Commit 46068860 authored by Leigh Stoller's avatar Leigh Stoller

A bunch o' account managment script schanges. I have reworked

mkprojdir, mkacct-cntrl, mkgroup, and group-update into a set of new
scripts that are more specific to their intended operation, and strive
to do less work.

1. mkacct - Replaces mkacct-cntrl. This script no longer does any
   group stuff. All it does is create new accounts, or update the
   password and gecos fields of existing accounts. Usage is the same
   as it was: "mkacct <userid>", and is typically invoked from the web
   interface via the approveuser form.

2. mkgroup - Replaces group-update. This script creates new groups,
   either for the main project when it is approved, or for subgroup
   creation. This script does not alter the group membership. Usage
   is typically from the web interface, but mkgroup can be invoked
   from the command line: "mkgroup [-b | -a] <pid> <gid>" where -b
   puts it in the background and sends email later, while -a just
   captures the log and emails. This "audit" feature is going to find
   its way into more scripts as soon as I figure out a neat and clean
   perl mechanism to make it easy.

3. setgroups - Replaces group-update. This script modifies the group
   membership of either specific users, or all the users in a
   project. It is typically invoked from the web interface when a
   project leader edits the subgroup membership or when a user is
   first approved to a project or subgroup. Command line usage is:

	setgroups [-b | -a] -p <pid> [user ...]
        setgroups [-b | -a] [user ...]\n

   The first form is mostly a means to speed things up. The web
   interfaces knows exactly what users have need to be changed, but a
   global project update is nice too.

4. mkproj - Replaces mkprojdir. Actually, mkproj still has all that
   directory code, but it also handles creating the groups and the
   account for the project leader. Part of my policy to move as much
   random code out of the web interface and into the PERL backend
   where it belongs.
parent 3cb3f3c6
......@@ -1031,9 +1031,9 @@ outfiles="$outfiles Makeconf GNUmakefile \
os/GNUmakefile os/split-image.sh os/imagezip/GNUmakefile \
pxe/GNUmakefile pxe/proxydhcp.restart pxe/bootinfo.restart \
security/GNUmakefile security/paperbag security/lastlog_daemon \
tbsetup/GNUmakefile tbsetup/console_setup tbsetup/mkacct-ctrl \
tbsetup/GNUmakefile tbsetup/console_setup \
tbsetup/console_reset tbsetup/bwconfig tbsetup/power_rpc27.pm \
tbsetup/os_load tbsetup/os_setup tbsetup/mkprojdir tbsetup/power \
tbsetup/os_load tbsetup/os_setup tbsetup/power \
tbsetup/node_reboot tbsetup/webnscheck tbsetup/nscheck \
tbsetup/resetvlans tbsetup/rmacct-ctrl tbsetup/rmproj \
tbsetup/sched_reload tbsetup/sched_reserve tbsetup/reload_daemon \
......@@ -1048,17 +1048,20 @@ outfiles="$outfiles Makeconf GNUmakefile \
tbsetup/tbreport tbsetup/named_setup tbsetup/exports_setup \
tbsetup/checkpass/GNUmakefile tbsetup/assign_wrapper tbsetup/ptopgen \
tbsetup/frisbeelauncher tbsetup/node_update tbsetup/webnodeupdate \
tbsetup/savelogs tbsetup/group-update tbsetup/webgroupupdate \
tbsetup/savelogs tbsetup/setgroups tbsetup/websetgroups \
tbsetup/rmgroup tbsetup/webrmgroup tbsetup/mkexpdir \
tbsetup/webnodecontrol tbsetup/node_control \
tbsetup/webmkgroup tbsetup/mkgroup \
tbsetup/webmkacct tbsetup/mkacct \
tbsetup/webmkproj tbsetup/mkproj \
tip/GNUmakefile \
tmcd/GNUmakefile tmcd/freebsd/GNUmakefile tmcd/linux/GNUmakefile \
tmcd/netbsd/GNUmakefile \
tmcd/tmcd.restart \
utils/GNUmakefile utils/vlandiff utils/vlansync utils/delay_config \
utils/sshtb utils/create_image utils/node_admin \
vis/GNUmakefile vis/vistopology vis/webvistopology vis/top2gif \
www/GNUmakefile www/defs.php3 www/dbdefs.php3 \
vis/GNUmakefile vis/vistopology vis/webvistopology vis/top2gif \
rc.d/GNUmakefile rc.d/2.mysql-server.sh rc.d/3.testbed.sh \
rc.d/cvsupd.sh"
......
