Commit 896f4089 authored by Mike Hibler's avatar Mike Hibler

More moving of create/destroy/modify filesystem code to account proxy.

parent 67f967e9
......@@ -70,6 +70,7 @@ my $USERMOD = "/usr/sbin/pw usermod";
my $GROUPADD = "/usr/sbin/pw groupadd";
my $GROUPDEL = "/usr/sbin/pw groupdel";
my $CHPASS = "/usr/bin/chpass";
my $CHOWN = "/usr/sbin/chown";
my $ZFS = "/sbin/zfs";
my $SKEL = "/usr/share/skel";
my $PIDFILE = "/var/run/mountd.pid";
......@@ -116,6 +117,7 @@ sub fatal($);
sub ZFSexists($);
sub MakeDir($$);
sub WhackDir($$);
sub mysystem($);
#
# Check args.
......@@ -199,8 +201,8 @@ sub AddUser()
}
}
if (system("egrep -q -s '^${user}:' /etc/passwd") &&
system("$USERADD $user -u $uid -c \"$name\" ".
if (mysystem("egrep -q -s '^${user}:' /etc/passwd") &&
mysystem("$USERADD $user -u $uid -c \"$name\" ".
"-k $SKEL -h - -d $hdir -g $gid -s $shell")) {
if (($? >> 8) != $USEREXISTS) {
fatal("$USERADD: could not add account");
......@@ -216,7 +218,7 @@ sub AddUser()
fatal("Unable to open skeleton directory");
while (my $file = readdir(DIR)) {
if ($file =~ /^dot(.*)$/) {
system("/bin/cp -fp $SKEL/$file $hdir/$1") == 0
mysystem("/bin/cp -fp $SKEL/$file $hdir/$1") == 0
or fatal("Could not copy $SKEL/$file to $hdir/$1");
}
}
......@@ -225,14 +227,14 @@ sub AddUser()
#
# And set the owner and group right on everything
#
system("/usr/sbin/chown -R $user:$gid $hdir") == 0
mysystem("/usr/sbin/chown -R $user:$gid $hdir") == 0
or fatal("Could not chown $hdir");
#
# Finally, set any initial password hash
#
if (defined($hash) &&
system("$CHPASS -p '$hash' $user")) {
mysystem("$CHPASS -p '$hash' $user")) {
fatal("Could not initialize password");
}
return 0;
......@@ -253,7 +255,7 @@ sub DeleteUser()
# Note that this does NOT remove the user's homedir.
# We remove/rename it below...
#
if (system("$USERDEL $user")) {
if (mysystem("$USERDEL $user")) {
if (($? >> 8) != $NOSUCHUSER) {
fatal("Could not remove user $user");
}
......@@ -268,11 +270,45 @@ sub DeleteUser()
}
#
# Usage: moduser ...
# Usage: username group1 [ group2 ... groupN ]
# XXX this is specific to what is required by setgroups.
#
sub ModifyUser()
{
fatal("moduser: Not implemented yet");
if (@ARGV < 2) {
fatal("moduser: Wrong number of arguments");
}
my $user = shift(@ARGV);
my $pgroup = shift(@ARGV);
my $grouplist = "";
if (@ARGV > 0) {
$grouplist = "-G " . join(' ', @ARGV);
}
if (mysystem("$USERMOD $user -g $pgroup $grouplist")) {
fatal("Could not modify user $unix_name to add groups!\n");
