Example #1
0
def project_add(pid, name):
    if project_exists(pid):
        run_utils.exit_fail("Project with same project pid exists")

    project_name = project_id_to_name(pid)
    for role in ("", "-a", "-p"):
        grp = "%s%s" % (project_name, role)
        run_utils.launch_cmd("/usr/sbin/pw groupadd -n %s " % grp)
    phome = project_home(pid)
    run_utils.launch_cmd("/bin/mkdir %s " % phome)
    admin_group = "%s-a" % project_name
    run_utils.launch_cmd("/usr/sbin/chown -R root:%s  %s" %
                         (admin_group, phome))
    set_project_name(phome, cleanup_project_name(name))
    storage_facade.permissions_strict_owner_only(phome)
    run_utils.launch_cmd("/bin/chflags -h nosunlink %s" % phome)

    acls = [
        'everyone@:------a-R-c--s:------:allow',
        'group@:r-xp--a-R-c--s:fd----:allow',
        'owner@:rwxp-daARWcC-s:fd----:allow',
        'group:%s:rwxp--a-R-cC-s:-d----:allow' % project_name,
        'group:%s:r-x---a-R-cC-s:f-----:allow' % project_name,
        'group:%s:----D---------:-d----:deny' % project_name,
        'group:%s-p:rwxpD-aAR-cC-s:fd----:allow' % project_name,
        'group:%s-a:rwxpD-aARWcCos:fd----:allow' % project_name
    ]
    for acl in acls:
        flag = ('-m' if ('@' in acl) else '-a0')
        run_utils.launch_cmd("/bin/setfacl -h %s %s %s " % (flag, acl, phome))

    print("project added successfully")
Example #2
0
def test_ssh(nels_id):
    feed_utils.heading("ssh use case. nels_id: %s" % nels_id)
    credentail = ssh_utils.get_ssh_credentials(nels_id)
    if not credentail:
        feed_utils.failed("fetching key")
        return False
    feed_utils.ok("ssh key fetched")
    (host, username, key_file) = credentail
    (status, items,
     error) = run_utils.launch_remote_with_key(key_file, username, host, "ls ")
    if status != 0:
        feed_utils.error(error)
        return False

    if "Personal" in items:
        feed_utils.ok("Personal folder found")
    else:
        feed_utils.failed("Personal folder not found")

    if "Projects" in items:
        feed_utils.ok("Projects folder found")
    else:
        feed_utils.failed("Projects folder not found")

    feed_utils.info("cleaning key file")
    run_utils.launch_cmd("rm -f  %s" % key_file)
    return True
Example #3
0
def get_ssh_credentials(nels_id):
    credentail = storage.get_ssh_credential(nels_id)
    if not credentail:
        return None
    (host, username) = (credentail[0], credentail[1])
    feed_utils.info("fetching keys. host: %s, username:%s " % (host, username))
    key_file = path.join(config.TEMP_DIR, "%s.nels" % nels_id)
    feed_utils.info("writing key file: %s" % key_file)
    file_utils.write_to_file(key_file, credentail[2])
    run_utils.launch_cmd("chmod 600 %s" % key_file)
    return [credentail[0], credentail[1], key_file]
Example #4
0
def project_del(pid):
    if not project_exists(pid):
        run_utils.exit_fail("Project not found")
    for role in ("", "-a", "-p"):
        grp = "%s%s" % (project_id_to_name(pid), role)
        if not storage_facade.group_exists(grp):
            continue
        for nels_id in storage_facade.member_nels_ids(grp):
            project_user_remove(pid, nels_id)
        run_utils.launch_cmd("/usr/sbin/pw groupdel -n %s -q " % grp)
    # caution, this deletes all files of the project
    run_utils.launch_cmd("/bin/rm -rf %s" % project_home(pid))
    print("project removed successfully")
Example #5
0
def project_user_add(pid, uid, role):
    if is_user_member(pid, uid):
        project_user_remove(pid, uid)
    proot = path.join(storage_facade.USERS_ROOT_DIR,
                      user_facade.nels_id_to_username(uid), "Projects")
    plink = project_link_path(pid, uid)

