def execute(self, root_allowed=False):
"""Execute using self.data
:param bool root_allowed: Allow execute as root commands
:return:
"""
if self.user == ROOT_USER and not root_allowed and not self.data.get(
'ssh'):
raise SecurityException(
'For security, execute commands as root is not allowed. '
'Use --root-allowed to allow executing commands as root. '
' It is however recommended to add a user to the configuration '
'of the device (device: {})'.format(self.name))
if self.data.get('user') and self.data.get('ssh'):
raise InvalidConfig(
'User option is unsupported in ssh mode. The ssh user must be defined in '
'the ssh option. For example: user@machine')
if self.data.get('ssh'):
cmd = execute_over_ssh(self.data['cmd'], self.data['ssh'],
self.data.get('cwd'))
output = execute_cmd(cmd)
else:
cmd = run_as_cmd(self.data['cmd'], self.user)
output = execute_cmd(cmd, self.data.get('cwd'))
if output:
return output[0]
def __init__(self, file, ignore_perms=False, **kwargs):
"""Set the config file and validate file permissions
:param str file: path to file
:param kwargs: default values in dict
"""
super(Config, self).__init__(**kwargs)
if not os.path.lexists(file):
raise ConfigFileNotFoundError(file)
if not ignore_perms and (
(not os.getuid() and not only_root_write(file))
or oth_w_perm(file)):
file = os.path.abspath(file)
raise SecurityException(
'There should be no permissions for other users in the file "{file}". '
'Current permissions: {user}:{group} {perms}. {msg}. '
'Run "sudo chmod 660 \'{file}\' && sudo chown root:root \'{file}\'"'
.format(
file=file,
user=get_file_owner(file),
group=get_file_group(file),
perms=os.stat(file).st_mode & 0o777,
msg='Removes write permission for others' if os.getuid()
else 'Only root must be able to write to file'))
self.file = file
self.read()
def __init__(self, file, **kwargs):
super(Config, self).__init__(**kwargs)
if (not os.getuid() and not only_root_write(file)) or oth_w_perm(file):
raise SecurityException(
'There should be no permissions for other users in the file "{}". {}.'
.format(
file, 'Removes write permission for others' if os.getuid()
else 'Only root must be able to write to file'))
self.file = file
self.read()
def execute(self, root_allowed=False):
logger.debug('%s device executed (mac %s)', self.name, self.src)
if not self.cmd:
logger.warning('%s: There is no cmd in device conf.', self.name)
return
cmd = self.cmd
if self.user == ROOT_USER and not root_allowed:
raise SecurityException(
'For security, execution as root is not allowed.')
cmd = run_as_cmd(cmd, self.user)
execute(cmd, self.cwd)
def execute(self, root_allowed=False):
"""Execute using self.data
:param bool root_allowed: Allow execute as root commands
:return:
"""
if self.user == ROOT_USER and not root_allowed:
raise SecurityException(
'For security, execute commands as root is not allowed. '
'Use --root-allowed to allow executing commands as root. '
' It is however recommended to add a user to the configuration '
'of the device (device: {})'.format(self.name))
cmd = run_as_cmd(self.data['cmd'], self.user)
execute_cmd(cmd, self.data.get('cwd'))