}
#
# Make sure the users dot files and other critical files/dirs
# are in the correct group. I looked at the source code to
# chown, and it does not do anything to files that are already
# set correctly. Thank you chown.
#
my @dots = (".login", ".profile", ".cshrc", ".ssl", ".ssh");
my $homedir = USERROOT() . "/$user";
mysystem("$CHOWN $user:$pgroup $homedir") == 0
or fatal("Could not chown home dir to $user:$pgroup");
foreach my $dot (@dots) {
if (-e "$homedir/$dot") {
mysystem("$CHOWN -R $user:$pgroup $homedir/$dot") == 0
or fatal("Could not chown $homedir/$dot to $user:$pgroup");
}
}
return 0;
}
#
......@@ -289,10 +325,10 @@ sub AddProject()
my $unix_uid = shift(@ARGV);
# Create the project unix group
if (system("egrep -q -s '^${unix_name}:' /etc/group")) {
if (mysystem("egrep -q -s '^${unix_name}:' /etc/group")) {
print "Adding group $unix_name ...\n";
if (system("$GROUPADD $unix_name -g $unix_gid")) {
if (mysystem("$GROUPADD $unix_name -g $unix_gid")) {
fatal("Could not add group $unix_name ($unix_gid)!\n");
}
}
......@@ -338,7 +374,7 @@ sub AddProject()
# Create a symlink for the default group
$path = "$GROUPROOT/$name/$name";
if (! -e "$path") {
if (system("ln -s $PROJROOT/$name $path")) {
if (mysystem("ln -s $PROJROOT/$name $path")) {
fatal("Could not symlink $PROJROOT/$name to $path");
}
}
......@@ -375,10 +411,10 @@ sub AddGroup()
my $projname = shift(@ARGV);
# Create the group unix group
if (system("egrep -q -s '^${unix_name}:' /etc/group")) {
if (mysystem("egrep -q -s '^${unix_name}:' /etc/group")) {
print "Adding group $unix_name ...\n";
if (system("$GROUPADD $unix_name -g $unix_gid")) {
if (mysystem("$GROUPADD $unix_name -g $unix_gid")) {
fatal("Could not add group $unix_name ($unix_gid)!\n");
}
}
......@@ -431,10 +467,10 @@ sub DelProject()
fatal("Could not destroy project '$name' related directories");
}
if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
if (mysystem("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
print "Deleting project $unix_name ...\n";
if (system("$GROUPDEL $unix_name")) {
if (mysystem("$GROUPDEL $unix_name")) {
fatal("Could not delete group $unix_name!\n");
}
}
......@@ -462,10 +498,10 @@ sub DelGroup()
fatal("Could not destroy project group '$name' related directories");
}
if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
if (mysystem("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
print "Deleting group $unix_name ...\n";
if (system("$GROUPDEL $unix_name")) {
if (mysystem("$GROUPDEL $unix_name")) {
fatal("Could not delete group $unix_name!\n");
}
}
......@@ -486,7 +522,7 @@ sub ZFSexists($)
{
my ($path) = @_;
system("$ZFS list $path >/dev/null 2>&1");
mysystem("$ZFS list $path >/dev/null 2>&1");
return ($? ? 0 : 1);
}
......@@ -515,7 +551,7 @@ sub MakeDir($$)
$cmdarg = "";
$path = "$fs/$dir";
}
if (system("$cmd $cmdarg $path")) {
if (mysystem("$cmd $cmdarg $path")) {
return $?;
}
......@@ -547,7 +583,7 @@ sub WhackDir($$)
$path = "$fs/$dir";
$npath = "$fs/$dir$suffix";
}
if (system("$cmd $path $npath")) {
if (mysystem("$cmd $path $npath")) {
return $?;
}
} else {
......@@ -560,7 +596,7 @@ sub WhackDir($$)
$cmd = "rm -rf";
$path = "$fs/$dir";
}
if (system("$cmd $path")) {
if (mysystem("$cmd $path")) {
return $?;
}
}
......@@ -589,3 +625,12 @@ sub HUPMountd()
# Give mountd time to react.
sleep(1);
}
# XXX temporary while debugging
sub mysystem($)
{
my $cmd = shift;
print STDERR "accountsetup: '$cmd'\n";
return system($cmd);
}
......@@ -229,9 +229,7 @@ if (system("grep -q '^${unix_gid}:' /etc/group")) {
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
if (system("$SSH -host $CONTROL $ACCOUNTPROXY $cmdstr")) {
if ($?) {
fatal("Could not remove group $unix_name from $CONTROL!");
}
fatal("Could not remove group $unix_name from $CONTROL!");
}
}
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -38,8 +38,6 @@ use strict;
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $WITHZFS = @WITHZFS@;
my $ZFSROOT = @ZFS_ROOT@;
my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $RMGROUP = "$TB/sbin/rmgroup";
......@@ -141,71 +139,11 @@ if (AuditStart(0)) {
}
#
# Remove or rename the project directory.
# Project related directories will be removed by rmgroup call.
#
if (!removeprojdir($PROJROOT, $pid)) {
my $str = ($renamedirs ? "rename" : "remove");
fatal("Could not $str project directory!");
}
my $savename = "_ARCHIVED-${pid}-${pid_idx}";
if (-e "$PROJROOT/$pid") {
my $rv;
if ($WITHZFS) {
my $oldname = "$ZFSROOT/$pid";
my $newname = "$ZFSROOT/$savename";
$rv = system("zfs rename $oldname $newname");
} else {
my $oldname = "$PROJROOT/$pid";
my $newname = "$PROJROOT/$savename";
$rv = (rename($oldname, $newname) != 0);
}
if ($rv == 0) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename proj directory to $newname: $!");
}
}
#
# and the scratch directory if it exists
#
if ($SCRATCHROOT && -e "$SCRATCHROOT/$pid") {
my $oldname = "$SCRATCHROOT/$pid";
my $newname = "$SCRATCHROOT/$savename";
if (rename($oldname, $newname)) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename proj directory to $newname: $!");
