#!/bin/bash ##CageFS proxyexec wrapper - ver 18 if [[ $EUID -eq 0 ]]; then echo 'Cannot be run as root' exit 1 fi USR=`/usr/bin/whoami` CWD=`pwd` TOKEN=`/bin/cat /var/.cagefs/.cagefs.token` # It's user's tmp directory and write to it is secure procedure # because this script is running only under usual user LOCKFILE=/tmp/.crontab.lock # automatically obtain next available fd # previous strategy with `ulimit -n` failed # in environment where limit is very high (e.g. 1073741816) exec {FD}>$LOCKFILE if [[ -e /var/.cagefs/origin ]]; then ORIGIN=`/bin/cat /var/.cagefs/origin` REMOTE="/usr/bin/ssh -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN" else REMOTE="" fi eval "( /usr/bin/flock -x -w 10 $FD || exit 1 echo -n \"\" | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_CHECK $$ ) $FD> $LOCKFILE" [ $? -ne 0 ] && exit 1 eval "( /usr/bin/flock -x -w 10 $FD || exit 1 $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_LIST $$ 2>/dev/null |cat > /var/spool/cron/$USR ) $FD> $LOCKFILE" /usr/bin/crontab.cagefs $@ eval "( /usr/bin/flock -x -w 10 $FD || exit 1 if [ -e /var/spool/cron/$USR ]; then cat /var/spool/cron/$USR | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_SAVE $$ 2>/dev/null else echo -n \"\" | $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock \"$USR\" \"$CWD\" CRONTAB_SAVE $$ 2>/dev/null fi ) $FD>$LOCKFILE"