#!/usr/bin/python
#coding: utf-8
# -------------------------------------------------------------------
# YakPanel
# -------------------------------------------------------------------
# Copyright (c) 2015-2099 YakPanel(www.yakpanel.com) All rights reserved.
# -------------------------------------------------------------------
# Author: hwliang <hwl@yakpanel.com>
# -------------------------------------------------------------------

# -------------------------------------------------------------------
# 检测关键目录权限是否正确
# -------------------------------------------------------------------


import os,sys,re,public

_title = 'System directory permissions'
_version = 1.0                              # 版本
_ps = "Checks if the System directory permissions are correct"              # 描述
_level = 0                                  # 风险级别： 1.提示(低)  2.警告(中)  3.危险(高)
_date = '2020-08-05'                        # 最后更新时间
_ignore = os.path.exists("data/warning/ignore/sw_dir_mode.pl")
_tips = [
    "On the [ File ] page, set the correct permissions and owner for the specified directory or file",
    "Note 1: When setting directory permissions through the [File] page, please cancel the [Apply to subdirectories] option",
    "Note 2: Incorrect file permissions not only pose a security risk, but also may cause some software on the server to fail to work properly"
    ]

_help = ''


def check_run():
    '''
        @name 开始检测
        @author hwliang<2020-08-05>
        @return tuple (status<bool>,msg<string>)
    '''
    dir_list = [
        ['/usr',755,'root'],
        ['/usr/bin',555,'root'],
        ['/usr/sbin',555,'root'],
        ['/usr/lib',555,'root'],
        ['/usr/lib64',555,'root'],
        ['/usr/local',755,'root'],
        ['/etc',755,'root'],
        ['/etc/passwd',644,'root'],
        ['/etc/shadow',600,'root'],
        ['/etc/gshadow',600,'root'],
        ['/etc/cron.deny',600,'root'],
        ['/etc/anacrontab',600,'root'],
        ['/var',755,'root'],
        ['/var/spool',755,'root'],
        ['/var/spool/cron',700,'root'],
        ['/var/spool/cron/root',600,'root'],
        ['/var/spool/cron/crontabs/root',600,'root'],
        ['/www',755,'root'],
        ['/www/server',755,'root'],
        ['/www/wwwroot',755,'root'],
        ['/root',550,'root'],
        ['/mnt',755,'root'],
        ['/home',755,'root'],
        ['/dev',755,'root'],
        ['/opt',755,'root'],
        ['/sys',555,'root'],
        ['/run',755,'root'],
        ['/tmp',777,'root']
    ]

    not_mode_list = []
    # for d in dir_list:
    #     if not os.path.exists(d[0]): continue
    #     u_mode = public.get_mode_and_user(d[0])
    #     if u_mode['user'] != d[2]:
    #         not_mode_list.append("{} 当前权限: {} : {} 安全权限: {} : {}".format(d[0],u_mode['mode'],u_mode['user'],d[1],d[2]))
    #     if int(u_mode['mode']) != d[1]:
    #         not_mode_list.append("{} 当前权限: {} : {} 安全权限: {} : {}".format(d[0],u_mode['mode'],u_mode['user'],d[1],d[2]))
    
    # if not_mode_list:
    #     return False,'以下关键文件或目录权限错误: <br />' + ("<br />".join(not_mode_list))

    return True,'Risk-free'