6 files changed, 69 insertions, 51 deletions

diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py b/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py
index 8506f4bc7..fc4e16904 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/Augeas.py
@@ -190,12 +190,12 @@ class POSIXAugeas(POSIXTool):
     :ref:`client-tools-augeas`. """
     __req__ = ['name', 'mode', 'owner', 'group']
 
-    def __init__(self, logger, setup, config):
-        POSIXTool.__init__(self, logger, setup, config)
+    def __init__(self, config):
+        POSIXTool.__init__(self, config)
         self._augeas = dict()
         # file tool for setting initial values of files that don't
         # exist
-        self.filetool = POSIXFile(logger, setup, config)
+        self.filetool = POSIXFile(config)
 
     def get_augeas(self, entry):
         """ Get an augeas object for the given entry. """
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/Device.py b/src/lib/Bcfg2/Client/Tools/POSIX/Device.py
index 9b84adad0..6237ccce2 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/Device.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/Device.py
@@ -13,7 +13,7 @@ class POSIXDevice(POSIXTool):
         if entry.get('dev_type') in ['block', 'char']:
             # check if major/minor are properly specified
             if (entry.get('major') is None or
-                entry.get('minor') is None):
+                    entry.get('minor') is None):
                 return False
         return True
 
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/File.py b/src/lib/Bcfg2/Client/Tools/POSIX/File.py
index b1bde1057..d7a70e202 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/File.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/File.py
@@ -6,6 +6,7 @@ import stat
 import time
 import difflib
 import tempfile
+import Bcfg2.Options
 from Bcfg2.Client.Tools.POSIX.base import POSIXTool
 from Bcfg2.Compat import unicode, b64encode, b64decode  # pylint: disable=W0622
 
@@ -43,7 +44,7 @@ class POSIXFile(POSIXTool):
             tempdata = entry.text
             if isinstance(tempdata, unicode) and unicode != str:
                 try:
-                    tempdata = tempdata.encode(self.setup['encoding'])
+                    tempdata = tempdata.encode(Bcfg2.Options.setup.encoding)
                 except UnicodeEncodeError:
                     err = sys.exc_info()[1]
                     self.logger.error("POSIX: Error encoding file %s: %s" %
@@ -56,7 +57,7 @@ class POSIXFile(POSIXTool):
         if isinstance(tempdata, str) and str != unicode:
             tempdatasize = len(tempdata)
         else:
-            tempdatasize = len(tempdata.encode(self.setup['encoding']))
+            tempdatasize = len(tempdata.encode(Bcfg2.Options.setup.encoding))
 
         different = False
         content = None
@@ -78,7 +79,7 @@ class POSIXFile(POSIXTool):
                 content = open(entry.get('name')).read()
             except UnicodeDecodeError:
                 content = open(entry.get('name'),
-                               encoding=self.setup['encoding']).read()
+                               encoding=Bcfg2.Options.setup.encoding).read()
             except IOError:
                 self.logger.error("POSIX: Failed to read %s: %s" %
                                   (entry.get("name"), sys.exc_info()[1]))
@@ -89,7 +90,7 @@ class POSIXFile(POSIXTool):
             self.logger.debug("POSIX: %s has incorrect contents" %
                               entry.get("name"))
             self._get_diffs(
-                entry, interactive=self.setup['interactive'],
+                entry, interactive=Bcfg2.Options.setup.interactive,
                 sensitive=entry.get('sensitive', 'false').lower() == 'true',
                 is_binary=is_binary, content=content)
         return POSIXTool.verify(self, entry, modlist) and not different
@@ -116,7 +117,7 @@ class POSIXFile(POSIXTool):
                 os.fdopen(newfd, 'w').write(filedata)
             else:
                 os.fdopen(newfd, 'wb').write(
-                    filedata.encode(self.setup['encoding']))
+                    filedata.encode(Bcfg2.Options.setup.encoding))
         except (OSError, IOError):
             err = sys.exc_info()[1]
             self.logger.error("POSIX: Failed to open temp file %s for writing "
@@ -181,7 +182,8 @@ class POSIXFile(POSIXTool):
                                   (entry.get("name"), sys.exc_info()[1]))
                 return False
         if not is_binary:
-            is_binary |= not self._is_string(content, self.setup['encoding'])
+            is_binary |= not self._is_string(content,
+                                             Bcfg2.Options.setup.encoding)
         if is_binary:
             # don't compute diffs if the file is binary
             prompt.append('Binary file, no printable diff')
@@ -194,7 +196,7 @@ class POSIXFile(POSIXTool):
                 if diff:
                     udiff = '\n'.join(l.rstrip('\n') for l in diff)
                     if hasattr(udiff, "decode"):
-                        udiff = udiff.decode(self.setup['encoding'])
+                        udiff = udiff.decode(Bcfg2.Options.setup.encoding)
                     try:
                         prompt.append(udiff)
                     except UnicodeEncodeError:
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/Nonexistent.py b/src/lib/Bcfg2/Client/Tools/POSIX/Nonexistent.py
index f7251ca50..d67a68c8b 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/Nonexistent.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/Nonexistent.py
@@ -24,8 +24,8 @@ class POSIXNonexistent(POSIXTool):
             for struct in self.config.getchildren():
                 for el in struct.getchildren():
                     if (el.tag == 'Path' and
-                        el.get('type') != 'nonexistent' and
-                        el.get('name').startswith(ename)):
+                            el.get('type') != 'nonexistent' and
+                            el.get('name').startswith(ename)):
                         self.logger.error('POSIX: Not removing %s. One or '
                                           'more files in this directory are '
                                           'specified in your configuration.' %
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
index 8d64cf84d..c27c7559d 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
@@ -4,20 +4,31 @@ import os
 import re
 import sys
 import shutil
-from datetime import datetime
+import Bcfg2.Options
 import Bcfg2.Client.Tools
+from datetime import datetime
 from Bcfg2.Compat import walk_packages
 from Bcfg2.Client.Tools.POSIX.base import POSIXTool
 
 
 class POSIX(Bcfg2.Client.Tools.Tool):
     """POSIX File support code."""
-    name = 'POSIX'
 
-    def __init__(self, logger, setup, config):
-        Bcfg2.Client.Tools.Tool.__init__(self, logger, setup, config)
-        self.ppath = setup['ppath']
-        self.max_copies = setup['max_copies']
+    options = Bcfg2.Client.Tools.Tool.options + [
+        Bcfg2.Options.PathOption(
+            cf=('paranoid', 'path'), default='/var/cache/bcfg2',
+            dest='paranoid_path',
+            help='Specify path for paranoid file backups'),
+        Bcfg2.Options.Option(
+            cf=('paranoid', 'max_copies'), default=1, type=int,
+            dest='paranoid_copies',
+            help='Specify the number of paranoid copies you want'),
+        Bcfg2.Options.BooleanOption(
+            '-P', '--paranoid', cf=('client', 'paranoid'),
+            help='Make automatic backups of config files')]
+
+    def __init__(self, config):
+        Bcfg2.Client.Tools.Tool.__init__(self, config)
         self._handlers = self._load_handlers()
         self.logger.debug("POSIX: Handlers loaded: %s" %
                           (", ".join(self._handlers.keys())))
@@ -56,7 +67,7 @@ class POSIX(Bcfg2.Client.Tools.Tool):
             if POSIXTool in hdlr.__mro__:
                 # figure out what entry type this handler handles
                 etype = hdlr.__name__[5:].lower()
-                rv[etype] = hdlr(self.logger, self.setup, self.config)
+                rv[etype] = hdlr(self.config)
         return rv
 
     def canVerify(self, entry):
@@ -92,7 +103,7 @@ class POSIX(Bcfg2.Client.Tools.Tool):
         self.logger.debug("POSIX: Verifying entry %s:%s:%s" %
                           (entry.tag, entry.get("type"), entry.get("name")))
         ret = self._handlers[entry.get("type")].verify(entry, modlist)
-        if self.setup['interactive'] and not ret:
+        if Bcfg2.Options.setup.interactive and not ret:
             entry.set('qtext',
                       '%s\nInstall %s %s: (y/N) ' %
                       (entry.get('qtext', ''),
@@ -106,35 +117,39 @@ class POSIX(Bcfg2.Client.Tools.Tool):
             bkupnam + r'_\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{6}$')
         # current list of backups for this file
         try:
-            bkuplist = [f for f in os.listdir(self.ppath) if
-                        bkup_re.match(f)]
+            bkuplist = [f
+                        for f in os.listdir(Bcfg2.Options.setup.paranoid_path)
+                        if bkup_re.match(f)]
         except OSError:
             err = sys.exc_info()[1]
             self.logger.error("POSIX: Failed to create backup list in %s: %s" %
-                              (self.ppath, err))
+                              (Bcfg2.Options.setup.paranoid_path, err))
             return
         bkuplist.sort()
-        while len(bkuplist) >= int(self.max_copies):
+        while len(bkuplist) >= int(Bcfg2.Options.setup.paranoid_copies):
             # remove the oldest backup available
             oldest = bkuplist.pop(0)
             self.logger.info("POSIX: Removing old backup %s" % oldest)
             try:
-                os.remove(os.path.join(self.ppath, oldest))
+                os.remove(os.path.join(Bcfg2.Options.setup.paranoid_path,
+                                       oldest))
             except OSError:
                 err = sys.exc_info()[1]
-                self.logger.error("POSIX: Failed to remove old backup %s: %s" %
-                                  (os.path.join(self.ppath, oldest), err))
+                self.logger.error(
+                    "POSIX: Failed to remove old backup %s: %s" %
+                    (os.path.join(Bcfg2.Options.setup.paranoid_path, oldest),
+                     err))
 