......@@ -153,9 +153,9 @@ outfiles="$outfiles Makeconf GNUmakefile \
os/GNUmakefile os/split-image.sh os/imagezip/GNUmakefile \
pxe/GNUmakefile pxe/proxydhcp.restart pxe/bootinfo.restart \
security/GNUmakefile security/paperbag security/lastlog_daemon \
tbsetup/GNUmakefile tbsetup/console_setup tbsetup/mkacct-ctrl \
tbsetup/GNUmakefile tbsetup/console_setup \
tbsetup/console_reset tbsetup/bwconfig tbsetup/power_rpc27.pm \
tbsetup/os_load tbsetup/os_setup tbsetup/mkprojdir tbsetup/power \
tbsetup/os_load tbsetup/os_setup tbsetup/power \
tbsetup/node_reboot tbsetup/webnscheck tbsetup/nscheck \
tbsetup/resetvlans tbsetup/rmacct-ctrl tbsetup/rmproj \
tbsetup/sched_reload tbsetup/sched_reserve tbsetup/reload_daemon \
......@@ -170,9 +170,12 @@ outfiles="$outfiles Makeconf GNUmakefile \
tbsetup/tbreport tbsetup/named_setup tbsetup/exports_setup \
tbsetup/checkpass/GNUmakefile tbsetup/assign_wrapper tbsetup/ptopgen \
tbsetup/frisbeelauncher tbsetup/node_update tbsetup/webnodeupdate \
tbsetup/savelogs tbsetup/group-update tbsetup/webgroupupdate \
tbsetup/savelogs tbsetup/setgroups tbsetup/websetgroups \
tbsetup/rmgroup tbsetup/webrmgroup tbsetup/mkexpdir \
tbsetup/webnodecontrol tbsetup/node_control \
tbsetup/webmkgroup tbsetup/mkgroup \
tbsetup/webmkacct tbsetup/mkacct \
tbsetup/webmkproj tbsetup/mkproj \
tip/GNUmakefile \
tmcd/GNUmakefile tmcd/freebsd/GNUmakefile tmcd/linux/GNUmakefile \
tmcd/netbsd/GNUmakefile \
......
......@@ -19,14 +19,15 @@ USERBINS = os_load node_reboot nscheck node_update savelogs node_control
SBIN_STUFF = resetvlans console_setup.proxy sched_reload named_setup \
batch_daemon exports_setup reload_daemon sched_reserve \
console_reset db2ns bwconfig frisbeelauncher group-update \
rmgroup
console_reset db2ns bwconfig frisbeelauncher \
rmgroup mkgroup mkacct setgroups mkproj
LIBEXEC_STUFF = mkprojdir rmproj mkacct-ctrl rmacct-ctrl \
LIBEXEC_STUFF = rmproj rmacct-ctrl \
os_setup mkexpdir console_setup webnscheck webreport \
webstartexp webendexp webbatchexp \
assign_wrapper ptopgen webnodeupdate webgroupupdate \
webrmgroup webswapexp webnodecontrol
assign_wrapper ptopgen webnodeupdate \
webrmgroup webswapexp webnodecontrol \
webmkgroup webmkacct websetgroups webmkproj
LIB_STUFF = libtbsetup.pm exitonwarn.pm libtestbed.pm snmpit_intel.pm \
snmpit_cisco.pm snmpit_lib.pm snmpit_apc.pm power_rpc27.pm \
......@@ -67,14 +68,16 @@ post-install:
chmod 775 $(INSTALL_SBINDIR)
chmod 775 $(INSTALL_LIBDIR)
chmod 775 $(INSTALL_LIBEXECDIR)
chown root $(INSTALL_LIBEXECDIR)/mkprojdir
chmod u+s $(INSTALL_LIBEXECDIR)/mkprojdir
chown root $(INSTALL_SBINDIR)/mkproj
chmod u+s $(INSTALL_SBINDIR)/mkproj
chown root $(INSTALL_LIBEXECDIR)/rmproj
chmod u+s $(INSTALL_LIBEXECDIR)/rmproj
chown root $(INSTALL_SBINDIR)/rmgroup
chmod u+s $(INSTALL_SBINDIR)/rmgroup
chown root $(INSTALL_LIBEXECDIR)/mkacct-ctrl
chmod u+s $(INSTALL_LIBEXECDIR)/mkacct-ctrl
chown root $(INSTALL_SBINDIR)/mkacct
chmod u+s $(INSTALL_SBINDIR)/mkacct
chown root $(INSTALL_SBINDIR)/mkgroup
chmod u+s $(INSTALL_SBINDIR)/mkgroup
chown root $(INSTALL_LIBEXECDIR)/rmacct-ctrl
chmod u+s $(INSTALL_LIBEXECDIR)/rmacct-ctrl
chown root $(INSTALL_SBINDIR)/named_setup
......@@ -83,8 +86,8 @@ post-install:
chmod u+s $(INSTALL_SBINDIR)/exports_setup
chown root $(INSTALL_BINDIR)/savevlans
chmod u+s $(INSTALL_BINDIR)/savevlans
chown root $(INSTALL_SBINDIR)/group-update
chmod u+s $(INSTALL_SBINDIR)/group-update
chown root $(INSTALL_SBINDIR)/setgroups
chmod u+s $(INSTALL_SBINDIR)/setgroups
chown root $(INSTALL_LIBEXECDIR)/console_setup
chmod u+s $(INSTALL_LIBEXECDIR)/console_setup
chown root $(INSTALL_BINDIR)/node_reboot
......
