def delete_user(username): data_directory = settings.DATA_DIRECTORY datastage_orphan = pwd.getpwnam(settings.get('main:datastage_orphan')) for name in ('private', 'shared', 'collab'): path = os.path.join(data_directory, name , username) os.chown(path, datastage_orphan.pw_uid, datastage_orphan.pw_gid) res = subprocess.call(['smbpasswd', username, '-x']) result = subprocess.call(['userdel', username]) if res or result: yield ExitMenu() sync_permissions() yield ExitMenu(2)
def delete_user(username): data_directory = settings.DATA_DIRECTORY datastage_orphan = pwd.getpwnam(settings.get('main:datastage_orphan')) for name in ('private', 'shared', 'collab'): path = os.path.join(data_directory, name, username) collaborators = get_members('datastage-collaborator') if username not in collaborators: os.chown(path, datastage_orphan.pw_uid, datastage_orphan.pw_gid) res = subprocess.call(['smbpasswd', username, '-x']) result = subprocess.call(['userdel', username]) if res or result: yield ExitMenu() sync_permissions() yield ExitMenu(2)
def config_menu(): def service_check(label, check_port, pid_filenames, service_name, firewall_ports): actions = {} listening_on = set() for proto, addr, port in listening: if port == check_port and proto.startswith('tcp'): if addr is None: listening_on |= ips else: listening_on.add(addr) available_at = check_port_listening(listening_on, check_port) print pid = check_pid(*pid_filenames) if pid: print "%10s: Status: \033[92mRunning\033[0m (%d)" % (label, pid) print " Listening on: %s" % ', '.join(sorted(listening_on)) print " Available at: %s" % ', '.join(sorted(available_at)) if listening_on != available_at: print " Warning: Not available on all interfaces." print " \033[95mAction: Type '%s' to tweak the firewall\033[0m" % service_name actions[service_name] = update_firewall_service(*firewall_ports) else: print "%10s: Status: \033[91mNot running\033[0m" % label print " \033[95mAction: Type '%s' to start %s\033[0m" % (service_name, label) actions[service_name] = enable_service(service_name, label) return actions while True: actions = {'refresh': lambda: None} listening = get_all_listening() ips = get_ips() print print "Status of some services" actions.update(service_check('DataStage', settings.get('server:port'), ['/var/run/datastage.pid'], 'datastage', [''])) actions.update(service_check('SSH', 22, ['/var/run/sshd.pid'], 'sshd', ['ssh/tcp'])) actions.update(service_check('Apache', 80, ['/var/run/apache2.pid', '/var/run/httpd/httpd.pid'], 'apache2', ['www/tcp'])) if os.path.exists('/etc/apache2/sites-enabled/000-default'): print " Warning: Default site exists at /etc/apache2/sites-enabled/000-default" print " \033[95mAction: Type 'defaultsite' to remove it and restart Apache\033[0m" actions['defaultsite'] = remove_default_apache_site() actions.update(service_check('Samba', 445, ['/var/run/samba/smbd.pid'], 'samba', ['netbios-ns/udp', 'netbios-dgm/udp', 'netbios-ssn/tcp', 'microsoft-ds/tcp'])) if SambaConfigurer.needs_configuring(): print " Warning: Samba is not configured to serve DataStage files" print " \033[95mAction: Type 'confsamba' to configure and restart Samba\033[0m" actions['confsamba'] = SambaConfigurer() if FilesystemAttributes.needs_configuring(): print " Warning: The filesystem frpm which DataStage will serve data is missing mount options " print " \033[95mAction: Type 'fs' to ensure the filesystem is mounted with acl and user_xattr options\033[0m" actions['fs'] = FilesystemAttributes() yield menu(actions)
def sync_permissions(): leaders = get_members('datastage-leader') members = get_members('datastage-member') collabs = get_members('datastage-collaborator') data_directory = settings.DATA_DIRECTORY datastage_user = pwd.getpwnam(settings.get('main:datastage_user')) # Force leaders to be superusers for username in leaders | members | collabs: user, _ = User.objects.get_or_create(username=username) user.is_staff = user.is_superuser = user.username in leaders user.save() for name in ('private', 'shared', 'collab'): path = os.path.join(data_directory, name) if not os.path.exists(path): os.makedirs(path) os.chown(path, datastage_user.pw_uid, datastage_user.pw_gid) os.chmod(path, 0755) for user in leaders | members: pw_user = pwd.getpwnam(user) path = os.path.join(data_directory, name, user) if not os.path.exists(path): os.makedirs(path) # Make sure the directory is owned by the right person os.chown(path, pw_user.pw_uid, pw_user.pw_gid) acl_text = 'u::rwx,g::-,o::-,m::rwx,u:datastage:rwx' if name in ('private', 'shared'): acl_text += ',g:datastage-leader:rx' if name == 'collab': acl_text += ',g:datastage-leader:rwx' if name == 'shared': acl_text += ',g:datastage-member:rx' if name == 'collab': acl_text += ',g:datastage-member:rwx' if name == 'collab': acl_text += ',g:datastage-collaborator:rx' for acl_type in (posix1e.ACL_TYPE_ACCESS, posix1e.ACL_TYPE_DEFAULT): posix1e.ACL(text=acl_text).applyto(path, acl_type) with open(os.path.join(path, 'permissions.txt'), 'w') as f: f.write("By default, this directory is accessible by the following people:\n\n") f.write(" * Its owner (%s; %s) has read and write permissions;\n" % (get_name(user), user)) if name in ('private', 'shared'): f.write(" * The following research group leaders have read permissions:\n") for leader in sorted(leaders): f.write(" - %s (%s)\n" % (get_name(leader), leader)) if name == 'shared': f.write(" * The following research group members also have read permissions:\n") for member in sorted(members): f.write(" - %s (%s)\n" % (get_name(member), member)) if name == 'collab': f.write(" * The following research group leaders and members have read and write permissions:\n") for person in sorted(leaders | members): f.write(" - %s (%s)\n" % (get_name(person), person)) f.write(" * The following collaborators have read permissions:\n") for collab in sorted(collabs): f.write(" - %s (%s)\n" % (get_name(collab), collab)) os.chown(f.name, datastage_user.pw_uid, datastage_user.pw_gid) os.chmod(f.name, 0774)
def config_menu(): def service_check(label, check_port, pid_filenames, service_name, firewall_ports): actions = {} listening_on = set() for proto, addr, port in listening: if port == check_port and proto.startswith('tcp'): if addr is None: listening_on |= ips else: listening_on.add(addr) available_at = check_port_listening(listening_on, check_port) print pid = check_pid(*pid_filenames) if pid: print "%10s: Status: \033[92mRunning\033[0m (%d)" % (label, pid) print " Listening on: %s" % ', '.join( sorted(listening_on)) print " Available at: %s" % ', '.join( sorted(available_at)) if listening_on != available_at: print " Warning: Not available on all interfaces." print " \033[95mAction: Type '%s' to tweak the firewall\033[0m" % service_name actions[service_name] = update_firewall_service( *firewall_ports) else: print "%10s: Status: \033[91mNot running\033[0m" % label print " \033[95mAction: Type '%s' to start %s\033[0m" % ( service_name, label) actions[service_name] = enable_service(service_name, label) return actions while True: actions = {'refresh': lambda: None} listening = get_all_listening() ips = get_ips() print print "Status of some services" actions.update( service_check('DataStage', settings.get('server:port'), ['/var/run/datastage.pid'], 'datastage', [''])) actions.update( service_check('SSH', 22, ['/var/run/sshd.pid'], 'sshd', ['ssh/tcp'])) actions.update( service_check('Apache', 80, ['/var/run/apache2.pid', '/var/run/httpd/httpd.pid'], 'apache2', ['www/tcp'])) if os.path.exists('/etc/apache2/sites-enabled/000-default'): print " Warning: Default site exists at /etc/apache2/sites-enabled/000-default" print " \033[95mAction: Type 'defaultsite' to remove it and restart Apache\033[0m" actions['defaultsite'] = remove_default_apache_site() actions.update( service_check('Samba', 445, ['/var/run/samba/smbd.pid'], 'samba', [ 'netbios-ns/udp', 'netbios-dgm/udp', 'netbios-ssn/tcp', 'microsoft-ds/tcp' ])) if SambaConfigurer.needs_configuring(): print " Warning: Samba is not configured to serve DataStage files" print " \033[95mAction: Type 'confsamba' to configure and restart Samba\033[0m" actions['confsamba'] = SambaConfigurer() if FilesystemAttributes.needs_configuring(): print " Warning: The filesystem frpm which DataStage will serve data is missing mount options " print " \033[95mAction: Type 'fs' to ensure the filesystem is mounted with acl and user_xattr options\033[0m" actions['fs'] = FilesystemAttributes() yield menu(actions)