     def _paranoid_backup(self, entry):
         """ Take a backup of the specified entry for paranoid mode """
         if (entry.get("paranoid", 'false').lower() == 'true' and
-            self.setup.get("paranoid", False) and
-            entry.get('current_exists', 'true') == 'true' and
-            not os.path.isdir(entry.get("name"))):
+                Bcfg2.Options.setup.paranoid and
+                entry.get('current_exists', 'true') == 'true' and
+                not os.path.isdir(entry.get("name"))):
             self._prune_old_backups(entry)
             bkupnam = "%s_%s" % (entry.get('name').replace('/', '_'),
                                  datetime.isoformat(datetime.now()))
-            bfile = os.path.join(self.ppath, bkupnam)
+            bfile = os.path.join(Bcfg2.Options.setup.paranoid_path, bkupnam)
             try:
                 shutil.copy(entry.get('name'), bfile)
                 self.logger.info("POSIX: Backup of %s saved to %s" %
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
index 3d1358ce0..8895eaae1 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
@@ -105,23 +105,23 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
             path = entry.get("name")
 
         rv = True
-        if entry.get("owner") and entry.get("group"):
-            try:
-                self.logger.debug("POSIX: Setting ownership of %s to %s:%s" %
-                                  (path,
-                                   self._norm_entry_uid(entry),
-                                   self._norm_entry_gid(entry)))
-                os.chown(path, self._norm_entry_uid(entry),
-                         self._norm_entry_gid(entry))
-            except KeyError:
-                self.logger.error('POSIX: Failed to change ownership of %s' %
-                                  path)
-                rv = False
-                os.chown(path, 0, 0)
-            except OSError:
-                self.logger.error('POSIX: Failed to change ownership of %s' %
-                                  path)
-                rv = False
+        if os.geteuid() == 0:
+            if entry.get("owner") and entry.get("group"):
+                try:
+                    self.logger.debug("POSIX: Setting ownership of %s to %s:%s"
+                                      % (path,
+                                         self._norm_entry_uid(entry),
+                                         self._norm_entry_gid(entry)))
+                    os.chown(path, self._norm_entry_uid(entry),
+                             self._norm_entry_gid(entry))
+                except (OSError, KeyError):
+                    self.logger.error('POSIX: Failed to change ownership of %s'
+                                      % path)
+                    rv = False
+                    if sys.exc_info()[0] == KeyError:
+                        os.chown(path, 0, 0)
+        else:
+            self.logger.debug("POSIX: Run as non-root, not setting ownership")
 
         if entry.get("mode"):
             wanted_mode = int(entry.get('mode'), 8)
@@ -518,7 +518,8 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
                           (path, attrib['current_group'], entry.get('group')))
 
         if (wanted_mode and
-            oct_mode(int(attrib['current_mode'], 8)) != oct_mode(wanted_mode)):
+                oct_mode(int(attrib['current_mode'], 8)) !=
+                oct_mode(wanted_mode)):
             errors.append("Permissions for path %s are incorrect. "
                           "Current permissions are %s but should be %s" %
                           (path, attrib['current_mode'], entry.get('mode')))
@@ -543,7 +544,7 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
             else:
                 wanted_secontext = entry.get("secontext")
             if (wanted_secontext and
-                attrib['current_secontext'] != wanted_secontext):
+                    attrib['current_secontext'] != wanted_secontext):
                 errors.append("SELinux context for path %s is incorrect. "
                               "Current context is %s but should be %s" %
                               (path, attrib['current_secontext'],