}
}
#
# Ditto for the experiment working directory.
# Remove/rename the experiment working directory.
#
my $workdir = TBDB_EXPT_WORKDIR() . "/$pid";
......@@ -287,50 +225,6 @@ DBQueryFatal("delete FROM group_features where pid_idx='$pid_idx'");
print "Project $pid has been removed!\n";
exit(0);
#
# Remove or rename a project-related directory.
#
sub removeprojdir($$)
{
my ($fs,$pid) = @_;
my $oldname = "$fs/$pid";
my $newname = "$fs/_ARCHIVED-${pid}-${pid_idx}";
if (-e "$PROJROOT/$pid") {
my $rv;
if ($WITHZFS) {
# XXX need to ssh over to fs to do this
my $oldname = "$ZFSROOT/$pid";
my $newname = "$ZFSROOT/$savename";
$rv = system("zfs rename $oldname $newname");
} else {
my $oldname = "$PROJROOT/$pid";
my $newname = "$PROJROOT/$savename";
$rv = (rename($oldname, $newname) != 0);
}
if ($rv == 0) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename proj directory to $newname: $!");
}
}
}
sub fatal($) {
my($mesg) = $_[0];
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -51,7 +51,6 @@ my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $CONTROL = "@USERNODE@";
my $BOSSNODE= "@BOSSNODE@";
my $WITHZFS = @WITHZFS@;
my $OURDOMAIN = "@OURDOMAIN@";
my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
my $PORTAL_ENABLE = @PORTAL_ENABLE@;
......@@ -105,8 +104,6 @@ use Project;
use Experiment;
use EmulabFeatures;
my $HOMEDIR = USERROOT();
#
# Check args.
#
......@@ -376,28 +373,8 @@ EmulabFeatures->DeleteAll($target_user) == 0 or
#
# Rename the users home dir if its there.
# XXX this is now handled by $DELACCT call.
#
if (!$WITHZFS && -d "$HOMEDIR/$target_uid") {
my $newname = "$HOMEDIR/$target_uid-" . TBDateTimeFSSafe();
if (rename("$HOMEDIR/$target_uid", $newname)) {
print "Renamed homedir to $newname. Remember to delete it!\n";
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename user directory to $newname: $!");
}
}
#
# In nuke mode, we really do kill the account, since its from a denied
......
......@@ -28,7 +28,7 @@ use Getopt::Std;
#
# Set groups for users. With just a pid all the users in the group
# are modified. Of course, since we might be removing groups, we actuall
# are modified. Of course, since we might be removing groups, we actually
# have to go through the entire set of users in the project. Hence, you
# can provide an optional list of users to operate on; the web interface
# uses this option since it know what users have been changed via the web
......@@ -71,6 +71,7 @@ my $SETWIKIGROUPS = "$TB/sbin/setwikigroups";
my $SETBUGDBGROUPS= "$TB/sbin/setbugdbgroups";
my $OPSDBCONTROL = "$TB/sbin/opsdb_control";
my $EXPORTSSETUP = "$TB/sbin/exports_setup";
my $ACCOUNTPROXY = "$TB/sbin/accountsetup";
my $SSH = "$TB/bin/sshtb";
my $USERMOD = "/usr/sbin/pw usermod";
......@@ -391,6 +392,8 @@ foreach my $token (@userlist) {
}
if (@extragrouplist) {
push @groupnames, @extragrouplist;
print "Adding extra groups to list: @extragrouplist\n";
if ($grouplist) {
......@@ -420,31 +423,13 @@ foreach my $token (@userlist) {
print "Updating user $uid record on $control_node.\n";
if ($control_node ne $BOSSNODE) {
$groupargument = join(' ', @groupnames);
if (system("$SSH -host $control_node ".
"'$USERMOD $uid -g $project $groupargument'")) {
"$ACCOUNTPROXY $uid $project $groupargument")) {
fatal("Could not modify user $uid record on $control_node.");
}
}
#
# Make sure the users dot files and other critical files/dirs
# are in the correct group. I looked at the source code to
# chown, and it does not do anything to files that are already
# set correctly. Thank you chown.
#
my @dots = (".login", ".profile", ".cshrc", ".ssl", ".ssh");
my $homedir = USERROOT() . "/$uid";
system("$CHOWN $uid:$project $homedir") == 0
or fatal("Could not chown home dir to $uid:$project");
foreach my $dot (@dots) {
if (-e "$homedir/$dot") {
system("$CHOWN -R $uid:$project $homedir/$dot") == 0
or fatal("Could not chown $homedir/$dot to $uid:$project");
}
}
#
# Now schedule account updates on all the nodes that this person has
# an account on.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment