ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / local / cpanel / scripts

#!/usr/local/cpanel/3rdparty/bin/perl
# cpanel - scripts/check_users_my_cnf               Copyright 2022 cPanel L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cpanel license. Unauthorized copying is prohibited

use strict;
use warnings;

use Cpanel::PwCache::PwEnt ();
use Cpanel::PwCache        ();
use Cpanel::AccessIds      ();
use Getopt::Param          ();

use Cpanel::DBI::Mysql          ();
use Cpanel::MysqlUtils::Running ();

my $prm = Getopt::Param->new(
    {
        'help_coderef' => sub {
            print <<"END_USAGE";
Check users for ~/.my.cnf files that do not work and disable them. By default it only has output when a bad ~/.my.cnf is detected.
  $0 --help       - this screen
  $0 --verbose    - Display verbose information about the user's being checked and ~/.my.cnf status.
  $0 --dryrun     - do not disable an invalid ~/.my.cnf just report the problem
  $0 --user=USERA [--user=USERB} - specify a user (or users by using more than one --user flag) to check instead of checking all users
  $0 --perm-only - Do not test the connectivity, only do the mode and ownership check.

END_USAGE
            exit;
        },
    }
);

my %users;
@users{ $prm->param('user') } = ();

my $hasuser = $prm->param('user')      ? 1 : 0;
my $verbose = $prm->param('verbose')   ? 1 : 0;
my $dryrun  = $prm->param('dryrun')    ? 1 : 0;
my $justprm = $prm->param('perm-only') ? 1 : 0;

_mysql_is_up_or_stop() if !$justprm;

my $root_home = ( Cpanel::PwCache::getpwnam('root') )[7];
my @PW;

Cpanel::PwCache::PwEnt::setpwent();

sub _iterate_pw {    ## no critic qw(ProhibitExcessComplexity)
    while ( @PW = Cpanel::PwCache::PwEnt::getpwent() ) {
        next if $hasuser && !exists $users{ $PW[0] };

print "Starting '$PW[0]' ...\n" if $verbose;
        my $file = "$PW[7]/.my.cnf";
        if ( -e $file ) {

# if ( chdir $PW[7] ) {
            my $check = sub {

# untaint
                my ($_file) = $file =~ m{(.*)};

# check perms before connectivity test since bad perms can prevent connection
                # Warning: World-writable config file '/root/.my.cnf' is ignored
                my ( $mode, $uid, $gid ) = ( stat($_file) )[ 2, 4, 5 ];
                my $perm = sprintf( '%04o', $mode & 07777 );

# ? only check-for and remove world-writableness ?
                # if worldly
                if ( $mode & 0007 ) {
                    my $newmode = $mode & ~007;                          # remove wordlyness
                    my $newperm = sprintf( '%04o', $newmode & 07777 );
                    if ($dryrun) {
                        print "\tLeaving mode at '$perm' as per --dryrun flag.\n";
                    }
                    else {
                        print "\tChanging $_file\'s mode from '$perm' to '$newperm'.\n" if $verbose;
                        chmod( $newmode, $_file ) or print "\tCould not chmod() '$_file' to '$newperm': $!\n";
                    }
                }

if ( $uid != $PW[2] || $gid != $PW[3] ) {
                    warn("Ownership of '$_file' is '$uid:$gid' and it should probably be '$PW[2]:$PW[3]'.");
                }

my $dbh = eval {
                    Cpanel::DBI::Mysql->connect(
                        { mysql_read_default_file => $_file },
                    );
                };

if ($dbh) {
                    print "\tThe file '$_file' is valid.\n" if $verbose;
                    return 1;
                }

print "\tThe file '$_file' is invalid:\n\t\t$@\n";

return;
            };

my $disable = sub {

# untaint
                my ($_file) = $file =~ m{(.*)};

if ($dryrun) {
                    print "\tLeaving file in place as per --dryrun flag.\n";
                }
                else {
                    require Cpanel::Time::ISO;

# TODO: rewrite with auth data commented out
                    my $rename_to = "$_file.$$." . Cpanel::Time::ISO::unix2iso();

if ( rename $_file => $rename_to ) {
                        print "Successfully renamed “$_file” to “$rename_to”.\n";
                    }
                    else {
                        print "\tFailed to rename “$_file” to “$rename_to”: $!\n";
                    }
                }
            };