......@@ -7,7 +7,8 @@ use Exporter;
@ISA = "Exporter";
@EXPORT =
qw ( SENDMAIL OPENMAIL TBTimeStamp TBBackGround TBDateTimeFSSafe );
qw ( SENDMAIL OPENMAIL TBTimeStamp TBBackGround TBDateTimeFSSafe
TBMakeLogname );
# A library of useful stuff.
......@@ -155,4 +156,24 @@ sub TBBackGround($)
return 0;
}
#
# Create a logname and untaint it!
#
sub TBMakeLogname($)
{
my($prefix) = @_;
my $logname;
$logname = `mktemp /tmp/${prefix}.XXXXXX`;
if ($logname =~ /^([-\@\w\.\/]+)$/) {
$logname = $1;
}
else {
die("Bad data in logfile name: $logname");
}
return $logname;
}
1;
......@@ -3,16 +3,19 @@ use English;
use Getopt::Std;
#
# Create/Update a group.
# Create a group on the control/ops nodes and any tipservers. This does
# not create accounts, or add users to groups; it just creates the group
# entries and the group directory.
#
# usage: group-update [-b] <pid> <gid>
# XXX - /proj wired in
# control node wired in.
#
sub usage()
{
print STDOUT "Usage: group-update -b <pid> <gid>\n";
print STDOUT "Usage: mkgroup [-b | -a] <pid> <gid>\n";
exit(-1);
}
my $optlist = "b";
my $optlist = "ba";
#
# Configure variables
......@@ -22,15 +25,12 @@ my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $CONTROL = "@USERNODE@";
my $PROJROOT = "/proj";
my $SSH = "$TB/bin/sshtb";
my $GROUPADD = "/usr/sbin/pw groupadd";
my $USERMOD = "/usr/sbin/pw usermod";
my $mkacct = "$TB/libexec/mkacct-ctrl";
my $batchmode = 0;
my $auditmode = 0;
my $dbuid;
my $user;
my @db_row;
my $query_result;
my $leader;
......@@ -38,29 +38,15 @@ my $groupdir;
my $logname;
my $user_name;
my $user_email;
my $unix_gid;
my $unix_name;
my @tipservers;
#
# Note hardwired control node.
#
my $control_node = $CONTROL;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# Untaint the path
#
......@@ -79,6 +65,23 @@ use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
......@@ -93,8 +96,11 @@ if (@ARGV != 2) {
if (defined($options{"b"})) {
$batchmode = 1;
}
my $pid = $ARGV[0];
my $gid = $ARGV[1];
if (defined($options{"a"})) {
$auditmode = 1;
}
my $pid = shift(@ARGV);
my $gid = shift(@ARGV);
#
# Untaint args.
......@@ -116,14 +122,16 @@ else {
# Get user DB uid.
#
if (! UNIX2DBUID($UID, \$dbuid)) {
die("*** You do not exist in the Emulab Database!\n");
die("*** $0:\n".
" You do not exist in the Emulab Database!\n");
}
#
# Get email info for mail.
#
if (! UserDBInfo($dbuid, \$user_name, \$user_email)) {
die("*** Cannot determine email info for you!\n");
die("*** $0:\n".
