def scanFiles(self, optionDict, action):
changes = {}
messages = []
# We need to operate one file at a time here... so we'll rebuild our dictiony of stuff to do as we go...
for fileName in sb_utils.file.fileperms.splitStringIntoFiles(
optionDict['fileList']):
options = {}
thisOptDict = {'fileList': fileName}
if optionDict['dacs']:
thisOptDict['dacs'] = optionDict['dacs']
if optionDict['allowedUnames']:
thisOptDict['allowedUnames'] = optionDict['allowedUnames']
if fileName.endswith('aliases.db'):
if optionDict['allowedGnamesAliasesDB']:
thisOptDict['allowedGnames'] = optionDict[
'allowedGnamesAliasesDB']
elif optionDict['allowedGnames']:
thisOptDict['allowedGnames'] = optionDict['allowedGnames']
if action == "scan":
r1, r2 = GenericPerms.scan(optionDict=thisOptDict)
if r2:
changes['changes'] = 'yes'
else:
r1, r2 = GenericPerms.apply(optionDict=thisOptDict)
if r2 != '{}':
changes.update(tcs_utils.string_to_dictionary(r2))
if changes:
messages.append("%s has incorrect perms/ownership" % fileName)
return changes, messages
def undo(self, change_record=None):
if not change_record:
msg = "Skipping Undo: No change record in state file."
self.logger.notice(self.module_name, msg)
return 1
# check to see if this might be an oldstyle change record, which is a string of entries
# of "filename|mode|uid|gid\n" - mode should be interpreted as octal
# If so, convert that into the new dictionary style
if not change_record[0:200].strip().startswith('{'):
new_rec = {}
for line in change_record.split('\n'):
fspecs = line.split('|')
if len(fspecs) != 4:
continue
new_rec[fspecs[0]] = {
'owner': fspecs[2],
'group': fspecs[3],
'dacs': int(fspecs[1], 8)
}
change_record = new_rec
return GenericPerms.undo(change_record=change_record)
return 1
def scan(self, optionDict={}):
if sb_utils.os.info.is_LikeSUSE():
optionDict['allowedGnames'] = self.addShadow(
optionDict['allowedGnames'], 'group')
return GenericPerms.scan(optionDict=optionDict)
def apply(self, optionDict={}):
# For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should
# be made *very* obvious in the logs.
if sb_utils.os.info.is_LikeSUSE():
optionDict['allowedGnames'] = 'shadow'
msg = "SUSE/openSUSE OS detected, shadow files *must* be owned by the 'shadow' group"
self.logger.notice(self.module_name, msg)
return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict=None):
# First, let's see if root's home directory is /root
u_obj = pwd.getpwnam('root')
if u_obj[5] != '/root':
reason = "Root home directory IS NOT /root; you must manually " \
"change root's home directory or this module will continue to fail."
self.logger.notice(self.module_name, 'Scan Failed: ' + reason)
raise tcs_utils.ManualActionReqd('%s %s' %
(self.module_name, reason))
optionDict['fileList'] = u_obj[5]
return GenericPerms.apply(optionDict=optionDict)
def undo(self, change_record=None):
if not change_record:
msg = "Skipping Undo: No change record in state file."
self.logger.notice(self.module_name, msg)
return 1
# Old style change record was simply the permissions to restore, so if we only get a number as the change_record
# treat it as such (with DECIMAL perms) and create the newstyle change record
if not change_record[0:200].strip().startswith('{'):
newperms = int(change_record, 10)
change_record = {}
change_record[self.__target_file] = {'dacs': newperms}
else:
change_record = tcs_utils.string_to_dictionary(change_record)
return GenericPerms.undo(change_record=change_record)
def apply(self, optionDict={}):
return GenericPerms.apply(optionDict=optionDict)
def scan(self, optionDict={}):
return GenericPerms.scan(optionDict=optionDict)
def apply(self, optionDict={}):
optionDict['fileList'] = self.shell_list
return GenericPerms.apply(optionDict=optionDict)
def scan(self, optionDict={}):
optionDict['fileList'] = self.shell_list
return GenericPerms.scan(optionDict=optionDict)
def undo(self, change_record=None):
return GenericPerms.undo(change_record=change_record)
def apply(self, optionDict=None):
optionDict['fileList'] = self.fileName
return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}):
# For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should
# be made *very* obvious in the logs.
return GenericPerms.apply(optionDict=optionDict)
def undo(self, change_record=None):
"""Undo removal of user/group change of unowned files"""
return GenericPerms.undo(change_record=change_record)
def apply(self, optionDict={}):
"""Change user/group of unowned files to nobody"""
return GenericPerms.apply(optionDict=optionDict)
def scan(self, optionDict={}):
"""
Initiating File System Scan to find unowned files
"""
return GenericPerms.scan(optionDict=optionDict)
def undo(self, change_record=None):
# Even though we didn't call GenericPerms to *make* the changes, we can still pop the change record back through
# that code...
return GenericPerms.undo(change_record=change_record)
def scan(self, optionDict=None):
optionDict['fileList'] = self.fileName
return GenericPerms.scan(optionDict=optionDict)