# for entries like this: operator:x:11:0:operator:/root:/sbin/nologin
            if ( $PW[2] != 0 && $PW[7] eq $root_home ) {
                print "\tnon-root user with root's homedir detected, skipping\n" if $verbose;
            }
            else {
                if ($justprm) {
                    print "\tSkipping connectivity test as per --perm-only flag.\n" if $verbose;
                }
                else {
                    if ( $PW[2] == 0 ) {
                        my $rc = $check->();
                        if ( !$rc ) {
                            _mysql_is_up_or_stop();
                            $disable->();
                        }
                    }
                    else {
                        my $rc = Cpanel::AccessIds::do_as_user( $PW[0], $check );
                        if ( !$rc ) {
                            _mysql_is_up_or_stop();    # detect false positive from when mysql is down, needs run as root
                            Cpanel::AccessIds::do_as_user( $PW[0], $disable );
                        }
                    }
                }
            }

# }
            # else {
            #     print "\tCould not change into directory '$PW[7]': $!\n";
            # }
        }
        else {
            print "\tThe file '$file' does not exist.\n" if $verbose;
        }
        print " ... Done.\n" if $verbose;
    }

return;
}

_iterate_pw();

Cpanel::PwCache::PwEnt::endpwent();

sub _mysql_is_up_or_stop {

die "MySQL is not available.\n" if !Cpanel::MysqlUtils::Running::is_mysql_running();