" Cannot determine email info for you!\n");
}
#
......@@ -137,7 +145,7 @@ if (!TBAdmin($UID)) {
#
$query_result =
DBQueryFatal("select trust from group_membership ".
"where pid='$pid' and uid='$dbuid' and gid='$pid' and ".
"where pid='$pid' and uid='$dbuid' and pid=gid and ".
"trust='project_root'");
if ($query_result->numrows == 0) {
......@@ -147,36 +155,47 @@ if (!TBAdmin($UID)) {
"and trust='group_root'");
if ($query_result->numrows == 0) {
die("*** $dbuid does not have permission to update groups!\n");
die("*** $0:\n".
" $dbuid does not have permission to update groups!\n");
}
}
}
if (! ($leader = GroupLeader($pid, $gid))) {
die("*** Could not determine group leader for $pid/$gid!\n");
die("*** $0:\n".
" Could not determine group leader for $pid/$gid!\n");
}
#
# The group directory lives here.
#
$groupdir = "$PROJROOT/$pid/groups/$gid";
#
# Unix info for the group
#
my $unix_gid;
my $unix_name;
if (! TBGroupUnixInfo($pid, $gid, \$unix_gid, \$unix_name)) {
die("*** No info for project/group $pid/$gid!");
die("*** $0:\n".
" No info for project/group $pid/$gid!");
}
#
# In batch mode, go to background and send email later.
#
if ($batchmode) {
if ($batchmode || $auditmode) {
my $childpid;
#
# Create a temporary name for a log file.
#
$logname = `mktemp /tmp/group-update-$pid-$gid.XXXXXX`;
chop($logname);
$logname = TBMakeLogname("mkgroup");
if (TBBackGround($logname)) {
if ($childpid = TBBackGround($logname)) {
if ($auditmode) {
waitpid($childpid, 0);
exit($? >> 8);
}
#
# Parent exits normally
#
......@@ -218,8 +237,6 @@ if (system("$SSH $control_node egrep -q -s '^${unix_name}:' /etc/group")) {
#
# Create group on the tip servers.
#
my @tipservers;
$query_result =
DBQueryFatal("select * from tipservers");
......@@ -232,17 +249,18 @@ foreach my $tipserver ( @tipservers ) {
print "Adding group $unix_name to $tipserver\n";
if (system("$SSH $tipserver $GROUPADD $unix_name -g $unix_gid")) {
fatal("Could not add $unix_name ($unix_gid) to $tipserver!\n");
fatal("*** Could not add $unix_name ($unix_gid) to $tipserver!\n");
}
}
}
#
# Create the group directory if it does not already exist.
# Create the group directory if it does not already exist, but not for
# the default group of the project.
#
$groupdir = "$PROJROOT/$pid/groups/$gid";
if (! -e $groupdir) {
if (! -e $groupdir && $pid ne $gid) {
print "Creating group directory: $groupdir.\n";
if (! mkdir("$groupdir", 0770)) {
fatal("*** Could not make directory $groupdir: $!");
}
......@@ -258,85 +276,32 @@ if (! -e $groupdir) {
}
}
#
# Grab the current user list for the group. These are people to add to
# the group list if they are not already in it.
#
$curmembers_result =
DBQueryWarn("select distinct m.uid from group_membership as m ".
"left join groups as g on g.pid=m.pid and g.gid=m.gid ".
"left join projects as p on p.pid=m.pid ".
"where m.pid='$pid' and m.gid='$gid'");
if (! $curmembers_result) {
fatal("*** Could not determine current members of $pid/$gid!");
}
#
# I don't want to mess with this now. Just use mkacct-ctrl, which is bad
# cause it does more than we want it to.
#
while (%row = $curmembers_result->fetchhash) {
$uid = $row{'uid'};
if (system("$mkacct $uid")) {
fatal("*** $mkacct $uid failed!");
}
}
#
# Grab the user list from the project. These are the people who are
# *not* in the group.
#
$nonmembers_result =
DBQueryFatal("select m.uid,m.trust from group_membership as m ".
"left join group_membership as a on ".
" a.uid=m.uid and a.pid=m.pid and a.gid='$gid' ".
