def RecursiveEnsure(path, uid, gid, dir_perm, file_perm): """Ensures permissions recursively down a directory. This functions walks the path and sets permissions accordingly. @param path: The absolute path to walk @param uid: The uid used as owner @param gid: The gid used as group @param dir_perm: The permission bits set for directories @param file_perm: The permission bits set for files """ assert os.path.isabs(path), "Path %s is not absolute" % path assert os.path.isdir(path), "Path %s is not a dir" % path logging.debug("Recursively processing %s", path) for root, dirs, files in os.walk(path): for subdir in dirs: utils.EnforcePermission(os.path.join(root, subdir), dir_perm, uid=uid, gid=gid) for filename in files: utils.EnforcePermission(os.path.join(root, filename), file_perm, uid=uid, gid=gid)
def testEnforcePermissionChangeMode(self): utils.EnforcePermission("/ganeti-qa-non-test", 0o444, _stat_fn=_MockStatResult(None, 0o600, 0, 0), _chmod_fn=self._ChmodWrapper(None), _chown_fn=self._FakeChown) self.assertEqual(self._chmod_calls.pop(0), ("/ganeti-qa-non-test", 0o444))
def testGroupCanRead(self): target = utils.PathJoin(self.tmpdir, "target2") f = open(target, "w") f.close() utils.EnforcePermission(target, 0o040, uid=self.confdUid, gid=self.masterdGid) self.assertFalse(utils.CanRead(constants.CONFD_USER, target)) if constants.CONFD_USER != constants.MASTERD_USER: self.assertTrue(utils.CanRead(constants.MASTERD_USER, target)) utils.EnforcePermission(target, 0o040, uid=self.masterdUid + 1, gid=self.masterdGid) self.assertTrue(utils.CanRead(constants.MASTERD_USER, target))
def testEnforcePermissionNoEntMustNotExist(self): utils.EnforcePermission("/ganeti-qa-non-test", 0o600, must_exist=False, _chmod_fn=NotImplemented, _chown_fn=NotImplemented, _stat_fn=_MockStatResult( _RaiseNoEntError, 0, 0, 0))
def testEnforcePermissionSetUidGid(self): utils.EnforcePermission("/ganeti-qa-non-test", 0o600, uid=self.UID_B, gid=self.GID_B, _stat_fn=_MockStatResult( None, 0o600, self.UID_A, self.GID_A), _chmod_fn=self._ChmodWrapper(None), _chown_fn=self._FakeChown) self.assertEqual(self._chown_calls.pop(0), ("/ganeti-qa-non-test", self.UID_B, self.GID_B))
def EnsureQueueDir(path, mode, uid, gid): """Sets the correct permissions on all job files in the queue. @param path: Directory path @param mode: Wanted file mode @param uid: Wanted user ID @param gid: Wanted group ID """ for filename in utils.ListVisibleFiles(path): if constants.JOB_FILE_RE.match(filename): utils.EnforcePermission(utils.PathJoin(path, filename), mode, uid=uid, gid=gid)
def ProcessPath(path): """Processes a path component. @param path: A tuple of the path component to process """ (pathname, pathtype, mode, uid, gid) = path[0:5] assert pathtype in ALL_TYPES if pathtype in (DIR, QUEUE_DIR): # No additional parameters assert len(path) == 5 if pathtype == DIR: utils.MakeDirWithPerm(pathname, mode, uid, gid) elif pathtype == QUEUE_DIR: EnsureQueueDir(pathname, mode, uid, gid) elif pathtype == FILE: (must_exist, ) = path[5:] utils.EnforcePermission(pathname, mode, uid=uid, gid=gid, must_exist=must_exist)
def testEnforcePermissionNoChanges(self): utils.EnforcePermission("/ganeti-qa-non-test", 0o600, _stat_fn=_MockStatResult(None, 0o600, 0, 0), _chmod_fn=self._ChmodWrapper(None), _chown_fn=self._FakeChown)