From 8d7bac70c92cb70713afcaa7aba633fea3b1d17d Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Mon, 25 Oct 2021 21:45:49 -0700 Subject: [PATCH] email_server: Setup /var/mail, drop home setup view Creating home directories is no longer necessary. We store all mail in /var/mail and don't allow use of direct access to mail folder. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/email_server/__init__.py | 9 +-- plinth/modules/email_server/audit/home.py | 76 ++++--------------- .../email_server/templates/email_server.html | 4 - .../email_server/templates/my_mail.html | 30 -------- plinth/modules/email_server/urls.py | 2 - plinth/modules/email_server/views.py | 14 ---- 6 files changed, 15 insertions(+), 120 deletions(-) delete mode 100644 plinth/modules/email_server/templates/my_mail.html diff --git a/plinth/modules/email_server/__init__.py b/plinth/modules/email_server/__init__.py index 8926ea019..150d4cdb8 100644 --- a/plinth/modules/email_server/__init__.py +++ b/plinth/modules/email_server/__init__.py @@ -3,7 +3,6 @@ import logging -from django.urls import reverse_lazy from django.utils.translation import gettext_lazy as _ import plinth.app @@ -112,13 +111,6 @@ class EmailServerApp(plinth.app.App): parent_url_name='apps') self.add(menu_item) - shortcut = plinth.frontpage.Shortcut( - 'shortcut_' + self.app_id, name=info.name, - short_description=info.short_description, icon='roundcube', - url=reverse_lazy('email_server:my_mail'), clients=manifest.clients, - login_required=True) - self.add(shortcut) - def _add_daemons(self): for srvname in managed_services: # Construct `listen_ports` parameter for the daemon @@ -170,6 +162,7 @@ def setup(helper, old_version=None): helper.install(packages_bloat, skip_recommends=True) # Setup + helper.call('post', audit.home.repair) helper.call('post', audit.domain.repair) helper.call('post', audit.ldap.repair) helper.call('post', audit.spam.repair) diff --git a/plinth/modules/email_server/audit/home.py b/plinth/modules/email_server/audit/home.py index 161ba325a..dae22f6fc 100644 --- a/plinth/modules/email_server/audit/home.py +++ b/plinth/modules/email_server/audit/home.py @@ -1,70 +1,22 @@ # SPDX-License-Identifier: AGPL-3.0-or-later +"""Privileged actions to setup users' dovecot mail home directory.""" -import logging -import os -import pwd import subprocess -from django.core.exceptions import ValidationError -from django.utils.translation import gettext_lazy as _ - -from plinth.actions import superuser_run -from plinth.errors import ActionError -from plinth.modules.email_server import interproc - -logger = logging.getLogger(__name__) +from plinth import actions -def exists_nam(username): - """Returns True if the user's home directory exists""" - try: - passwd = pwd.getpwnam(username) - except KeyError as e: - raise ValidationError(_('User does not exist')) from e - return _exists(passwd) +def repair(): + """Set correct permissions on /var/mail/ directory. + + For each user, /var/mail/ is the 'dovecot mail home' for that user. + Dovecot creates new directories with the same permissions as the parent + directory. Ensure that 'others' can access /var/mail/. + + """ + actions.superuser_run('email_server', ['home', 'set_up']) -def exists_uid(uid_number): - """Returns True if the user's home directory exists""" - try: - passwd = pwd.getpwuid(uid_number) - except KeyError as e: - raise ValidationError(_('User does not exist')) from e - return _exists(passwd) - - -def _exists(passwd): - return os.path.exists(passwd.pw_dir) - - -def put_nam(username): - """Create a home directory for the user (identified by username)""" - _put('nam', username) - - -def put_uid(uid_number): - """Create a home directory for the user (identified by UID)""" - _put('uid', str(uid_number)) - - -def _put(arg_type, user_info): - try: - superuser_run('email_server', ['home', 'mk', arg_type, user_info]) - except ActionError as e: - raise RuntimeError('Action script failure') from e - - -def action_mk(arg_type, user_info): - if arg_type == 'nam': - passwd = pwd.getpwnam(user_info) - elif arg_type == 'uid': - passwd = pwd.getpwuid(int(user_info)) - else: - raise ValueError('Unknown arg_type') - - args = ['sudo', '-n', '--user=#' + str(passwd.pw_uid)] - args.extend(['/bin/sh', '-c', 'mkdir -p ~']) - completed = subprocess.run(args, capture_output=True, check=False) - if completed.returncode != 0: - interproc.log_subprocess(completed) - raise OSError('Could not create home directory') +def action_set_up(): + """Run chmod on /var/mail to remove all permissions for 'others'.""" + subprocess.run(['chmod', 'o-rwx', '/var/mail'], check=True) diff --git a/plinth/modules/email_server/templates/email_server.html b/plinth/modules/email_server/templates/email_server.html index 0083d1a1a..9635bbca3 100644 --- a/plinth/modules/email_server/templates/email_server.html +++ b/plinth/modules/email_server/templates/email_server.html @@ -19,10 +19,6 @@ {% trans "Manage Spam" %} - - {% trans "Setup My Home" %} - {% trans "Manage Aliases" %} diff --git a/plinth/modules/email_server/templates/my_mail.html b/plinth/modules/email_server/templates/my_mail.html deleted file mode 100644 index c8974aaa5..000000000 --- a/plinth/modules/email_server/templates/my_mail.html +++ /dev/null @@ -1,30 +0,0 @@ -{% extends "base.html" %} -{% comment %} -# SPDX-License-Identifier: AGPL-3.0-or-later -{% endcomment %} - -{% load i18n %} - -{% block content %} - -

Setup My Home

- - {% if not has_homedir %} -

- {% trans "You do not have a home directory." %} - - {% trans "Create one to begin receiving emails." %} - -

- -
- {% csrf_token %} - -
- {% else %} -

{% trans "Your home directory is ready to receive emails." %}

- {% endif %} - -{% endblock %} diff --git a/plinth/modules/email_server/urls.py b/plinth/modules/email_server/urls.py index 3c29b382a..2109efd42 100644 --- a/plinth/modules/email_server/urls.py +++ b/plinth/modules/email_server/urls.py @@ -10,8 +10,6 @@ urlpatterns = [ path('apps/email_server/', views.EmailServerView.as_view(), name='index'), path('apps/email_server/domains', views.DomainsView.as_view(), name='domains'), - path('apps/email_server/my_mail', - non_admin_view(views.MyMailView.as_view()), name='my_mail'), path('apps/email_server/my_aliases', non_admin_view(views.AliasView.as_view()), name='aliases'), path('apps/email_server/config.xml', public(views.XmlView.as_view())), diff --git a/plinth/modules/email_server/views.py b/plinth/modules/email_server/views.py index d86ea2925..98aa33b89 100644 --- a/plinth/modules/email_server/views.py +++ b/plinth/modules/email_server/views.py @@ -99,20 +99,6 @@ class EmailServerView(ExceptionsMixin, AppView): plinth.actions.superuser_run('service', ['reload', service]) -class MyMailView(TemplateView): - template_name = 'my_mail.html' - - def get_context_data(self, *args, **kwargs): - context = super().get_context_data(*args, **kwargs) - nam = self.request.user.username - context['has_homedir'] = audit.home.exists_nam(nam) - return context - - def post(self, request): - audit.home.put_nam(request.user.username) - return self.render_to_response(self.get_context_data()) - - class AliasView(FormView): """View to create, list, enable, disable and delete aliases.