Commit 469dacdb authored by Robert Ricci's avatar Robert Ricci

New script: unixgroups . Pretty simple - just a convenient way to manage the

unixgroup_membershit table from the command line. Runs the appropriate
commands to make changes in the 'real world' after the database has been
updated. From the usage message:

Usage: unixgroups <-h | -p | < <-a | -r> uid gid...> >
-h            This message
-p            Print group information
-a uid gid... Add a user to one (or more) groups
-r uid gid... Remove a user from one (or more) groups
parent a582efa6
...@@ -1045,7 +1045,7 @@ outfiles="$outfiles Makeconf GNUmakefile \ ...@@ -1045,7 +1045,7 @@ outfiles="$outfiles Makeconf GNUmakefile \
db/webcontrol db/node_status db/genelists db/genelists.proxy \ db/webcontrol db/node_status db/genelists db/genelists.proxy \
discvr/GNUmakefile \ discvr/GNUmakefile \
db/libdb.pm db/inuse db/avail db/nodeip db/showgraph \ db/libdb.pm db/inuse db/avail db/nodeip db/showgraph \
db/dhcpd_makeconf db/nodelog db/webnodelog \ db/dhcpd_makeconf db/nodelog db/webnodelog db/unixgroups \
ipod/GNUmakefile \ ipod/GNUmakefile \
lib/GNUmakefile \ lib/GNUmakefile \
os/GNUmakefile os/split-image.sh os/imagezip/GNUmakefile \ os/GNUmakefile os/split-image.sh os/imagezip/GNUmakefile \
......
...@@ -160,7 +160,7 @@ outfiles="$outfiles Makeconf GNUmakefile \ ...@@ -160,7 +160,7 @@ outfiles="$outfiles Makeconf GNUmakefile \
db/webcontrol db/node_status db/genelists db/genelists.proxy \ db/webcontrol db/node_status db/genelists db/genelists.proxy \
discvr/GNUmakefile \ discvr/GNUmakefile \
db/libdb.pm db/inuse db/avail db/nodeip db/showgraph \ db/libdb.pm db/inuse db/avail db/nodeip db/showgraph \
db/dhcpd_makeconf db/nodelog db/webnodelog \ db/dhcpd_makeconf db/nodelog db/webnodelog db/unixgroups \
ipod/GNUmakefile \ ipod/GNUmakefile \
lib/GNUmakefile \ lib/GNUmakefile \
os/GNUmakefile os/split-image.sh os/imagezip/GNUmakefile \ os/GNUmakefile os/split-image.sh os/imagezip/GNUmakefile \
......
...@@ -10,7 +10,7 @@ include $(OBJDIR)/Makeconf ...@@ -10,7 +10,7 @@ include $(OBJDIR)/Makeconf
BIN_SCRIPTS = nalloc nfree nodeip BIN_SCRIPTS = nalloc nfree nodeip
SBIN_SCRIPTS = avail inuse showgraph if2port backup webcontrol node_status \ SBIN_SCRIPTS = avail inuse showgraph if2port backup webcontrol node_status \
genelists genelists.proxy dhcpd_makeconf nodelog genelists genelists.proxy dhcpd_makeconf nodelog unixgroups
LIBEXEC_SCRIPTS = webnodelog LIBEXEC_SCRIPTS = webnodelog
LIB_SCRIPTS = libdb.pm LIB_SCRIPTS = libdb.pm
......
#!/usr/bin/perl -w
use English;
use Getopt::Std;
use strict;
#
# Configure variables
#
use lib '@prefix@/lib';
use libdb;
my $TB = "@prefix@";
my $SETGROUPS = "$TB/sbin/setgroups";
#
# Turn off line buffering on output
#
$| = 1;
#
# Only root or admin types!
#
if (($UID != 0) && (!TBAdmin($UID))) {
die("Only root or TB administrators can control UNIX groups.\n");
}
#
# Proccess command-line args
#
my %opt = ();
getopts('rhpa',\%opt);
my ($uid, @gid);
if ($opt{a} || $opt{r}) {
if (@ARGV < 2) {
die "Not enough arguments - see '$0 -h' for help\n";
}
$uid = shift @ARGV;
@gid = @ARGV;
} else {
if (@ARGV != 0) {
die "Too many arguments - see '$0 -h' for help\n";
}
}
if ($opt{p}) {
#
# Print out groups in a format that looks vaguely like the /etc/group
# format
#
my %members = ();
my $result = DBQueryFatal("SELECT gid,uid FROM unixgroup_membership");
while (my ($gid,$uid) = $result->fetchrow() ) {
push @{$members{$gid}},$uid;
}
while (my ($gid,$members) = each %members) {
print "$gid:" . join(",",@$members) . "\n";
}
} elsif ($opt{a}) {
#
# Add a user to the database
#
foreach my $gid (@gid) {
print "Adding user $uid to group $gid in the database\n";
if (checkGroup($uid,$gid)) {
warn "User $uid is already in group $gid, skipping ...\n";
next;
} else {
DBQueryFatal("INSERT INTO unixgroup_membership SET uid='$uid', " .
"gid='$gid'");
}
}
print "Updating groups for $uid on control nodes\n";
if (system "$SETGROUPS $uid" ) {
warn "Group update for $uid failed\n";
}
} elsif ($opt{r}) {
#
# Remove a user from the database
#
foreach my $gid (@gid) {
print "Removing $uid from group $gid in the database\n";
if (!checkGroup($uid,$gid)) {
warn "User $uid is not in group $gid, skipping ...\n";
next;
} else {
DBQueryFatal("DELETE FROM unixgroup_membership WHERE uid='$uid' " .
"AND gid='$gid'");
}
}
print "Updating groups for $uid on control nodes\n";
if (system "$SETGROUPS $uid" ) {
warn "Group update for $uid failed\n";
}
} else {
#
# Usage message
#
warn "Usage: $0 <-h | -p | < <-a | -r> uid gid...> >\n";
warn "-h This message\n";
warn "-p Print group information\n";
warn "-a uid gid... Add a user to one (or more) groups\n";
warn "-r uid gid... Remove a user from one (or more) groups\n";
exit(-1);
}
#
# Check to see if the given uid is in the given gid. Return 1 if it is, 0
# if not.
#
sub checkGroup ($$) {
my ($uid,$gid) = @_;
my $result = DBQueryFatal("SELECT gid,uid FROM unixgroup_membership WHERE ".
"uid='$uid' AND gid='$gid'");
return ($result->num_rows() > 0);
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment