def delete_user(username):
data_directory = settings.DATA_DIRECTORY
datastage_orphan = pwd.getpwnam(settings.get('main:datastage_orphan'))
for name in ('private', 'shared', 'collab'):
path = os.path.join(data_directory, name , username)
os.chown(path, datastage_orphan.pw_uid, datastage_orphan.pw_gid)
res = subprocess.call(['smbpasswd', username, '-x'])
result = subprocess.call(['userdel', username])
if res or result:
yield ExitMenu()
sync_permissions()
yield ExitMenu(2)
def delete_user(username):
data_directory = settings.DATA_DIRECTORY
datastage_orphan = pwd.getpwnam(settings.get('main:datastage_orphan'))
for name in ('private', 'shared', 'collab'):
path = os.path.join(data_directory, name, username)
collaborators = get_members('datastage-collaborator')
if username not in collaborators:
os.chown(path, datastage_orphan.pw_uid, datastage_orphan.pw_gid)
res = subprocess.call(['smbpasswd', username, '-x'])
result = subprocess.call(['userdel', username])
if res or result:
yield ExitMenu()
sync_permissions()
yield ExitMenu(2)
def config_menu():
def service_check(label, check_port, pid_filenames, service_name, firewall_ports):
actions = {}
listening_on = set()
for proto, addr, port in listening:
if port == check_port and proto.startswith('tcp'):
if addr is None:
listening_on |= ips
else:
listening_on.add(addr)
available_at = check_port_listening(listening_on, check_port)
print
pid = check_pid(*pid_filenames)
if pid:
print "%10s: Status: \033[92mRunning\033[0m (%d)" % (label, pid)
print " Listening on: %s" % ', '.join(sorted(listening_on))
print " Available at: %s" % ', '.join(sorted(available_at))
if listening_on != available_at:
print " Warning: Not available on all interfaces."
print " \033[95mAction: Type '%s' to tweak the firewall\033[0m" % service_name
actions[service_name] = update_firewall_service(*firewall_ports)
else:
print "%10s: Status: \033[91mNot running\033[0m" % label
print " \033[95mAction: Type '%s' to start %s\033[0m" % (service_name, label)
actions[service_name] = enable_service(service_name, label)
return actions
while True:
actions = {'refresh': lambda: None}
listening = get_all_listening()
ips = get_ips()
print
print "Status of some services"
actions.update(service_check('DataStage', settings.get('server:port'),
['/var/run/datastage.pid'],
'datastage', ['']))
actions.update(service_check('SSH', 22,
['/var/run/sshd.pid'],
'sshd', ['ssh/tcp']))
actions.update(service_check('Apache', 80,
['/var/run/apache2.pid', '/var/run/httpd/httpd.pid'],
'apache2', ['www/tcp']))
if os.path.exists('/etc/apache2/sites-enabled/000-default'):
print " Warning: Default site exists at /etc/apache2/sites-enabled/000-default"
print " \033[95mAction: Type 'defaultsite' to remove it and restart Apache\033[0m"
actions['defaultsite'] = remove_default_apache_site()
actions.update(service_check('Samba', 445,
['/var/run/samba/smbd.pid'],
'samba', ['netbios-ns/udp', 'netbios-dgm/udp',
'netbios-ssn/tcp', 'microsoft-ds/tcp']))
if SambaConfigurer.needs_configuring():
print " Warning: Samba is not configured to serve DataStage files"
print " \033[95mAction: Type 'confsamba' to configure and restart Samba\033[0m"
actions['confsamba'] = SambaConfigurer()
if FilesystemAttributes.needs_configuring():
print " Warning: The filesystem frpm which DataStage will serve data is missing mount options "
print " \033[95mAction: Type 'fs' to ensure the filesystem is mounted with acl and user_xattr options\033[0m"
actions['fs'] = FilesystemAttributes()
yield menu(actions)
def sync_permissions():
leaders = get_members('datastage-leader')
members = get_members('datastage-member')
collabs = get_members('datastage-collaborator')
data_directory = settings.DATA_DIRECTORY
datastage_user = pwd.getpwnam(settings.get('main:datastage_user'))
# Force leaders to be superusers
for username in leaders | members | collabs:
user, _ = User.objects.get_or_create(username=username)
user.is_staff = user.is_superuser = user.username in leaders
user.save()
for name in ('private', 'shared', 'collab'):
path = os.path.join(data_directory, name)
if not os.path.exists(path):
os.makedirs(path)
os.chown(path, datastage_user.pw_uid, datastage_user.pw_gid)
os.chmod(path, 0755)
for user in leaders | members:
