Rechtebechebung für User mit Sudorechte

2025-10-20 01:44:23 +02:00 · 2025-10-20 01:44:23 +02:00 · a4f3990ce4
parent 1516746c01
commit a4f3990ce4
1 changed files with 50 additions and 51 deletions
--- a/app/Services/DkimService.php
+++ b/app/Services/DkimService.php
@ -109,69 +109,68 @@ class DkimService
        // OpenDKIM einhängen (wenn Helper existiert)
        $helper = '/usr/local/sbin/mailwolt-install-dkim';
 //        if (is_executable($helper)) {
 //            $cmd = [
 //                'sudo','-n', $helper,
 //                $domain->domain,
 //                $selKey,
 //                $privOKAbs,  // …/storage/app/private/dkim/<dir>/<selector>.private
 //                $dnsTxtAbs   // …/storage/app/private/dkim/<dir>/<selector>.txt
 //            ];
 //
 //            $res = Process::timeout(30)->run($cmd);
 //
 //            if ($res->failed()) {
 //                Log::error('DKIM install failed', [
 //                    'cmd'  => implode(' ', $cmd),
 //                    'exit' => $res->exitCode(),
 //                    'out'  => $res->output(),
 //                    'err'  => $res->errorOutput(),
 //                ]);
 //                throw new RuntimeException(
 //                    'OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput()
 //                );
 //            }
 //
 //            // OpenDKIM neu laden (falls der Helper das nicht selbst tut)
 //            Process::run(['sudo','-n','systemctl','reload','opendkim']);
 //        }
        $helper = '/usr/local/sbin/mailwolt-install-dkim';
        Log::debug('DKIM helper call', [
            'as' => trim(Process::run(['whoami'])->output()),
            'helper' => $helper,
            'exists' => is_file($helper),
            // KEINE privaten Keys loggen!
        ]);
        if (is_file($helper)) {
            $cmd = [
                'sudo','-n', $helper,
                $domain->domain,
                $selKey,
                $privOKAbs,
                $dnsTxtAbs,
            ];
-            $res = Process::timeout(30)->run($cmd);
+        $helper = '/usr/local/sbin/mailwolt-install-dkim';
-            Log::info('DKIM install exit', [
+        $proc = Process::timeout(30)->run([
-                'cmd'  => implode(' ', $cmd),
+            'sudo','-n', $helper,
-                'exit' => $res->exitCode(),
+            $domain->domain, $selKey, $privOKAbs, $dnsTxtAbs
-                'out'  => $res->output(),
+        ]);
                'err'  => $res->errorOutput(),
            ]);
-            if ($res->failed()) {
+        Log::info('DKIM install exit', [
-                throw new RuntimeException('OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput());
+            'cmd'  => $helper,
            'exit' => $proc->exitCode(),
            'out'  => $proc->output(),
            'err'  => $proc->errorOutput(),
        ]);
        if (!$proc->successful()) {
            // Optionale bessere Fehlermeldung
            $err = $proc->errorOutput();
            if (str_contains($err, 'command not found') || str_contains($err, 'No such file')) {
                throw new \RuntimeException('Helper fehlt: '.$helper.' (Installer erneut ausführen?)');
            }
-
+            if (str_contains($err, 'sudo') && str_contains($err, 'a password is required')) {
-            Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
+                throw new \RuntimeException('sudo NOPASSWD fehlt für www-data → /etc/sudoers.d/mailwolt-dkim prüfen.');
-        } else {
+            }
-            Log::warning('DKIM helper not found', ['path' => $helper]);
+            throw new \RuntimeException("install-dkim failed: ".$err);
        }
        Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
 //        if (is_file($helper)) {
 //            $cmd = [
 //                'sudo','-n', $helper,
 //                $domain->domain,
 //                $selKey,
 //                $privOKAbs,
 //                $dnsTxtAbs,
 //            ];
 //
 //            $res = Process::timeout(30)->run($cmd);
 //
 //            Log::info('DKIM install exit', [
 //                'cmd'  => implode(' ', $cmd),
 //                'exit' => $res->exitCode(),
 //                'out'  => $res->output(),
 //                'err'  => $res->errorOutput(),
 //            ]);
 //
 //            if ($res->failed()) {
 //                throw new RuntimeException('OpenDKIM-Install fehlgeschlagen: '.$res->errorOutput());
 //            }
 //
 //            Process::run(['sudo','-n','/usr/bin/systemctl','reload','opendkim']);
 //        } else {
 //            Log::warning('DKIM helper not found', ['path' => $helper]);
 //        }
        return [
            'selector'     => $selKey,
            'priv_path'    => $privOKAbs,