def scan(self, optionDict={}):
if sb_utils.os.info.is_LikeSUSE():
optionDict['allowedGnames'] = self.addShadow(
optionDict['allowedGnames'], 'group')
return GenericPerms.scan(optionDict=optionDict)
def scanFiles(self, optionDict, action):
changes = {}
messages = []
# We need to operate one file at a time here... so we'll rebuild our dictiony of stuff to do as we go...
for fileName in sb_utils.file.fileperms.splitStringIntoFiles(
optionDict['fileList']):
options = {}
thisOptDict = {'fileList': fileName}
if optionDict['dacs']:
thisOptDict['dacs'] = optionDict['dacs']
if optionDict['allowedUnames']:
thisOptDict['allowedUnames'] = optionDict['allowedUnames']
if fileName.endswith('aliases.db'):
if optionDict['allowedGnamesAliasesDB']:
thisOptDict['allowedGnames'] = optionDict[
'allowedGnamesAliasesDB']
elif optionDict['allowedGnames']:
thisOptDict['allowedGnames'] = optionDict['allowedGnames']
if action == "scan":
r1, r2 = GenericPerms.scan(optionDict=thisOptDict)
if r2:
changes['changes'] = 'yes'
else:
r1, r2 = GenericPerms.apply(optionDict=thisOptDict)
if r2 != '{}':
changes.update(tcs_utils.string_to_dictionary(r2))
if changes:
messages.append("%s has incorrect perms/ownership" % fileName)
return changes, messages
def scan(self, optionDict={}):
# For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should
# be made *very* obvious in the logs.
if sb_utils.os.info.is_LikeSUSE():
optionDict['allowedGnames'] = 'shadow'
msg = "SUSE/openSUSE OS detected, shadow files *must* be owned by the 'shadow' group"
self.logger.notice(self.module_name, msg)
return GenericPerms.scan(optionDict=optionDict)
def scan(self, optionDict=None):
# First, let's see if root's home directory is /root
u_obj = pwd.getpwnam('root')
if u_obj[5] != '/root':
reason = "Root home directory IS NOT /root; you must manually " \
"change root's home directory or this module will continue to fail."
self.logger.notice(self.module_name, 'Scan Failed: ' + reason)
raise tcs_utils.ManualActionReqd('%s %s' %
(self.module_name, reason))
optionDict['fileList'] = u_obj[5]
return GenericPerms.scan(optionDict=optionDict)
def scan(self, optionDict={}):
return GenericPerms.scan(optionDict=optionDict)
def scan(self, optionDict={}):
optionDict['fileList'] = self.shell_list
return GenericPerms.scan(optionDict=optionDict)
def scan(self, optionDict={}):
# For SUSE/openSUSE platform, we need to make sure that 'shadow' is the only allowed owner. This is an explicit override and should
# be made *very* obvious in the logs.
return GenericPerms.scan(optionDict=optionDict)
def scan(self, optionDict={}):
"""
Initiating File System Scan to find unowned files
"""
return GenericPerms.scan(optionDict=optionDict)
def scan(self, optionDict=None):
optionDict['fileList'] = self.fileName
return GenericPerms.scan(optionDict=optionDict)