return;
}

[+] ..
[-] rebuild_whm_chrome [edit]
[-] check_mail_spamassassin_compiledregexps_body_0 [edit]
[-] transfer_accounts_as_root [edit]
[-] cphulkdblacklist [edit]
[-] fixquotas [edit]
[-] archive_sync_zones [edit]
[-] listsubdomains [edit]
[-] suspendmysqlusers [edit]
[-] userdata_wildcard_cleanup [edit]
[-] perlinstaller [edit]
[-] mkwwwacctconf [edit]
[-] realrawchpass [edit]
[-] find_pids_with_inotify_watch_on_path [edit]
[-] update_mysql_systemd_config [edit]
[-] oopscheck [edit]
[-] hackcheck [edit]
[-] spamboxdisable [edit]
[-] check_cpanel_pkgs [edit]
[-] installpkg [edit]
[-] removeacct [edit]
[-] initsuexec [edit]
[-] checkalldomainsmxs [edit]
[-] mainipcheck [edit]
[-] restartsrv_nscd [edit]
[-] cleandns8 [edit]
[-] quickwhoisips [edit]
[-] make_hostname_unowned [edit]
[-] perform_sqlite_auto_rebuild_db_maintenance [edit]
[-] fix_pear_registry [edit]
[-] importmydnsdb [edit]
[-] builddovecotconf [edit]
[-] check_valid_server_hostname [edit]
[-] cphulkdwhitelist [edit]
[-] verify_vhost_includes [edit]
[-] make_config [edit]
[-] compilerscheck [edit]
[-] apachelimits [edit]
[-] restartsrv_unknown [edit]
[-] purge_old_config_caches [edit]
[-] checkbashshell [edit]
[-] cpbackup_transport_file [edit]
[-] check_unmonitored_enabled_services [edit]
[-] wwwacct [edit]
[-] listcheck [edit]
[-] sync_child_accounts [edit]
[-] ensure_includes [edit]
[-] fix_addon_permissions [edit]
[-] update_spamassassin_config [edit]
[-] fixmailinglistperms [edit]
[-] fixwebalizer [edit]
[-] restartsrv_xinetd [edit]
[-] gensysinfo [edit]
[-] buildeximconf [edit]
[-] resetquotas [edit]
[-] restartsrv_base [edit]
[-] disable_sqloptimizer [edit]
[-] configure_rh_ipv6_firewall_for_cpanel [edit]
[-] securerailsapps [edit]
[-] unlink_service_account [edit]
[-] resetmailmanurls [edit]
[-] locale_export [edit]
[-] dovecot_set_defaults.pl [edit]
[-] updatenow [edit]
[-] run_plugin_lifecycle [edit]
[-] set_php_memory_limits [edit]
[-] linksubemailtomainacct [edit]
[-] increase_filesystem_limits [edit]
[-] restartsrv_cpanel_php_fpm [edit]
[-] try-later [edit]
[-] restartsrv [edit]
[-] addpop [edit]
[-] upcp [edit]
[-] export_horde_contacts_to_vcf [edit]
[-] restorecpuserfromcache [edit]
[-] perlmods [edit]
[-] upcp-running [edit]
[-] modify_accounts [edit]
[-] restartsrv_cpanalyticsd [edit]
[-] restartsrv_cpanellogd [edit]
[-] cleansessions [edit]
[-] delpop [edit]
[-] sync_contact_emails_to_cpanel_users_files [edit]
[-] addsystemuser [edit]
[-] migrate_whmtheme_file_to_userdata [edit]
[-] rebuildinstalledssldb [edit]
[-] whoowns [edit]
[-] fix-cpanel-perl [edit]
[-] editquota [edit]
[-] setpostgresconfig [edit]
[-] killpvhost [edit]
[-] check_users_my_cnf [edit]
[-] check_domain_tls_service_domains.pl [edit]
[-] restorepkg [edit]
[-] cpdig [edit]
[-] maintenance [edit]
[-] securetmp [edit]
[-] restartsrv_clamd [edit]
[-] expunge_expired_certificates_from_sslstorage [edit]
[-] updatenameserverips [edit]
[-] runstatsonce [edit]
[-] restartsrv_pdns [edit]
[-] unsuspendmysqlusers [edit]
[-] named.rfc1912.zones [edit]
[-] update_dkim_keys [edit]
[-] restartsrv_tailwatchd [edit]
[-] restartsrv_cpipv6 [edit]
[-] realadduser [edit]
[-] rebuildippool [edit]
[-] dav_change_hostname [edit]
[-] restartsrv_ftpd [edit]
[-] rpmup [edit]
[-] post_snapshot [edit]
[-] gencrt [edit]
[-] xferpoint [edit]
[-] convert_and_migrate_from_legacy_backup [edit]
[-] transfermysqlusers [edit]
[-] unslavenamedconf [edit]
