diff options
| author | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-01-16 09:36:55 +0100 |
|---|---|---|
| committer | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-01-16 10:07:53 +0100 |
| commit | a6c58a242db90623a6cb4dfe111d7c1ee8423a84 (patch) | |
| tree | 2b81ab9bb5998e0c1d433c9b971b22145c911f5c | |
| parent | 354ef30b43098d88173e7132da8a2a7d8fa55bde (diff) | |
| parent | 29966fe8153460824f4c55b26f91c7182aeb1cf7 (diff) | |
| download | bcfg2-a6c58a242db90623a6cb4dfe111d7c1ee8423a84.tar.gz bcfg2-a6c58a242db90623a6cb4dfe111d7c1ee8423a84.tar.bz2 bcfg2-a6c58a242db90623a6cb4dfe111d7c1ee8423a84.zip | |
Merge branch 'supgid-filter'
| -rw-r--r-- | src/lib/Bcfg2/Client/Tools/POSIXUsers.py | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/lib/Bcfg2/Client/Tools/POSIXUsers.py b/src/lib/Bcfg2/Client/Tools/POSIXUsers.py index 40598541e..224119a79 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIXUsers.py +++ b/src/lib/Bcfg2/Client/Tools/POSIXUsers.py @@ -27,13 +27,23 @@ class POSIXUsers(Bcfg2.Client.Tools.Tool): type=uid_range_type, help="GID ranges the POSIXUsers tool will manage"), Bcfg2.Options.Option( + cf=('POSIXUsers', 'supgid_whitelist'), default=[], + type=uid_range_type, + help="GID ranges for supplementary groups the POSIXUsers" + "tool will manage"), + Bcfg2.Options.Option( cf=('POSIXUsers', 'uid_blacklist'), default=[], type=uid_range_type, help="UID ranges the POSIXUsers tool will not manage"), Bcfg2.Options.Option( cf=('POSIXUsers', 'gid_blacklist'), default=[], type=uid_range_type, - help="GID ranges the POSIXUsers tool will not manage")] + help="GID ranges the POSIXUsers tool will not manage"), + Bcfg2.Options.Option( + cf=('POSIXUsers', 'supgid_blacklist'), default=[], + type=uid_range_type, + help="GID ranges for supplementary groups the POSIXUsers" + "tool will not manage")] __execs__ = ['/usr/sbin/useradd', '/usr/sbin/usermod', '/usr/sbin/userdel', '/usr/sbin/groupadd', '/usr/sbin/groupmod', @@ -58,10 +68,19 @@ class POSIXUsers(Bcfg2.Client.Tools.Tool): self.set_defaults = dict(POSIXUser=self.populate_user_entry, POSIXGroup=lambda g: g) self._existing = None + + supgid_whitelist = Bcfg2.Options.setup.supgid_whitelist + supgid_blacklist = Bcfg2.Options.setup.supgid_blacklist + if supgid_whitelist is None and supgid_blacklist is None: + supgid_whitelist = Bcfg2.Options.setup.gid_whitelist + supgid_blacklist = Bcfg2.Options.setup.gid_blacklist + self._whitelist = dict(POSIXUser=Bcfg2.Options.setup.uid_whitelist, - POSIXGroup=Bcfg2.Options.setup.gid_whitelist) + POSIXGroup=Bcfg2.Options.setup.gid_whitelist, + POSIXSupGroup=supgid_whitelist) self._blacklist = dict(POSIXUser=Bcfg2.Options.setup.uid_blacklist, - POSIXGroup=Bcfg2.Options.setup.gid_blacklist) + POSIXGroup=Bcfg2.Options.setup.gid_blacklist, + POSIXSupGroup=supgid_blacklist) @property def existing(self): @@ -161,7 +180,7 @@ class POSIXUsers(Bcfg2.Client.Tools.Tool): given entry is a member of """ return [g for g in self.existing['POSIXGroup'].values() if entry.get("name") in g[3] and - self._in_managed_range('POSIXGroup', g[2])] + self._in_managed_range('POSIXSupGroup', g[2])] def VerifyPOSIXUser(self, entry, _): """ Verify a POSIXUser entry """ |