Rechtebechebung für User mit Sudorechte

2025-10-20 00:06:44 +02:00 · 2025-10-20 00:06:44 +02:00 · 1516746c01
parent 033ae32538
commit 1516746c01
1 changed files with 50 additions and 14 deletions
--- a/app/Services/DkimService.php
+++ b/app/Services/DkimService.php
@ -109,31 +109,67 @@ class DkimService
        // OpenDKIM einhängen (wenn Helper existiert)
        $helper = '/usr/local/sbin/mailwolt-install-dkim';

-        if (is_executable($helper)) {
+//        if (is_executable($helper)) {
+//            $cmd = [
+//                'sudo','-n', $helper,
+//                $domain->domain,
+//                $selKey,
+//                $privOKAbs,  // …/storage/app/private/dkim/<dir>/<selector>.private
+//                $dnsTxtAbs   // …/storage/app/private/dkim/<dir>/<selector>.txt
+//            ];
+//
+//            $res = Process::timeout(30)->run($cmd);
+//
+//            if ($res->failed()) {
+//                Log::error('DKIM install failed', [
+//                    'cmd'  => implode(' ', $cmd),
+//                    'exit' => $res->exitCode(),
+//                    'out'  => $res->output(),
+//                    'err'  => $res->errorOutput(),
+//                ]);
+//                throw new RuntimeException(
+//                    'OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput()
+//                );
+//            }
+//
+//            // OpenDKIM neu laden (falls der Helper das nicht selbst tut)
+//            Process::run(['sudo','-n','systemctl','reload','opendkim']);
+//        }
+
+        $helper = '/usr/local/sbin/mailwolt-install-dkim';
+
+        Log::debug('DKIM helper call', [
+            'as' => trim(Process::run(['whoami'])->output()),
+            'helper' => $helper,
+            'exists' => is_file($helper),
+            // KEINE privaten Keys loggen!
+        ]);
+        
+        if (is_file($helper)) {
            $cmd = [
                'sudo','-n', $helper,
                $domain->domain,
                $selKey,
-                $privOKAbs,  // …/storage/app/private/dkim/<dir>/<selector>.private
-                $dnsTxtAbs   // …/storage/app/private/dkim/<dir>/<selector>.txt
+                $privOKAbs,
+                $dnsTxtAbs,
            ];

            $res = Process::timeout(30)->run($cmd);

+            Log::info('DKIM install exit', [
+                'cmd'  => implode(' ', $cmd),
+                'exit' => $res->exitCode(),
+                'out'  => $res->output(),
+                'err'  => $res->errorOutput(),
+            ]);
+
            if ($res->failed()) {
-                Log::error('DKIM install failed', [
-                    'cmd'  => implode(' ', $cmd),
-                    'exit' => $res->exitCode(),
-                    'out'  => $res->output(),
-                    'err'  => $res->errorOutput(),
-                ]);
-                throw new RuntimeException(
-                    'OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput()
-                );
+                throw new RuntimeException('OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput());
            }

-            // OpenDKIM neu laden (falls der Helper das nicht selbst tut)
-            Process::run(['sudo','-n','systemctl','reload','opendkim']);
+            Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
+        } else {
+            Log::warning('DKIM helper not found', ['path' => $helper]);
        }

        return [