    run_utils.launch_cmd(
        "/usr/sbin/pw  groupmod -n %s -m %s" %
        (role_to_group(pid, role), user_facade.nels_id_to_username(uid)))
    run_utils.launch_cmd("/bin/chflags -h nosimmutable,nosunlink %s" % proot)
    run_utils.launch_cmd("/bin/ln -s -f -h %s %s " % (path.join(
        storage_facade.PROJECTS_ROOT_DIR, project_id_to_name(pid)), plink))
    run_utils.launch_cmd("/bin/chflags -h simmutable,sunlink %s" % proot)
Example #6
0
def project_user_remove(pid, uid):
    if not is_user_member(pid, uid):
        run_utils.exit_fail("User is not a member of the project")
    proot = path.join(storage_facade.USERS_ROOT_DIR,
                      user_facade.nels_id_to_username(uid), "Projects")
    plink = project_link_path(pid, uid)
    for role in ["member", "poweruser", "admin"]:
        run_utils.launch_cmd(
            "/usr/sbin/pw  groupmod -n %s -d %s " %
            (role_to_group(pid, role), user_facade.nels_id_to_username(uid)))
    if path.exists(plink):
        run_utils.launch_cmd("/bin/chflags -h nosimmutable,nosunlink %s" %
                             proot)
        run_utils.launch_cmd("/bin/rm -f %s " % plink)
        run_utils.launch_cmd("/bin/chflags -h simmutable,sunlink %s" % proot)
Example #7
0
def permissions_strict_owner_only(directory):
    owner = file_owner_get(directory)
    setfacl = '/bin/setfacl'
    chmod = '/bin/chmod'
    if owner == "root":
        owner = ''
    run_utils.launch_cmd("%s -h -b %s" % (setfacl, directory), owner)
    run_utils.launch_cmd("%s 700 %s" % (chmod, directory), owner)
    run_utils.launch_cmd("%s -h -m %s %s" % (setfacl, "'owner@:rwxp--aARWcCos:fd:allow'", directory), owner)
Example #8
0
def group_exists(grp):
    result = run_utils.launch_cmd("/usr/sbin/pw groupshow %s" % grp)
    return result[0] == 0
Example #9
0
def permissions_add_full_control_to_groupname(directory, group_name):
    run_utils.launch_cmd("/bin/setfacl -h -m 'g:%s:rwxpDdaARWcC:fd:allow' %s" % (group_name, directory))
Example #10
0
def allow_nels_storage_admin(directory):
    run_utils.launch_cmd("/bin/setfacl -h -a2 %s %s" % ("'g:nels_storage_admin:xaRcs:fd:allow'", directory))
Example #11
0
def file_owner_get(directory):
    cmd = "stat -f '%Su' " + directory
    feed_utils.info(cmd)
    result = run_utils.launch_cmd(cmd)
    # caution: this is not safe. Should be changed
    return result[1][0].replace('\n', '')
Example #12
0
if __name__ == "__main__":
    usage = 'usage: %prog [options] nels_id  link_to_clean'
    version = '%prog 1.0'

    parser = OptionParser(usage=usage, version=version)
    parser.add_option('-v', '--verbose', dest="verbose", action="store_true", help='turn verbosity on', default=False)
    # get options and arguments
    (options, args) = parser.parse_args()
    feed_utils.VERBOSE = options.verbose
    args_utils.require_args_length(parser, args, 2)

    args_utils.require_arg_number(parser, args, 0, "nels_id")
    config.init()

    proot = path.join(storage_facade.USERS_ROOT_DIR, user_facade.nels_id_to_username(int(args[0])), "Projects")
    plink = path.join(proot, args[1])
    if not path.exists(plink):
        run_utils.exit_fail("symbolic link not found")

    # unlock folder, remove link and lock folder again
    run_utils.launch_cmd("/bin/chflags -h nosimmutable,nosunlink %s" % proot)
    run_utils.launch_cmd("/bin/rm -f %s " % plink)
    run_utils.launch_cmd("/bin/chflags -h simmutable,sunlink %s" % proot)

    #verify
    if path.exists(plink):
        feed_utils.failed("link still exists")
    else:
        feed_utils.ok("link removed successfully")
Example #13
0
def set_project_name(project_home, name):
    run_utils.launch_cmd(
        "/usr/sbin/setextattr user nels.project.name \"%s\" \"%s\" " %
        (cleanup_project_name(name), project_home))
Example #14
0
def project_exists(pid):
    feed_utils.info("cheking project existence. pid: %s" % pid)
    return run_utils.launch_cmd('/usr/bin/getent group %s' %
                                project_id_to_name(pid))[0] == 0
Example #15
0
def project_name_by_pname(pname):
    result = run_utils.launch_cmd(
        "/usr/sbin/getextattr   -q -h user 'nels.project.name'  %s" %
        path.join(storage_facade.PROJECTS_ROOT_DIR, pname))
    return result[1][0].replace("\n", "")