Commit c884cd89 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Even *more* inventive ways to avoid real work; Add DB table to hold

extra unix groups (unixgroup_membership) for special local users that
need more groups than just their project membership (ie: flux, wheel,
etc). In mkacct-ctrl, no longer use the admin bit to determine extra
groups (which were hardwired in), but get the extra group list from
the DB. This applies to accounts on boss/users; experimental nodes
still use the admin bit (via tmcd) to get wheel added to the group
set. Might be worth doing at some point.
parent 3e2bb386
......@@ -72,6 +72,7 @@ use Exporter;
ExpNodes DBDateTime DefaultImageID GroupLeader TBGroupUnixInfo
TBValidNodeLogType TBValidNodeName TBSetNodeLogEntry
TBSetSchedReload MapNodeOSID TBLockExp TBUnLockExp TBSetExpSwapTime
TBUnixGroupList
);
# Must come after package declaration!
......@@ -1093,6 +1094,31 @@ sub TBGroupUnixInfo ($$$$) {
return 1;
}
#
# Return a list of the additional Unix groups a user is in.
#
# usage: TBUnixGroupList(char $dbuid)
# returns list if there is one.
# returns () if failed or no list.
#
sub TBUnixGroupList ($) {
my($dbuid) = @_;
my @glist = ();
my $query_result =
DBQueryFatal("select gid from unixgroup_membership ".
"where uid='$dbuid'");
if ($query_result->num_rows == 0) {
return ();
}
while (@row = $query_result->fetchrow_array()) {
push(@glist, $row[0]);
}
return @glist;
}
#
# Map UID to DB UID (login). Does a DB check to make sure user is known to
# the DB (user obviously has a regular account), and that account will
......
......@@ -235,15 +235,18 @@ my $project = shift @groupnames;
my $grouplist = join(",",@groupnames);
#
# Add some special cases for admin types. Groups must exist already, and
# probably will. flux is bad ...
# Add special groups. These are listed in the DB so that special local
# users can have more unix groups than just the projects/groups they are
# in. These groups must already exist.
#
if (TBAdmin($user)) {
if ((my @extragrouplist = TBUnixGroupList($user))) {
print "Adding extra groups to list: @extragrouplist\n";
if ($grouplist) {
$grouplist = "$grouplist,wheel,flux";
$grouplist = "$grouplist," . join(",", @extragrouplist);
}
else {
$grouplist = "wheel,flux";
$grouplist = join(",", @extragrouplist);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment