def scanFiles(self, optionDict, action):

        changes = {}
        messages = []

        # We need to operate one file at a time here... so we'll rebuild our dictiony of stuff to do as we go...
        for fileName in sb_utils.file.fileperms.splitStringIntoFiles(
                optionDict['fileList']):
            options = {}
            thisOptDict = {'fileList': fileName}
            if optionDict['dacs']:
                thisOptDict['dacs'] = optionDict['dacs']

            if optionDict['allowedUnames']:
                thisOptDict['allowedUnames'] = optionDict['allowedUnames']

            if fileName.endswith('aliases.db'):
                if optionDict['allowedGnamesAliasesDB']:
                    thisOptDict['allowedGnames'] = optionDict[
                        'allowedGnamesAliasesDB']
            elif optionDict['allowedGnames']:
                thisOptDict['allowedGnames'] = optionDict['allowedGnames']

            if action == "scan":
                r1, r2 = GenericPerms.scan(optionDict=thisOptDict)
                if r2:
                    changes['changes'] = 'yes'
            else:
                r1, r2 = GenericPerms.apply(optionDict=thisOptDict)
                if r2 != '{}':
                    changes.update(tcs_utils.string_to_dictionary(r2))

            if changes:
                messages.append("%s has incorrect perms/ownership" % fileName)
        return changes, messages
Exemple #2
0
    def apply(self, optionDict={}):

        # For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner.  This is an explicit override and should
        # be made *very* obvious in the logs.
        if sb_utils.os.info.is_LikeSUSE():
            optionDict['allowedGnames'] = 'shadow'
            msg = "SUSE/openSUSE OS detected, shadow files *must* be owned by the 'shadow' group"
            self.logger.notice(self.module_name, msg)
        return GenericPerms.apply(optionDict=optionDict)
Exemple #3
0
    def apply(self, optionDict=None):

        # First, let's see if root's home directory is /root
        u_obj = pwd.getpwnam('root')
        if u_obj[5] != '/root':
            reason = "Root home directory IS NOT /root; you must manually " \
                     "change root's home directory or this module will continue to fail."
            self.logger.notice(self.module_name, 'Scan Failed: ' + reason)
            raise tcs_utils.ManualActionReqd('%s %s' %
                                             (self.module_name, reason))

        optionDict['fileList'] = u_obj[5]
        return GenericPerms.apply(optionDict=optionDict)
Exemple #4
0
    def apply(self, optionDict={}):

        return GenericPerms.apply(optionDict=optionDict)
Exemple #5
0
    def apply(self, optionDict={}):

        optionDict['fileList'] = self.shell_list
        return GenericPerms.apply(optionDict=optionDict)
Exemple #6
0
    def apply(self, optionDict={}):

        # For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner.  This is an explicit override and should
        # be made *very* obvious in the logs.
        return GenericPerms.apply(optionDict=optionDict)
Exemple #7
0
    def apply(self, optionDict={}):

        if sb_utils.os.info.is_LikeSUSE():
            optionDict['allowedGnames'] = self.addShadow(
                optionDict['allowedGnames'], 'group')
        return GenericPerms.apply(optionDict=optionDict)
Exemple #8
0
    def apply(self, optionDict={}):
        """Change user/group of unowned files to nobody"""

        return GenericPerms.apply(optionDict=optionDict)
 def apply(self, optionDict=None):
     optionDict['fileList'] = self.fileName
     return GenericPerms.apply(optionDict=optionDict)