[-] comparecdb [edit]
[-] email_hold_maintenance [edit]
[-] userdirctl [edit]
[-] install_dovecot_fts [edit]
[-] grpck [edit]
[-] ensure_hostname_resolves [edit]
[-] set_mailman_archive_perms [edit]
[-] check_cpanel_rpms [edit]
[-] sshcontrol [edit]
[-] check_security_advice_changes [edit]
[-] fastmail [edit]
[-] fixnamedviews [edit]
[+] cpan_sandbox
[-] eximstats_spam_check [edit]
[-] updatessldomains [edit]
[-] restartsrv_ftpserver [edit]
[-] post_sync_cleanup [edit]
[-] restartsrv_rsyslog [edit]
[-] proxydomains [edit]
[-] patch_mail_spamassassin_compiledregexps_body_0 [edit]
[-] convert_accesshash_to_token [edit]
[-] nixstatsagent.sh [edit]
[-] restartsrv_exim [edit]
[-] check_mount_procfs [edit]
[-] rebuildnsdzones [edit]
[-] killspamkeys [edit]
[-] ckillall [edit]
[-] check_maxmem_against_domains_count [edit]
[-] pwck [edit]
[-] uninstall_cpanel_analytics [edit]
[-] cpservice [edit]
[-] remote_log_transfer [edit]
[-] initquotas [edit]
[-] wwwacct2 [edit]
[-] refresh-dkim-validity-cache [edit]
[-] spamassassindisable [edit]
[-] rsync-user-homedir.pl [edit]
[-] dnscluster [edit]
[-] convert2dovecot [edit]
[-] installpostgres [edit]
[-] copy_user_mail_as_root [edit]
[-] rebuild_provider_openid_connect_links_db [edit]
[-] fixrndc [edit]
[-] restartsrv_sshd [edit]
[-] enable_spf_dkim_globally [edit]
[-] restartsrv_syslogd [edit]
[-] killdns [edit]
[-] dcpumon-wrapper [edit]
[-] dumpstor [edit]
[-] ptycheck [edit]
[-] initfpsuexec [edit]
[-] updatesigningkey [edit]
[-] update_local_rpm_versions [edit]
[-] expunge_expired_transfer_sessions [edit]
[-] find_outdated_services [edit]
[-] ipusage [edit]
[-] check_unreliable_resolvers [edit]
[-] restartsrv_pop3 [edit]
[-] restartsrv_postgresql [edit]
[-] restartsrv_dnsadmin [edit]
[-] vps_optimizer [edit]
[-] email_archive_maintenance [edit]
[-] ensure_crontab_permissions [edit]
[-] buildhttpdconf [edit]
[-] cpanpingtest [edit]
[-] build_mail_sni [edit]
[-] get_locale_from_legacy_name_info [edit]
[-] fixrelayd [edit]
[-] gemwrapper [edit]
[-] snapshot_prep [edit]
[-] restartsrv_p0f [edit]
[-] test_sa_compiled [edit]
[-] gather_update_logs_setupcrontab [edit]
[-] installsqlite3 [edit]
[-] autorepair [edit]
[-] featuremod [edit]
[-] vzzo-fixer [edit]
[-] mysqlpasswd [edit]
[-] ssl_crt_status [edit]
[-] mailperm [edit]
[-] restartsrv_named [edit]
[-] build_bandwidthdb_root_cache_in_background [edit]
[-] backups_clean_metadata_for_missing_backups [edit]
[-] realperlinstaller [edit]
[-] update-packages [edit]
[-] ftpfetch [edit]
[-] ftpsfetch [edit]
[-] import_exim_data [edit]
[-] restartsrv_cphulkd [edit]
[-] unsuspendacct [edit]
[-] setup_greylist_db [edit]
[-] setupmailserver [edit]
[-] maildir_converter [edit]
[-] fixtar [edit]
[-] cleanphpsessions.php [edit]
[-] restartsrv_lmtp [edit]
[-] getremotecpmove [edit]
[-] biglogcheck [edit]
[-] chkpaths [edit]
[-] litespeed-check [edit]
[-] quota_auto_fix [edit]
[-] generate_account_suspension_include [edit]
[-] fixvaliases [edit]
[-] checknsddirs [edit]
[-] synctransfers [edit]
[-] upgrade_bandwidth_dbs [edit]
[-] phpini_tidy [edit]
[-] cleanupmysqlprivs [edit]
[-] restartsrv_imap [edit]
[-] killdns-dnsadmin [edit]
[-] ccs-check [edit]
[-] spamassassin_dbm_cleaner [edit]
[-] process_pending_cpanel_php_pear_registration [edit]
[-] setup_modsec_db [edit]
[-] restartsrv_cpsrvd [edit]
[-] enable_sqloptimizer [edit]
[-] slurp_exim_mainlog [edit]
[-] balance_linked_node_quotas [edit]