"where m.pid='$pid' and m.gid=m.pid and a.uid is NULL");
if (! $nonmembers_result) {
fatal("*** Could not determine non members of $pid/$gid!");
}
while (%row = $nonmembers_result->fetchhash) {
$uid = $row{'uid'};
if (system("$mkacct $uid")) {
fatal("*** $mkacct $uid failed!");
}
print "Group Creation Completed!\n";
if ($batchmode || $auditmode) {
donotify("Group Creation Completed!\n", 0);
unlink($logname);
}
email_status("Group Update Completed!");
exit(0);
sub fatal($)
{
my($mesg) = $_[0];
donotify($mesg, "Failure", 1);
print STDOUT "$mesg\n";
if ($batchmode || $auditmode) {
donotify($mesg, 1);
unlink($logname);
}
exit(-1);
}
sub email_status($)
sub donotify($$)
{
my($mesg) = $_[0];
donotify($mesg, "Status", 0);
}
sub donotify($$$)
{
my($mesg, $subtext, $iserr) = @_;
my($mesg, $iserr) = @_;
my($subject, $from, $to, $hdrs);
my $MAIL;
print STDOUT "$mesg\n";
if (! $batchmode) {
return;
}
$subject = "TESTBED: Group Update $subtext $pid/$gid";
$from = $TBOPS;
$hdrs = "Reply-To: $TBOPS";
......@@ -345,30 +310,19 @@ sub donotify($$$)
# to the user and to the Testbed Logs address.
#
if ($iserr) {
$to = "$TBOPS";
$subtext = "Failure";
$to = "$TBOPS";
}
else {
$to = "$user_name <$user_email>";
$hdrs = "Bcc: $TBLOGS\n".
"$hdrs";
}
if (! ($MAIL = OPENMAIL($to, $subject, $from, $hdrs))) {
die("Cannot start mail program!");
}
print $MAIL $mesg;
if (defined($logname) && open(IN, "$logname")) {
print $MAIL "\n\n---------\n\n";
while (<IN>) {
print $MAIL "$_";
}
close(IN);
$subtext = "Success";
$to = "$user_name <$user_email>";
$hdrs = "Bcc: $TBLOGS\n" . "$hdrs";
}
close($MAIL);
SENDMAIL($to,
"TESTBED: Group Creation " . $subtext . ": $pid/$gid",
$mesg, $from, $hdrs,
($logname));
}
......@@ -7,13 +7,16 @@ use English;
# to the project leader, and setgid to the project gid. We get
# this info from the database.
#
# usage: mkprojdir <pid>
# usage: mkproj <pid>
#
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $MKGROUP = "$TB/sbin/mkgroup";
my $MKACCT = "$TB/sbin/mkacct";
my $PROJROOT = "/proj";
my $TFTPROOT = "/tftpboot";
......@@ -36,6 +39,24 @@ $| = 1;
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# Check args.
......@@ -56,45 +77,74 @@ else {
}
#
# Figure out who called us. Only root or people with admin status
# in the DB can run this script.
# Figure out who called us. Only with admin status in the DB can run
# this script.
#
if ($UID && !TBAdmin($UID)) {
die("mkprojdir: You must be root or a TB administrator\n");
if (!TBAdmin($UID)) {
die("*** $0:\n".
" You must be a TB administrator to run this script!\n");
}
my $head;
my $projhead;
#
# We need the project leader name.
#
if (! ($head = ProjLeader($pid))) {
if (! ($projhead = ProjLeader($pid))) {
die("*** $0:\n".
" Could not get project leader for project $pid!\n");
}
#
# Before we can proceed, we need to create the project (unix) group
# and then create an account for the project leader. We pass this off
# to sub scripts, but because they are also setuid, we need to flip
# our UID (perl sillyness). Do that in a child process cause we need
# root UID to finish off.
#
if (my $childpid = fork()) {
#
# Parent waits for child.
#
waitpid($childpid, 0);
if ($?) {
exit($? >> 8);
}
}
else {
$EUID = $UID;
system("$MKGROUP $pid $pid") == 0 or
fatal("$MKGROUP $pid failed!");
system("$MKACCT $projhead") == 0 or
fatal("$MKACCT $projhead failed!");
exit(0);
}
#
# This acts as check (and we need the numeric uid) in case mkacct failed!
#
my (undef,undef,$uid) = getpwnam($head)
or die "$head not in passwd file";
my (undef,undef,$uid) = getpwnam($projhead)
or fatal("$projhead not in passwd file");
my (undef,undef,$gid) = getgrnam($pid)
or die "$pid not in group file";
or fatal("$pid not in group file");
