一作：隔绝) 　　既出，得其船，便扶向路，处处志之。及郡下，诣太守，说如此。太守即遣人随其往，寻向所志，遂迷，不复得路。　　南阳刘子骥，高尚士也，闻之，欣然规往。未果，寻病终。后遂无问津者。 sh-3ll

HOME

sh-3ll 1.0

DIR:/opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/webisolation/

Current File : //opt/cloudlinux/venv/lib64/python3.11/site-packages/clcagefslib/webisolation/admin_config.py

# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
"""
Admin-level configuration for website isolation.

Stores path constants for global feature flags and per-user mode
directories, and provides helpers that implement the CageFS-style
per-user directory layout:

    <basedir>/<prefix>/<username>

where *prefix* is ``uid % 100`` zero-padded to two digits and each user
entry is an empty marker file.

Directory permissions: ``0o751`` (``drwxr-x--x``).
File permissions:      ``0o644`` (``-rw-r--r--``).
"""
import os

from ..fs import get_user_prefix

WEBSITE_ISOLATION_MARKER = "/opt/cloudlinux/flags/enabled-flags.d/website-isolation.flag"
WEBSITE_ISOLATION_AVAILABLE_MARKER = (
    "/opt/cloudlinux/flags/available-flags.d/website-isolation.flag"
)

# Per-user mode directories (CageFS-style layout):
#   <dir>/<prefix>/<username>  (empty marker file, prefix = uid % 100)
# In "Allow All" mode this directory exists and contains denied users (exceptions).
ISOLATION_DENIED_DIR = "/etc/cagefs/site-isolation.users.denied"
# In "Deny All" mode this directory exists and contains allowed users (exceptions).
ISOLATION_ALLOWED_DIR = "/etc/cagefs/site-isolation.users.allowed"

DIR_MODE = 0o751    # drwxr-x--x  (matches CageFS convention)
FILE_MODE = 0o644   # -rw-r--r--


def user_in_dir(dirpath: str, username: str) -> bool:
    """Check whether *username* has a marker file inside *dirpath*."""
    prefix = get_user_prefix(username)
    return os.path.isfile(os.path.join(dirpath, prefix, username))


def add_user_to_dir(dirpath: str, username: str) -> None:
    """Create an empty marker file for *username* inside *dirpath*."""
    prefix = get_user_prefix(username)
    prefix_dir = os.path.join(dirpath, prefix)
    os.makedirs(prefix_dir, mode=DIR_MODE, exist_ok=True)
    filepath = os.path.join(prefix_dir, username)
    open(filepath, "w").close()
    os.chmod(filepath, FILE_MODE)


def remove_user_from_dir(dirpath: str, username: str) -> None:
    """Remove the marker file for *username* inside *dirpath*.

    Also cleans up the now-empty prefix sub-directory, if applicable.
    """
    prefix = get_user_prefix(username)
    filepath = os.path.join(dirpath, prefix, username)
    try:
        os.remove(filepath)
    except (IOError, OSError):
        pass

    # Remove empty prefix directory
    prefix_dir = os.path.join(dirpath, prefix)
    try:
        os.rmdir(prefix_dir)
    except (IOError, OSError):
        pass


def list_users_in_dir(dirpath: str) -> set[str]:
    """Return the set of usernames that have marker files inside *dirpath*."""
    users: set[str] = set()
    try:
        for entry in os.listdir(dirpath):
            prefix_path = os.path.join(dirpath, entry)
            if not os.path.isdir(prefix_path):
                continue
            for username in os.listdir(prefix_path):
                if os.path.isfile(os.path.join(prefix_path, username)):
                    users.add(username)
    except (FileNotFoundError, OSError):
        pass
    return users