File: //opt/cloudlinux/venv/lib64/python3.11/site-packages/xray/create_user_uid_dirs.py
# -*- coding: utf-8 -*-
# Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2025 All Rights Reserved
#
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENSE.TXT
import os
from clcommon.cpapi import cpusers
from clcommon.clpwd import ClPwd
def create_user_uid_dirs():
"""
Create /usr/share/alt-php-xray-tasks/{uid} directories for all users.
The {uid} directory itself stays root-owned (0755) because it holds
root-written task files the C extension reads. A {uid}/log/ subdirectory
is created owned by the user (mode 0700) so the PHP worker, which runs as
that uid, can write xray.to_file trace dumps there while no other local
user can read or pre-create them.
:return: None
"""
for username in cpusers():
try:
uid = ClPwd().get_uid(username)
base_dir = f"/usr/share/alt-php-xray-tasks/{uid}"
os.makedirs(base_dir, 0o755, exist_ok=True)
_create_user_log_dir(base_dir, uid)
except ClPwd.NoSuchUserException:
print(f"ERROR: No such user {username}")
except Exception as e:
print(f"Error processing user {username}: {e}")
def _create_user_log_dir(base_dir, uid):
"""
Create base_dir/log owned by uid with mode 0700 (idempotent).
makedirs' mode is masked by umask and is not applied to an already
existing directory, so chmod/chown are issued explicitly to enforce the
intended ownership and permissions on every run. The group is left
unchanged (root) -- mode 0700 makes the group irrelevant.
"""
log_dir = os.path.join(base_dir, "log")
os.makedirs(log_dir, 0o700, exist_ok=True)
os.chown(log_dir, uid, -1)
os.chmod(log_dir, 0o700)