Commit 550fe7da authored by Leigh Stoller's avatar Leigh Stoller

Changes for setting the sunlnk flag when OPSVM_ENABLE=1; has to be done

on boss cause that is where the actual file systems are.
parent 5edc45cc
......@@ -132,6 +132,7 @@ my $FSPROJROOT = "@FSDIR_PROJ@";
my $FSGROUPROOT = "@FSDIR_GROUPS@";
my $FSSCRATCHROOT = "@FSDIR_SCRATCH@";
# These are duplicated in db/Project.pm.in ...
# Project subdir list
my @DIRLIST = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates");
......
......@@ -25,10 +25,10 @@ package Project;
use strict;
use Exporter;
use vars qw(@ISA @EXPORT);
use vars qw(@ISA @EXPORT @PROJDIRECTORIES @GROUPDIRECTORIES);
@ISA = "Exporter";
@EXPORT = qw ( );
@EXPORT = qw ();
use libdb;
use libtestbed;
......@@ -60,6 +60,11 @@ my $MAILMANSUPPORT = @MAILMANSUPPORT@;
my $ADDPROJADMINLIST = "$TB/sbin/addprojadminlist";
my $EXPORTS_SETUP = "$TB/sbin/exports_setup";
# These are duplicated in account/accountsetup.in ...
@PROJDIRECTORIES = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates");
@GROUPDIRECTORIES = ("exp", "images", "logs", "tarfiles", "rpms", "tiplogs");
# Cache of instances to avoid regenerating them.
my %projects = ();
BEGIN { use emutil; emutil::AddCache(\%projects); }
......
......@@ -47,7 +47,9 @@ use Data::Dumper;
use POSIX qw(:signal_h);
# Configure variables.
my $TB = "@prefix@";
my $TB = "@prefix@";
my $OPSVM_ENABLE = @OPSVM_ENABLE@;
my $CHFLAGS = "/bin/chflags";
#
# Store up the list of caches to flush
......@@ -1086,5 +1088,61 @@ sub ReadFile($)
return $contents;
}
#
# Use chflags on certain directories to prevent users from deleting things.
# Just a bandaid on the real problem.
#
sub SetNoDelete($)
{
my ($filename) = @_;
my $useflags = 0;
#
# We use flags to prevent deletion of certain dirs, on FreeBSD 10
# or greater. Note that when OPSVM_ENABLE=1, the file systems are
# actually on boss, not on ops, so have to this here on boss instead.
#
if ($OPSVM_ENABLE) {
if (`uname -r` =~ /^(\d+)\.(\d+)/) {
if ($1 >= 10) {
$useflags = 1;
}
}
}
return 0
if (!$useflags);
system("$CHFLAGS sunlink $filename");
return ($? ? -1 : 0);
}
sub ClearNoDelete($)
{
my ($filename) = @_;
my $useflags = 0;
return 0
if (! -e $filename);
#
# We use flags to prevent deletion of certain dirs, on FreeBSD 10
# or greater. Note that when OPSVM_ENABLE=1, the file systems are
# actually on boss, not on ops, so have to this here on boss instead.
#
if ($OPSVM_ENABLE) {
if (`uname -r` =~ /^(\d+)\.(\d+)/) {
if ($1 >= 10) {
$useflags = 1;
}
}
}
return 0
if (!$useflags);
# Do a recursive change here since we tend to do deletions on the
# top level directories.
system("$CHFLAGS -R nosunlink $filename");
return ($? ? -1 : 0);
}
# _Always_ make sure that this 1 is at the end of the file...
1;
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2016, 2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -57,6 +57,7 @@ my $BUGDBSUPPORT= @BUGDBSUPPORT@;
my $OPSDBSUPPORT= @OPSDBSUPPORT@;
my $TBBASE = "@TBBASE@";
my $TBWWW = "@TBWWW@";
my $OPSVM_ENABLE= @OPSVM_ENABLE@;
my $WITHZFS = @WITHZFS@;
my $ZFS_NOEXPORT= @ZFS_NOEXPORT@;
my $WITHAMD = @WITHAMD@;
......@@ -66,7 +67,6 @@ my $OPSDBCONTROL= "$TB/sbin/opsdb_control";
my $GROUPADD = "/usr/sbin/pw groupadd";
my $ACCOUNTPROXY= "$TB/sbin/accountsetup";
my $EXPORTSSETUP= "$TB/sbin/exports_setup";
my @DIRLIST = ("exp", "images", "logs", "tarfiles", "rpms", "tiplogs");
my $SAVEUID = $UID;
# Locals
......@@ -96,6 +96,7 @@ use libaudit;
use libdb;
use libtestbed;
use User;
use Project;
use Group;
use emutil;
......@@ -272,10 +273,15 @@ if ($pid ne $gid) {
if (! -e $groupdir) {
fatal("Could not access directory $groupdir");
}
foreach my $dir (@DIRLIST) {
emutil::SetNoDelete("$groupdir")
if ($OPSVM_ENABLE);
foreach my $dir (@Project::GROUPDIRECTORIES) {
if (! -e "$groupdir/$dir") {
fatal("Could not access directory $groupdir/$dir");
}
emutil::SetNoDelete("$groupdir/$dir")
if ($OPSVM_ENABLE);
}
# Exotic features
......@@ -295,6 +301,16 @@ if ($pid ne $gid) {
$EUID = 0;
}
}
elsif ($OPSVM_ENABLE) {
emutil::SetNoDelete("$projdir");
emutil::SetNoDelete("$GRPROOT/$pid");