pw_user = pwd.getpwnam(user)
path = os.path.join(data_directory, name, user)
if not os.path.exists(path):
os.makedirs(path)
# Make sure the directory is owned by the right person
os.chown(path, pw_user.pw_uid, pw_user.pw_gid)
acl_text = 'u::rwx,g::-,o::-,m::rwx,u:datastage:rwx'
if name in ('private', 'shared'):
acl_text += ',g:datastage-leader:rx'
if name == 'collab':
acl_text += ',g:datastage-leader:rwx'
if name == 'shared':
acl_text += ',g:datastage-member:rx'
if name == 'collab':
acl_text += ',g:datastage-member:rwx'
if name == 'collab':
acl_text += ',g:datastage-collaborator:rx'
for acl_type in (posix1e.ACL_TYPE_ACCESS, posix1e.ACL_TYPE_DEFAULT):
posix1e.ACL(text=acl_text).applyto(path, acl_type)
with open(os.path.join(path, 'permissions.txt'), 'w') as f:
f.write("By default, this directory is accessible by the following people:\n\n")
f.write(" * Its owner (%s; %s) has read and write permissions;\n" % (get_name(user), user))
if name in ('private', 'shared'):
f.write(" * The following research group leaders have read permissions:\n")
for leader in sorted(leaders):
f.write(" - %s (%s)\n" % (get_name(leader), leader))
if name == 'shared':
f.write(" * The following research group members also have read permissions:\n")
for member in sorted(members):
f.write(" - %s (%s)\n" % (get_name(member), member))
if name == 'collab':
f.write(" * The following research group leaders and members have read and write permissions:\n")
for person in sorted(leaders | members):
f.write(" - %s (%s)\n" % (get_name(person), person))
f.write(" * The following collaborators have read permissions:\n")
for collab in sorted(collabs):
f.write(" - %s (%s)\n" % (get_name(collab), collab))
os.chown(f.name, datastage_user.pw_uid, datastage_user.pw_gid)
os.chmod(f.name, 0774)
def config_menu():
def service_check(label, check_port, pid_filenames, service_name,
firewall_ports):
actions = {}
listening_on = set()
for proto, addr, port in listening:
if port == check_port and proto.startswith('tcp'):
if addr is None:
listening_on |= ips
else:
listening_on.add(addr)
available_at = check_port_listening(listening_on, check_port)
print
pid = check_pid(*pid_filenames)
if pid:
print "%10s: Status: \033[92mRunning\033[0m (%d)" % (label,
pid)
print " Listening on: %s" % ', '.join(
sorted(listening_on))
print " Available at: %s" % ', '.join(
sorted(available_at))
if listening_on != available_at:
print " Warning: Not available on all interfaces."
print " \033[95mAction: Type '%s' to tweak the firewall\033[0m" % service_name
actions[service_name] = update_firewall_service(
*firewall_ports)
else:
print "%10s: Status: \033[91mNot running\033[0m" % label
print " \033[95mAction: Type '%s' to start %s\033[0m" % (
service_name, label)
actions[service_name] = enable_service(service_name, label)
return actions
while True:
actions = {'refresh': lambda: None}
listening = get_all_listening()
ips = get_ips()
print
print "Status of some services"
actions.update(
service_check('DataStage', settings.get('server:port'),
['/var/run/datastage.pid'], 'datastage', ['']))
actions.update(
service_check('SSH', 22, ['/var/run/sshd.pid'], 'sshd',
['ssh/tcp']))
actions.update(
service_check('Apache', 80,
['/var/run/apache2.pid', '/var/run/httpd/httpd.pid'],
'apache2', ['www/tcp']))
if os.path.exists('/etc/apache2/sites-enabled/000-default'):
print " Warning: Default site exists at /etc/apache2/sites-enabled/000-default"
print " \033[95mAction: Type 'defaultsite' to remove it and restart Apache\033[0m"
actions['defaultsite'] = remove_default_apache_site()
actions.update(
service_check('Samba', 445, ['/var/run/samba/smbd.pid'], 'samba', [
'netbios-ns/udp', 'netbios-dgm/udp', 'netbios-ssn/tcp',
'microsoft-ds/tcp'
]))
if SambaConfigurer.needs_configuring():
print " Warning: Samba is not configured to serve DataStage files"
print " \033[95mAction: Type 'confsamba' to configure and restart Samba\033[0m"
actions['confsamba'] = SambaConfigurer()
if FilesystemAttributes.needs_configuring():
print " Warning: The filesystem frpm which DataStage will serve data is missing mount options "
print " \033[95mAction: Type 'fs' to ensure the filesystem is mounted with acl and user_xattr options\033[0m"
actions['fs'] = FilesystemAttributes()
yield menu(actions)