[-] smartcheck [edit]
[-] smtpmailgidonly [edit]
[-] notify_expiring_certificates [edit]
[-] pedquota [edit]
[-] syslog_check [edit]
[-] killmysqlwildcard [edit]
[-] fetchfile [edit]
[-] setup_systemd_timer_for_plugins [edit]
[-] postupcp [edit]
[-] mailscannerupdate [edit]
[-] MirrorSearch_pingtest [edit]
[-] cpbackup [edit]
[-] named.ca [edit]
[-] build_cpnat [edit]
[-] cpanelsync [edit]
[-] mysqlconnectioncheck [edit]
[-] ensure_dovecot_memory_limits_meet_minimum [edit]
[-] checkccompiler [edit]
[-] zoneexists [edit]
[-] fixheaders [edit]
[-] validate_sshkey_passphrase [edit]
[-] rawchpass [edit]
[-] compilers [edit]
[-] update_exim_rejects [edit]
[+] php_sandbox
[-] restartsrv_crond [edit]
[-] cpaddonsup [edit]
[-] create_default_featurelist [edit]
[-] rebuild_dbmap [edit]
[-] restartsrv_mysql [edit]
[-] servicedomains [edit]
[-] dnsqueuecron [edit]
[-] build_maxemails_config [edit]
[-] install_plugin [edit]
[-] expunge_expired_pkgacct_sessions [edit]
[-] cleanupinterchange [edit]
[-] manage_extra_marketing [edit]
[-] find_and_fix_rpm_issues [edit]
[-] rebuild_available_rpm_addons_cache [edit]
[-] httpspamdetect [edit]
[-] restartsrv_apache [edit]
[-] restartsrv_mydns [edit]
[-] convert_whmxfer_to_sqlite [edit]
[-] jetbackup-check [edit]
[-] dumpcdb [edit]
[-] clear_cpaddon_ui_caches [edit]
[-] update_users_vhosts [edit]
[-] rebuildhttpdconf [edit]
[-] generate_maildirsize [edit]
[-] modify_packages [edit]
[-] checkusers [edit]
[-] generate_google_drive_oauth_uri [edit]
[-] fix-listen-on-localhost [edit]
[-] exportmydnsdb [edit]
[-] update_apachectl [edit]
[-] fixndc [edit]
[-] sendicq [edit]
[-] restartsrv_nsd [edit]
[-] restartsrv_apache_php_fpm [edit]
[-] cleanphpsessions [edit]
[-] clear_orphaned_virtfs_mounts [edit]
[-] check_immutable_files [edit]
[-] rebuild_available_addons_packages_cache [edit]
[-] restartsrv_queueprocd [edit]
[-] updateuserdomains [edit]
[-] clean_dead_mailman_locks [edit]
[-] magicloader [edit]
[-] restartsrv_bind [edit]
[-] update_existing_mail_quotas_for_account [edit]
[-] ensure_autoenabled_features [edit]
[-] fix_dns_zone_ttls [edit]
[-] unblockip [edit]
[-] dovecot_maintenance [edit]
[-] reset_mail_quotas_to_sane_values [edit]
[-] cpfetch [edit]
[-] restartsrv_ipaliases [edit]
[-] convert_mdbox_to_maildir [edit]
[-] cpuser_service_manager [edit]
[-] exim_tidydb [edit]
[-] upcp.static [edit]
[-] restartsrv_rsyslogd [edit]
[-] locale_info [edit]
[-] convert_roundcube_mysql2sqlite [edit]
[-] transfer_in_progress.pod [edit]
[-] modsec_vendor [edit]
[-] backups_list_user_files [edit]
[-] upgrade_subaccount_databases [edit]
[-] sysup [edit]
[-] synccpaddonswithsqlhost [edit]
[-] simpleps [edit]
[-] update_sa_config [edit]
[-] restartsrv_cpdavd [edit]
[-] enablefileprotect [edit]
[-] restartsrv_spamd [edit]
[-] distro_changed_hook [edit]
[-] install_cpanel_analytics [edit]
[-] restartsrv_inetd [edit]
[-] run_if_exists [edit]
[-] convert_to_dovecot_delivery [edit]
[-] clean_up_temp_wheel_users [edit]
[-] fix_reseller_acls [edit]
[-] update_mailman_cache [edit]
[-] killmysqluserprivs [edit]
[-] restartsrv_dovecot [edit]
[-] transfer_account_as_user [edit]
[-] restartsrv_proftpd [edit]
[-] generate_google_drive_credentials [edit]
[-] hook [edit]
[-] clean_user_php_sessions [edit]
[-] restartsrv_pureftpd [edit]
[-] wpt_license [edit]
[-] logo.dat [edit]
[-] isdedicatedip [edit]
[-] dumpinodes [edit]
[-] ftpupdate [edit]