#
# Okay, do it.
#
if (! mkdir("$PROJROOT/$pid", 0770)) {
die("Could not make directory $PROJROOT/$pid: $!\n");
fatal("Could not make directory $PROJROOT/$pid: $!");
}
if (! chmod(0770, "$PROJROOT/$pid")) {
die("Could not chmod directory $PROJROOT/$pid: $!\n");
fatal("Could not chmod directory $PROJROOT/$pid: $!");
}
if (! chown($uid, $gid, "$PROJROOT/$pid")) {
die("Could not chown $PROJROOT/$pid to $uid/$gid: $!\n");
fatal("Could not chown $PROJROOT/$pid to $uid/$gid: $!");
}
#
......@@ -103,13 +153,13 @@ if (! chown($uid, $gid, "$PROJROOT/$pid")) {
foreach my $dir (@DIRLIST) {
if (! mkdir("$PROJROOT/$pid/$dir", 0770)) {
die("Could not make directory $PROJROOT/$pid/$dir: $!\n");
fatal("Could not make directory $PROJROOT/$pid/$dir: $!");
}
if (! chmod(0770, "$PROJROOT/$pid/$dir")) {
die("Could not chmod directory $PROJROOT/$pid/$dir: $!\n");
fatal("Could not chmod directory $PROJROOT/$pid/$dir: $!");
}
if (! chown($uid, $gid, "$PROJROOT/$pid/$dir")) {
die("Could not chown $PROJROOT/$pid/$dir to $uid/$gid: $!\n");
fatal("Could not chown $PROJROOT/$pid/$dir to $uid/$gid: $!");
}
}
......@@ -117,14 +167,20 @@ foreach my $dir (@DIRLIST) {
# Create a tftp directory for oskit kernels.
#
if (! mkdir("$TFTPROOT/proj/$pid", 0770)) {
die("Could not make directory $TFTPROOT/proj/$pid: $!\n");
fatal("Could not make directory $TFTPROOT/proj/$pid: $!");
}
if (! chmod(0777, "$TFTPROOT/proj/$pid")) {
die("Could not chmod directory $TFTPROOT/proj/$pid: $!\n");
fatal("Could not chmod directory $TFTPROOT/proj/$pid: $!");
}
if (! chown($uid, $gid, "$TFTPROOT/proj/$pid")) {
die("Could not chown $TFTPROOT/proj/$pid to $uid/$gid: $!\n");
fatal("Could not chown $TFTPROOT/proj/$pid to $uid/$gid: $!");
}
exit(0);
sub fatal {
local($msg) = $_[0];
SENDMAIL($TBOPS, "TESTBED: mkproj $pid Failed", $msg);
die("$0: $msg\n");
}
......@@ -102,6 +102,8 @@ if (! chdir($olddir)) {
}
if (-e $gid) {
print "Renaming $gid to $newname in $olddir.\n";
if (! rename($gid, $newname)) {
die("*** Could not rename group directory $olddir/$gid to ".
"$newname: $!\n");
......@@ -122,6 +124,8 @@ if (-e $gid) {
#
# Now remove the group from the group file on both plastic and paper.
#
print "Removing group $unix_name ($unix_gid) on local node.\n";
if (system("$GROUPDEL $unix_name")) {
warn("*** WARNING: ".
"Could not remove group $unix_name from operations node\n");
......@@ -133,6 +137,8 @@ if (system("$GROUPDEL $unix_name")) {
#
$UID = 0;
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
if (system("$SSH $CONTROL $GROUPDEL $unix_name")) {
warn("*** WARNING: Could not remove group $unix_name from $CONTROL\n");
$errors++;
......@@ -151,6 +157,8 @@ while (@db_row = $query_result->fetchrow_array() ) {
}
foreach my $tipserver ( @tipservers ) {
print "Removing group $unix_name ($unix_gid) on $tipserver.\n";
if (system("$SSH $tipserver $GROUPDEL $unix_name")) {
warn("*** WARNING: ".
"Could not remove group $unix_name from $tipserver!\n");
......
#!/usr/local/bin/perl -wT
use English;
use Getopt::Std;
#
# Set groups for users. With just a pid all the users in the group
# are modified. Of course, since we might be removing groups, we actuall
# have to go through the entire set of users in the project. Hence, you
# can provide an optional list of users to operate on; the web interface
# uses this option since it know what users have been changed via the web
# form.
#
# Note that this script does not create accounts or groups. That should
# already have been done with other scripts.
#
sub usage()
{
print STDOUT
"Usage: setgroups [-b | -a] -p <pid> [user ...]\n".
" setgroups [-b | -a] [user ...]\n";
exit(-1);
}
my $optlist = "bap:";
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";