diff options
author | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-01-16 02:55:18 +0100 |
---|---|---|
committer | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-01-16 02:55:18 +0100 |
commit | 29966fe8153460824f4c55b26f91c7182aeb1cf7 (patch) | |
tree | 29da2e0d7aee10abafedf4f5c7ef9bb0513680cb /src | |
parent | 8605cd3d0cb4d549cb8b43de945d447f6d82892a (diff) | |
download | bcfg2-29966fe8153460824f4c55b26f91c7182aeb1cf7.tar.gz bcfg2-29966fe8153460824f4c55b26f91c7182aeb1cf7.tar.bz2 bcfg2-29966fe8153460824f4c55b26f91c7182aeb1cf7.zip |
POSIXUsers: Add filters for supplementary gids
There are now separate filters for supplementary groups of a managed POSIXUser.
If neither a blacklist or a whitelist for the supplementary groups is set, it
will default to the same lists like the gid filters.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/Bcfg2/Client/Tools/POSIXUsers.py | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/lib/Bcfg2/Client/Tools/POSIXUsers.py b/src/lib/Bcfg2/Client/Tools/POSIXUsers.py index 40598541e..224119a79 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIXUsers.py +++ b/src/lib/Bcfg2/Client/Tools/POSIXUsers.py @@ -27,13 +27,23 @@ class POSIXUsers(Bcfg2.Client.Tools.Tool): type=uid_range_type, help="GID ranges the POSIXUsers tool will manage"), Bcfg2.Options.Option( + cf=('POSIXUsers', 'supgid_whitelist'), default=[], + type=uid_range_type, + help="GID ranges for supplementary groups the POSIXUsers" + "tool will manage"), + Bcfg2.Options.Option( cf=('POSIXUsers', 'uid_blacklist'), default=[], type=uid_range_type, help="UID ranges the POSIXUsers tool will not manage"), Bcfg2.Options.Option( cf=('POSIXUsers', 'gid_blacklist'), default=[], type=uid_range_type, - help="GID ranges the POSIXUsers tool will not manage")] + help="GID ranges the POSIXUsers tool will not manage"), + Bcfg2.Options.Option( + cf=('POSIXUsers', 'supgid_blacklist'), default=[], + type=uid_range_type, + help="GID ranges for supplementary groups the POSIXUsers" + "tool will not manage")] __execs__ = ['/usr/sbin/useradd', '/usr/sbin/usermod', '/usr/sbin/userdel', '/usr/sbin/groupadd', '/usr/sbin/groupmod', @@ -58,10 +68,19 @@ class POSIXUsers(Bcfg2.Client.Tools.Tool): self.set_defaults = dict(POSIXUser=self.populate_user_entry, POSIXGroup=lambda g: g) self._existing = None + + supgid_whitelist = Bcfg2.Options.setup.supgid_whitelist + supgid_blacklist = Bcfg2.Options.setup.supgid_blacklist + if supgid_whitelist is None and supgid_blacklist is None: + supgid_whitelist = Bcfg2.Options.setup.gid_whitelist + supgid_blacklist = Bcfg2.Options.setup.gid_blacklist + self._whitelist = dict(POSIXUser=Bcfg2.Options.setup.uid_whitelist, - POSIXGroup=Bcfg2.Options.setup.gid_whitelist) + POSIXGroup=Bcfg2.Options.setup.gid_whitelist, + POSIXSupGroup=supgid_whitelist) self._blacklist = dict(POSIXUser=Bcfg2.Options.setup.uid_blacklist, - POSIXGroup=Bcfg2.Options.setup.gid_blacklist) + POSIXGroup=Bcfg2.Options.setup.gid_blacklist, + POSIXSupGroup=supgid_blacklist) @property def existing(self): @@ -161,7 +180,7 @@ class POSIXUsers(Bcfg2.Client.Tools.Tool): given entry is a member of """ return [g for g in self.existing['POSIXGroup'].values() if entry.get("name") in g[3] and - self._in_managed_range('POSIXGroup', g[2])] + self._in_managed_range('POSIXSupGroup', g[2])] def VerifyPOSIXUser(self, entry, _): """ Verify a POSIXUser entry """ |