[-] rdate [edit]
[-] backups_create_metadata [edit]
[-] link_3rdparty_binaries [edit]
[-] check_mysql [edit]
[-] checkexim.pl [edit]
[-] quickdnslookup [edit]
[-] updatenow.static [edit]
[-] transfer_in_progress [edit]
[-] runweblogs [edit]
[-] unpkgacct [edit]
[-] cpanelsync_postprocessor [edit]
[-] xfer_rcube_uid_resolver.pl [edit]
[-] export_horde_calendars_to_ics [edit]
[-] update_users_jail [edit]
[-] fixetchosts [edit]
[-] hulk-unban-ip [edit]
[-] custom_backup_destination.pl.sample [edit]
[-] restartsrv_mailman [edit]
[-] checklink [edit]
[-] add_dns [edit]
[-] fixtlsversions [edit]
[-] realchpass [edit]
[-] quotacheck [edit]
[-] copy_user_mail_as_user [edit]
[-] cleandns [edit]
[-] restartsrv_postgres [edit]
[-] rebuilduserssldb [edit]
[-] update_neighbor_netblocks [edit]
[-] disablefileprotect [edit]
[-] restartsrv_httpd [edit]
[-] uninstall_plugin [edit]
[-] buildnsdconf [edit]
[-] gather_update_log_stats [edit]
[-] rfc1912_zones.tar [edit]
[-] xfertool [edit]
[-] pkgacct [edit]
[-] edit_cpanelsync_exclude_list [edit]
[-] dnssec-cluster-keys [edit]
[-] chkmydns [edit]
[-] remove_dovecot_index_files [edit]
[-] ea4_fresh_install [edit]
[-] setupnameserver [edit]
[-] manage_mysql_profiles [edit]
[-] swapip [edit]
[-] process_site_templates [edit]
[-] verify_api_spec_files [edit]
[-] restartsrv_powerdns [edit]
[-] regenerate_tokens [edit]
[-] notify_expiring_certificates_on_linked_nodes [edit]
[-] adduser [edit]
[-] restartsrv_eximstats [edit]
[-] migrate_local_ini_to_php_ini [edit]
[-] safetybits.pl [edit]
[-] initacls [edit]
[-] chpass [edit]
[-] cpanel_initial_install [edit]
[-] cpuser_port_authority [edit]
[-] manage_greylisting [edit]
[-] patchfdsetsize [edit]
[-] cleanmsglog [edit]
[-] suspendacct [edit]
[-] install_tuxcare_els_php [edit]
[-] fixmailman [edit]
[-] secureit [edit]
[-] optimize_eximstats [edit]
[-] ipcheck [edit]
[-] disable_prelink [edit]
[-] cpan_config [edit]
[-] rebuilddnsconfig [edit]
[-] ensure_cpuser_file_ip [edit]
[-] securemysql [edit]
[-] ensure_conf_dir_crt_key [edit]
[-] configure_firewall_for_cpanel [edit]
[-] setupftpserver [edit]
[-] eximconfgen [edit]
[-] custom_backup_destination.pl.skeleton [edit]
[-] convert_maildir_to_mdbox [edit]
[-] rebuild_bandwidthdb_root_cache [edit]
[-] elevate-cpanel [edit]
[-] fix-web-vhost-configuration [edit]
[-] primary_virtual_host_migration [edit]
[-] ensure_vhost_includes [edit]
[-] purge_modsec_log [edit]
[-] restartsrv_cpgreylistd [edit]
[-] sync-mysql-users-from-grants [edit]
[-] update_known_proxy_ips [edit]
[-] activesync-invite-reply [edit]
[-] rescan_user_dovecot_fts [edit]
[-] sa-update_wrapper [edit]
[-] adddns [edit]
[-] whmlogin [edit]
[-] php_fpm_config [edit]
[-] shrink_modsec_ip_database [edit]
[-] updatedomainips [edit]
[-] restartsrv_chkservd [edit]
[-] auto-adjust-mysql-limits [edit]
[-] configure_rh_firewall_for_cpanel [edit]
[-] updateuserdatacache [edit]
[-] update_db_cache [edit]
[-] detect_env_capabilities [edit]
[-] locale_import [edit]
[-] modify_featurelist [edit]
[-] fix_innodb_tables [edit]
[-] postupcp.cloudlinux-linksafe.bak [edit]
[-] createacct [edit]
[-] migrate-pdns-conf [edit]
[-] ftpquotacheck [edit]
[-] updatesupportauthorizations [edit]
[-] reloadnsd [edit]
[-] cleanquotas [edit]
[-] dumpquotas [edit]
[-] forcelocaldomain [edit]
[-] uninstall_dovecot_fts [edit]
[-] buildpureftproot [edit]
[-] verify_pidfile [edit]
[-] xfer_rcube_schema_migrate.pl [edit]