diff options
-rw-r--r-- | doc/server/configurationentries.txt | 17 | ||||
-rw-r--r-- | schemas/pathentry.xsd | 1 | ||||
-rw-r--r-- | schemas/rules.xsd | 1 | ||||
-rw-r--r-- | src/lib/Client/Tools/POSIX.py | 59 |
4 files changed, 74 insertions, 4 deletions
diff --git a/doc/server/configurationentries.txt b/doc/server/configurationentries.txt index 10eccf6be..0c12ce9c9 100644 --- a/doc/server/configurationentries.txt +++ b/doc/server/configurationentries.txt @@ -107,8 +107,8 @@ Path type specified. | | | that should not | | | | | exist | | +-------------+----------------------+-----------------+--------------------------+ -| permissions | Replaces Permissions | Permissions of | name, owner, | -| | entries | POSIX entities | group, perms | +| permissions | Replaces Permissions | Permissions of | name, owner, group, | +| | entries | POSIX entities | perms, recursive | | | | | | +-------------+----------------------+-----------------+--------------------------+ | vcs | New | Create version | vcstype (git), | @@ -119,6 +119,19 @@ Path type specified. Keep in mind that permissions for files served up by Cfg/TGenshi/TCheetah are still handled via the traditional :ref:`server-info` mechanisms. +Additional information +---------------------- + +This section describes some additional behavior relating to POSIX entry +attributes. + +Recursive permissions +^^^^^^^^^^^^^^^^^^^^^ + +As per the request in ticket 871, Path type='permissions' entries allow you to +set a recursive attribute which allows the owner/group to be set recursively +for a directory. + .. _boundentries: Bound Entries diff --git a/schemas/pathentry.xsd b/schemas/pathentry.xsd index 0c27f9112..24be22612 100644 --- a/schemas/pathentry.xsd +++ b/schemas/pathentry.xsd @@ -24,6 +24,7 @@ <xsd:attribute type='xsd:string' name='owner' use='optional'/> <xsd:attribute type='xsd:string' name='perms' use='optional'/> <xsd:attribute type='xsd:string' name='prune' use='optional'/> + <xsd:attribute type='xsd:string' name='recursive' use='optional'/> <xsd:attribute type='xsd:string' name='to' use='optional'/> <xsd:attribute type='xsd:string' name='type' use='optional'/> <xsd:attributeGroup ref="py:genshiAttrs"/> diff --git a/schemas/rules.xsd b/schemas/rules.xsd index 101b62384..0a408c35c 100644 --- a/schemas/rules.xsd +++ b/schemas/rules.xsd @@ -38,6 +38,7 @@ <xsd:attribute type='xsd:string' name='perms'/> <xsd:attribute type='xsd:string' name='owner'/> <xsd:attribute type='xsd:string' name='group'/> + <xsd:attribute type='xsd:string' name='recursive'/> <xsd:attribute type='xsd:string' name='prune'/> <xsd:attribute type='xsd:string' name='to'/> <xsd:attributeGroup ref="py:genshiAttrs"/> diff --git a/src/lib/Client/Tools/POSIX.py b/src/lib/Client/Tools/POSIX.py index a079571e5..faec2e251 100644 --- a/src/lib/Client/Tools/POSIX.py +++ b/src/lib/Client/Tools/POSIX.py @@ -736,6 +736,47 @@ class POSIX(Bcfg2.Client.Tools.Tool): def Verifypermissions(self, entry, _): """Verify Path type='permissions' entry""" + if entry.get('perms') == None or \ + entry.get('owner') == None or \ + entry.get('group') == None: + self.logger.error('Entry %s not completely specified. ' + 'Try running bcfg2-lint.' % (entry.get('name'))) + return False + if entry.get('recursive') in ['True', 'true']: + # verify ownership information recursively + owner = normUid(entry) + group = normGid(entry) + + for root, dirs, files in os.walk(entry.get('name')): + for p in dirs + files: + path = os.path.join(root, p) + pstat = os.stat(path) + if owner != pstat.st_uid: + # owner mismatch for path + entry.set('current_owner', str(pstat.st_uid)) + self.logger.debug("%s %s ownership wrong" % \ + (entry.tag, path)) + nqtext = entry.get('qtext', '') + '\n' + nqtext += ("Owner for path %s is incorrect. " + "Current owner is %s but should be %s\n" % \ + (path, pstat.st_uid, entry.get('owner'))) + nqtext += ("\nInstall %s %s: (y/N): " % + (entry.tag, entry.get('name'))) + entry.set('qtext', nqtext) + return False + if group != pstat.st_gid: + # group mismatch for path + entry.set('current_group', str(pstat.st_gid)) + self.logger.debug("%s %s group wrong" % \ + (entry.tag, path)) + nqtext = entry.get('qtext', '') + '\n' + nqtext += ("Group for path %s is incorrect. " + "Current group is %s but should be %s\n" % \ + (path, pstat.st_gid, entry.get('group'))) + nqtext += ("\nInstall %s %s: (y/N): " % + (entry.tag, entry.get('name'))) + entry.set('qtext', nqtext) + return False return self.Verifydirectory(entry, _) def Installpermissions(self, entry): @@ -746,9 +787,23 @@ class POSIX(Bcfg2.Client.Tools.Tool): self.logger.error('Entry %s not completely specified. ' 'Try running bcfg2-lint.' % (entry.get('name'))) return False + plist = [entry.get('name')] + if entry.get('recursive') in ['True', 'true']: + # verify ownership information recursively + owner = normUid(entry) + group = normGid(entry) + + for root, dirs, files in os.walk(entry.get('name')): + for p in dirs + files: + path = os.path.join(root, p) + pstat = os.stat(path) + if owner != pstat.st_uid or group != pstat.st_gid: + # owner mismatch for path + plist.append(path) try: - os.chown(entry.get('name'), normUid(entry), normGid(entry)) - os.chmod(entry.get('name'), calcPerms(S_IFDIR, entry.get('perms'))) + for p in plist: + os.chown(p, normUid(entry), normGid(entry)) + os.chmod(p, calcPerms(S_IFDIR, entry.get('perms'))) return True except (OSError, KeyError): self.logger.error('Permission fixup failed for %s' % \ |