# Also the symlink.
emutil::SetNoDelete("$GRPROOT/$pid/$pid");
foreach my $dir (@Project::PROJDIRECTORIES) {
emutil::SetNoDelete("$projdir/$dir");
}
}
# No email when the project group being created.
if (!$silent && !$group->IsProjectGroup()) {
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -82,9 +82,6 @@ my $ADDMMLIST = "$TB/sbin/addmmlist";
my $OPSDBCONTROL = "$TB/sbin/opsdb_control";
my $CLOSEPROJADMINLIST = "$TB/sbin/closeprojadminlist";
my @DIRLIST = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates");
#
# Untaint the path
#
......@@ -349,10 +346,11 @@ if (! -e "$PROJROOT/$pid") {
fatal("Could not access directory $PROJROOT/$pid");
}
}
foreach my $dir (@DIRLIST) {
foreach my $dir (@Project::PROJDIRECTORIES) {
if (! -e "$PROJROOT/$pid/$dir") {
fatal("Could not access directory $PROJROOT/$pid/$dir");
}
emutil::SetNoDelete("$PROJROOT/$pid/$dir");
}
if (! -e "$GRPROOT/$pid") {
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -67,6 +67,7 @@ my $ELABINELAB = @ELABINELAB@;
my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $BUGDBSUPPORT = @BUGDBSUPPORT@;
my $OPSDBSUPPORT = @OPSDBSUPPORT@;
my $OPSVM_ENABLE = @OPSVM_ENABLE@;
my $SSH = "$TB/bin/sshtb";
my $GROUPDEL = "/usr/sbin/pw groupdel";
......@@ -74,6 +75,7 @@ my $DELMMLIST = "$TB/sbin/delmmlist";
my $MODGROUPS = "$TB/sbin/modgroups";
my $OPSDBCONTROL = "$TB/sbin/opsdb_control";
my $ACCOUNTPROXY = "$TB/sbin/accountsetup";
my $EXPORTSSETUP = "$TB/sbin/exports_setup";
#
# Untaint the path
......@@ -95,6 +97,7 @@ use libdb;
use emutil;
use libtestbed;
use User;
use Project;
use Group;
use EmulabFeatures;
......@@ -123,6 +126,7 @@ my $group = Group->Lookup($ARGV[0]);
if (!defined($group)) {
fatal("Could not lookup group object for $ARGV[0]");
}
my $project = $group->GetProject();
my $unix_gid = $group->unix_gid();
my $unix_name = $group->unix_name();
my $pid = $group->pid();
......@@ -220,18 +224,38 @@ if (system("grep -q '^${unix_gid}:' /etc/group")) {
#
$UID = 0;
if ($CONTROL ne $BOSSNODE) {
my $cmdstr;
if ($OPSVM_ENABLE) {
if ($pid eq $gid) {
$cmdstr = "delproject $gid $unix_name";
} else {
$cmdstr = "delgroup $gid $unix_name $pid";
}
emutil::ClearNoDelete("$PROJROOT/$pid");
emutil::ClearNoDelete("$GRPROOT/$pid");
# Also the symlink.
emutil::ClearNoDelete("$GRPROOT/$pid/$pid");
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
if (system("$SSH -host $CONTROL $ACCOUNTPROXY $cmdstr")) {
fatal("Could not remove group $unix_name from $CONTROL!");
foreach my $dir (@Project::PROJDIRECTORIES) {
emutil::ClearNoDelete("$PROJROOT/$pid/$dir");
}
}
else {
emutil::ClearNoDelete("$GRPROOT/$pid/$gid");
foreach my $dir (@Project::GROUPDIRECTORIES) {
emutil::ClearNoDelete("$GRPROOT/$pid/$gid/$dir")
}
}
}
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
my $cmdstr;
if ($pid eq $gid) {
$cmdstr = "delproject $gid $unix_name";
} else {
$cmdstr = "delgroup $gid $unix_name $pid";
}
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
if (system("$SSH -host $CONTROL $ACCOUNTPROXY $cmdstr")) {
fatal("Could not remove group $unix_name from $CONTROL!");
}
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment