Linux-Server-Management-Too…/lib/system-authentication.sh

#!/bin/bash

#############################################################################
# System Authentication - User, group, and auth file paths
# Provides standard paths for /etc/passwd, /etc/shadow, sudoers, and user/group IDs
# Must be sourced AFTER lib/system-detect.sh has set SYS_* variables
#############################################################################

# Source guard
if [ -n "${_SYSTEM_AUTHENTICATION_LOADED:-}" ]; then
    return 0
fi
readonly _SYSTEM_AUTHENTICATION_LOADED=1

#############################################################################
# SYSTEM AUTHENTICATION FILES
#############################################################################

derive_system_auth_files() {
    # Standard system auth files (same on all Linux systems)
    export SYS_AUTH_PASSWD_FILE="/etc/passwd"
    export SYS_AUTH_SHADOW_FILE="/etc/shadow"
    export SYS_AUTH_GROUP_FILE="/etc/group"
    export SYS_AUTH_GSHADOW_FILE="/etc/gshadow"
    export SYS_AUTH_SUDOERS_FILE="/etc/sudoers"
    export SYS_AUTH_SUDOERS_DIR="/etc/sudoers.d"

    # PAM and authentication
    export SYS_AUTH_PAM_DIR="/etc/pam.d"
    export SYS_AUTH_SSH_CONFIG="/etc/ssh/sshd_config"
    export SYS_AUTH_HOSTS_ALLOW="/etc/hosts.allow"
    export SYS_AUTH_HOSTS_DENY="/etc/hosts.deny"

    # Cron and scheduled tasks
    export SYS_AUTH_CRONTAB_DIR="/var/spool/cron"
    if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then
        export SYS_AUTH_CRONTAB_DIR="/var/spool/cron/crontabs"
    fi
    export SYS_LOG_CRON="/var/log/cron"
    if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then
        export SYS_LOG_CRON="/var/log/syslog"  # Debian/Ubuntu cron logs go to syslog
    fi
}

#############################################################################
# WEB SERVER USER & GROUP IDS
#############################################################################

derive_web_server_ids() {
    case "$SYS_WEB_SERVER" in
        apache|httpd)
            if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then
                export SYS_WEB_UID=$(id -u www-data 2>/dev/null || echo "33")
                export SYS_WEB_GID=$(id -g www-data 2>/dev/null || echo "33")
            else
                export SYS_WEB_UID=$(id -u apache 2>/dev/null || echo "48")
                export SYS_WEB_GID=$(id -g apache 2>/dev/null || echo "48")
            fi
            ;;
        nginx)
            export SYS_WEB_UID=$(id -u nginx 2>/dev/null || echo "998")
            export SYS_WEB_GID=$(id -g nginx 2>/dev/null || echo "998")
            ;;
        litespeed|openlitespeed)
            export SYS_WEB_UID=$(id -u nobody 2>/dev/null || echo "65534")
            export SYS_WEB_GID=$(id -g nobody 2>/dev/null || echo "65534")
            ;;
        *)
            export SYS_WEB_UID=""
            export SYS_WEB_GID=""
            ;;
    esac
}

#############################################################################
# DATABASE USER & GROUP IDS
#############################################################################

derive_database_user_ids() {
    case "$SYS_DB_TYPE" in
        mysql)
            export SYS_DB_UID=$(id -u mysql 2>/dev/null || echo "986")
            export SYS_DB_GID=$(id -g mysql 2>/dev/null || echo "986")
            ;;
        postgresql)
            export SYS_DB_UID=$(id -u postgres 2>/dev/null || echo "999")
            export SYS_DB_GID=$(id -g postgres 2>/dev/null || echo "999")
            ;;
        *)
            export SYS_DB_UID=""
            export SYS_DB_GID=""
            ;;
    esac
}

#############################################################################
# MAIL SYSTEM USER & GROUP IDS
#############################################################################

derive_mail_user_ids() {
    case "$SYS_MAIL_SYSTEM" in
        exim)
            # Exim typically runs as Debian-mail or mail user
            if id mail &>/dev/null; then
                export SYS_MAIL_UID=$(id -u mail 2>/dev/null || echo "8")
                export SYS_MAIL_GID=$(id -g mail 2>/dev/null || echo "12")
            else
                export SYS_MAIL_UID=$(id -u Debian-exim 2>/dev/null || echo "101")
                export SYS_MAIL_GID=$(id -g Debian-exim 2>/dev/null || echo "104")
            fi
            ;;
        postfix)
            export SYS_MAIL_UID=$(id -u postfix 2>/dev/null || echo "89")
            export SYS_MAIL_GID=$(id -g postfix 2>/dev/null || echo "89")
            ;;
        sendmail)
            export SYS_MAIL_UID=$(id -u smmsp 2>/dev/null || echo "209")
            export SYS_MAIL_GID=$(id -g smmsp 2>/dev/null || echo "209")
            ;;
        *)
            export SYS_MAIL_UID=""
            export SYS_MAIL_GID=""
            ;;
    esac
}

#############################################################################
# CONTROL PANEL USER IDS
#############################################################################

derive_control_panel_user_ids() {
    case "$SYS_CONTROL_PANEL" in
        cpanel)
            # cPanel system user (usually nobody on cPanel)
            export SYS_CPANEL_SYSTEM_UID=$(id -u nobody 2>/dev/null || echo "65534")
            export SYS_CPANEL_SYSTEM_GID=$(id -g nobody 2>/dev/null || echo "65534")
            ;;
        plesk)
            # Plesk system user
            export SYS_PLESK_SYSTEM_UID=$(id -u psaadm 2>/dev/null || echo "52")
            export SYS_PLESK_SYSTEM_GID=$(id -g psaadm 2>/dev/null || echo "52")
            ;;
        interworx)
            # InterWorx system user
            export SYS_INTERWORX_SYSTEM_UID=$(id -u iworx 2>/dev/null || echo "99")
            export SYS_INTERWORX_SYSTEM_GID=$(id -g iworx 2>/dev/null || echo "99")
            ;;
        *)
            export SYS_CPANEL_SYSTEM_UID=""
            export SYS_CPANEL_SYSTEM_GID=""
            export SYS_PLESK_SYSTEM_UID=""
            export SYS_PLESK_SYSTEM_GID=""
            export SYS_INTERWORX_SYSTEM_UID=""
            export SYS_INTERWORX_SYSTEM_GID=""
            ;;
    esac
}

#############################################################################
# MAIN DERIVATION FUNCTION
#############################################################################

derive_all_system_authentication() {
    derive_system_auth_files
    derive_web_server_ids
    derive_database_user_ids
    derive_mail_user_ids
    derive_control_panel_user_ids
}

# Auto-run if sourced with detection complete
if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then
    derive_all_system_authentication
fi