def scanFiles(self, optionDict, action): changes = {} messages = [] # We need to operate one file at a time here... so we'll rebuild our dictiony of stuff to do as we go... for fileName in sb_utils.file.fileperms.splitStringIntoFiles( optionDict['fileList']): options = {} thisOptDict = {'fileList': fileName} if optionDict['dacs']: thisOptDict['dacs'] = optionDict['dacs'] if optionDict['allowedUnames']: thisOptDict['allowedUnames'] = optionDict['allowedUnames'] if fileName.endswith('aliases.db'): if optionDict['allowedGnamesAliasesDB']: thisOptDict['allowedGnames'] = optionDict[ 'allowedGnamesAliasesDB'] elif optionDict['allowedGnames']: thisOptDict['allowedGnames'] = optionDict['allowedGnames'] if action == "scan": r1, r2 = GenericPerms.scan(optionDict=thisOptDict) if r2: changes['changes'] = 'yes' else: r1, r2 = GenericPerms.apply(optionDict=thisOptDict) if r2 != '{}': changes.update(tcs_utils.string_to_dictionary(r2)) if changes: messages.append("%s has incorrect perms/ownership" % fileName) return changes, messages
def apply(self, optionDict={}): # For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should # be made *very* obvious in the logs. if sb_utils.os.info.is_LikeSUSE(): optionDict['allowedGnames'] = 'shadow' msg = "SUSE/openSUSE OS detected, shadow files *must* be owned by the 'shadow' group" self.logger.notice(self.module_name, msg) return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict=None): # First, let's see if root's home directory is /root u_obj = pwd.getpwnam('root') if u_obj[5] != '/root': reason = "Root home directory IS NOT /root; you must manually " \ "change root's home directory or this module will continue to fail." self.logger.notice(self.module_name, 'Scan Failed: ' + reason) raise tcs_utils.ManualActionReqd('%s %s' % (self.module_name, reason)) optionDict['fileList'] = u_obj[5] return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}): return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}): optionDict['fileList'] = self.shell_list return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}): # For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should # be made *very* obvious in the logs. return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}): if sb_utils.os.info.is_LikeSUSE(): optionDict['allowedGnames'] = self.addShadow( optionDict['allowedGnames'], 'group') return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict={}): """Change user/group of unowned files to nobody""" return GenericPerms.apply(optionDict=optionDict)
def apply(self, optionDict=None): optionDict['fileList'] = self.fileName return GenericPerms.apply(optionDict=optionDict)