def scanFiles(self, optionDict, action): changes = {} messages = [] # We need to operate one file at a time here... so we'll rebuild our dictiony of stuff to do as we go... for fileName in sb_utils.file.fileperms.splitStringIntoFiles( optionDict['fileList']): options = {} thisOptDict = {'fileList': fileName} if optionDict['dacs']: thisOptDict['dacs'] = optionDict['dacs'] if optionDict['allowedUnames']: thisOptDict['allowedUnames'] = optionDict['allowedUnames'] if fileName.endswith('aliases.db'): if optionDict['allowedGnamesAliasesDB']: thisOptDict['allowedGnames'] = optionDict[ 'allowedGnamesAliasesDB'] elif optionDict['allowedGnames']: thisOptDict['allowedGnames'] = optionDict['allowedGnames'] if action == "scan": r1, r2 = GenericPerms.scan(optionDict=thisOptDict) if r2: changes['changes'] = 'yes' else: r1, r2 = GenericPerms.apply(optionDict=thisOptDict) if r2 != '{}': changes.update(tcs_utils.string_to_dictionary(r2)) if changes: messages.append("%s has incorrect perms/ownership" % fileName) return changes, messages
def undo(self, change_record=None): if not change_record: msg = "Skipping Undo: No change record in state file." self.logger.notice(self.module_name, msg) return 1 # check to see if this might be an oldstyle change record, which is a string of entries # of "filename|mode|uid|gid\n" - mode should be interpreted as octal # If so, convert that into the new dictionary style if not change_record[0:200].strip().startswith('{'): new_rec = {} for line in change_record.split('\n'): fspecs = line.split('|') if len(fspecs) != 4: continue new_rec[fspecs[0]] = { 'owner': fspecs[2], 'group': fspecs[3], 'dacs': int(fspecs[1], 8) } change_record = new_rec return GenericPerms.undo(change_record=change_record) return 1
def scan(self, optionDict={}): if sb_utils.os.info.is_LikeSUSE(): optionDict['allowedGnames'] = self.addShadow( optionDict['allowedGnames'], 'group') return GenericPerms.scan(optionDict=optionDict)
def apply(self, optionDict={}): # For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should # be made *very* obvious in the logs. if sb_utils.os.info.is_LikeSUSE(): optionDict['allowedGnames'] = 'shadow' msg = "SUSE/openSUSE OS detected, shadow files *must* be owned by the 'shadow' group" self.logger.notice(self.module_name, msg) return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict=None): # First, let's see if root's home directory is /root u_obj = pwd.getpwnam('root') if u_obj[5] != '/root': reason = "Root home directory IS NOT /root; you must manually " \ "change root's home directory or this module will continue to fail." self.logger.notice(self.module_name, 'Scan Failed: ' + reason) raise tcs_utils.ManualActionReqd('%s %s' % (self.module_name, reason)) optionDict['fileList'] = u_obj[5] return GenericPerms.apply(optionDict=optionDict)
def undo(self, change_record=None): if not change_record: msg = "Skipping Undo: No change record in state file." self.logger.notice(self.module_name, msg) return 1 # Old style change record was simply the permissions to restore, so if we only get a number as the change_record # treat it as such (with DECIMAL perms) and create the newstyle change record if not change_record[0:200].strip().startswith('{'): newperms = int(change_record, 10) change_record = {} change_record[self.__target_file] = {'dacs': newperms} else: change_record = tcs_utils.string_to_dictionary(change_record) return GenericPerms.undo(change_record=change_record)
def apply(self, optionDict={}): return GenericPerms.apply(optionDict=optionDict)
def scan(self, optionDict={}): return GenericPerms.scan(optionDict=optionDict)
def apply(self, optionDict={}): optionDict['fileList'] = self.shell_list return GenericPerms.apply(optionDict=optionDict)
def scan(self, optionDict={}): optionDict['fileList'] = self.shell_list return GenericPerms.scan(optionDict=optionDict)
def undo(self, change_record=None): return GenericPerms.undo(change_record=change_record)
def apply(self, optionDict=None): optionDict['fileList'] = self.fileName return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}): # For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should # be made *very* obvious in the logs. return GenericPerms.apply(optionDict=optionDict)
def undo(self, change_record=None): """Undo removal of user/group change of unowned files""" return GenericPerms.undo(change_record=change_record)
def apply(self, optionDict={}): """Change user/group of unowned files to nobody""" return GenericPerms.apply(optionDict=optionDict)
def scan(self, optionDict={}): """ Initiating File System Scan to find unowned files """ return GenericPerms.scan(optionDict=optionDict)
def undo(self, change_record=None): # Even though we didn't call GenericPerms to *make* the changes, we can still pop the change record back through # that code... return GenericPerms.undo(change_record=change_record)
def scan(self, optionDict=None): optionDict['fileList'] = self.fileName return GenericPerms.scan(optionDict=optionDict)