Rechtebechebung für User mit Sudorechte

2025-10-20 01:44:23 +02:00 · 2025-10-20 01:44:23 +02:00 · a4f3990ce4
parent 1516746c01
commit a4f3990ce4
1 changed files with 50 additions and 51 deletions
--- a/app/Services/DkimService.php
+++ b/app/Services/DkimService.php
@ -109,69 +109,68 @@ class DkimService
        // OpenDKIM einhängen (wenn Helper existiert)
        $helper = '/usr/local/sbin/mailwolt-install-dkim';

-//        if (is_executable($helper)) {
-//            $cmd = [
-//                'sudo','-n', $helper,
-//                $domain->domain,
-//                $selKey,
-//                $privOKAbs,  // …/storage/app/private/dkim/<dir>/<selector>.private
-//                $dnsTxtAbs   // …/storage/app/private/dkim/<dir>/<selector>.txt
-//            ];
-//
-//            $res = Process::timeout(30)->run($cmd);
-//
-//            if ($res->failed()) {
-//                Log::error('DKIM install failed', [
-//                    'cmd'  => implode(' ', $cmd),
-//                    'exit' => $res->exitCode(),
-//                    'out'  => $res->output(),
-//                    'err'  => $res->errorOutput(),
-//                ]);
-//                throw new RuntimeException(
-//                    'OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput()
-//                );
-//            }
-//
-//            // OpenDKIM neu laden (falls der Helper das nicht selbst tut)
-//            Process::run(['sudo','-n','systemctl','reload','opendkim']);
-//        }
-
-        $helper = '/usr/local/sbin/mailwolt-install-dkim';
-
        Log::debug('DKIM helper call', [
            'as' => trim(Process::run(['whoami'])->output()),
            'helper' => $helper,
            'exists' => is_file($helper),
            // KEINE privaten Keys loggen!
        ]);
-        
-        if (is_file($helper)) {
-            $cmd = [
-                'sudo','-n', $helper,
-                $domain->domain,
-                $selKey,
-                $privOKAbs,
-                $dnsTxtAbs,
-            ];

-            $res = Process::timeout(30)->run($cmd);
+        $helper = '/usr/local/sbin/mailwolt-install-dkim';

-            Log::info('DKIM install exit', [
-                'cmd'  => implode(' ', $cmd),
-                'exit' => $res->exitCode(),
-                'out'  => $res->output(),
-                'err'  => $res->errorOutput(),
-            ]);
+        $proc = Process::timeout(30)->run([
+            'sudo','-n', $helper,
+            $domain->domain, $selKey, $privOKAbs, $dnsTxtAbs
+        ]);

-            if ($res->failed()) {
-                throw new RuntimeException('OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput());
+        Log::info('DKIM install exit', [
+            'cmd'  => $helper,
+            'exit' => $proc->exitCode(),
+            'out'  => $proc->output(),
+            'err'  => $proc->errorOutput(),
+        ]);
+
+        if (!$proc->successful()) {
+            // Optionale bessere Fehlermeldung
+            $err = $proc->errorOutput();
+            if (str_contains($err, 'command not found') || str_contains($err, 'No such file')) {
+                throw new \RuntimeException('Helper fehlt: '.$helper.' (Installer erneut ausführen?)');
            }
-
-            Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
-        } else {
-            Log::warning('DKIM helper not found', ['path' => $helper]);
+            if (str_contains($err, 'sudo') && str_contains($err, 'a password is required')) {
+                throw new \RuntimeException('sudo NOPASSWD fehlt für www-data → /etc/sudoers.d/mailwolt-dkim prüfen.');
+            }
+            throw new \RuntimeException("install-dkim failed: ".$err);
        }

+        Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
+
+//        if (is_file($helper)) {
+//            $cmd = [
+//                'sudo','-n', $helper,
+//                $domain->domain,
+//                $selKey,
+//                $privOKAbs,
+//                $dnsTxtAbs,
+//            ];
+//
+//            $res = Process::timeout(30)->run($cmd);
+//
+//            Log::info('DKIM install exit', [
+//                'cmd'  => implode(' ', $cmd),
+//                'exit' => $res->exitCode(),
+//                'out'  => $res->output(),
+//                'err'  => $res->errorOutput(),
+//            ]);
+//
+//            if ($res->failed()) {
+//                throw new RuntimeException('OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput());
+//            }
+//
+//            Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
+//        } else {
+//            Log::warning('DKIM helper not found', ['path' => $helper]);
+//        }
+
        return [
            'selector'     => $selKey,
            'priv_path'    => $privOKAbs,