1. 19 Sep, 2019 1 commit
  2. 16 Feb, 2018 1 commit
  3. 13 Dec, 2017 1 commit
    • Leigh Stoller's avatar
      This started out as a simple change ... · 1d526637
      Leigh Stoller authored
      I noticed that group_root could not delete users from projects. Seems
      like we should allow that, but with the restriction that a group_root
      cannot delete another group_root. Simple enough, right? Well thats not
      how the permission system works; permission to do stuff to users is
      based on who you are in the project, not who you are doing it to.
      
      And then there are the subtle differences in permission handling between
      the Classic interface and the Portal interface. And I am fully
      unmotivated to fix anything in the Classic interface, hard to believe?
      
      Anyway, most people are not going to notice anything since the bulk of
      the changes affect sub groups. Sigh.
      1d526637
  4. 29 Aug, 2016 1 commit
    • Leigh Stoller's avatar
      Various fixes to deactivate/reactivate code, mostly to deal with not · bf77e242
      Leigh Stoller authored
      wanting to call setgroups cause it is so slow. also refactor the code to
      chown/chgrp user dot files so we can call it from reactivate.
      
      Refactor the code that bumps user/project activity and calls exports
      setup so that we can call it from reactivate.
      
      When deleting a ZFS home/proj directory, do the ZFS rename and then
      set the mountpoint=none, no need to have it mounted.
      bf77e242
  5. 17 Jun, 2016 1 commit
  6. 15 Jan, 2015 1 commit
  7. 02 Sep, 2014 1 commit
    • Leigh Stoller's avatar
      Initial ZFS support. Just the runtime support, no support for actually · 328b61d8
      Leigh Stoller authored
      creating the initial ZFS volumes, that is described in Mike's notes
      file on how to setup ZFS on ops. But once that is done, the runtime
      supports takes care of creating volumes for users and projects/groups.
      New configure variables, with defaults to:
      
      	WITHZFS=0
      	ZFS_ROOT=z
      	ZFS_QUOTA_USER="1G"
      	ZFS_QUOTA_PROJECT="100G"
      	ZFS_QUOTA_GROUP="10G"
      328b61d8
  8. 14 Feb, 2013 1 commit
  9. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  10. 07 Nov, 2011 1 commit
  11. 22 Sep, 2011 1 commit
  12. 25 Oct, 2010 1 commit
    • Leigh Stoller's avatar
      New module, called Emulab Features. The basic usage (see tbswap) is: · 1d430992
      Leigh Stoller authored
      use EmulabFeatures;
      
      if (EmulabFeatures->FeatureEnabled("NewMapper", $user, $group, $experiment)) {
         # Do something
      }
      else {
         # Do something else.
      }
      
      where $user, $group, and $experiment is the current Emulab user, group, and
      experiment the script is operating as. Any of them can be undef. Note that
      features can easily be globally enabled or disabled (bypassing user/group
      check). See below.
      
      There are two scripts to deal with features. The easy one is the script to
      grant (or revoke) feature usage to a particular user or group or experiment:
      
      boss> wap grantfeature -u stoller NewMapper
      boss> wap grantfeature -p geni NewMapper
      boss> wap grantfeature -e geni,myexp NewMapper
      
      Add -r to revoke the feature.
      
      The other script is for managing features. To create a new feature:
      
      boss> wap emulabfeature create NewFeature 'A pithy description'
      
      which adds the feature to the emulab_features DB table. Use "delete"
      to remove a feature from the DB.
      
      You can globally enable and disable features for all users/groups (the
      user/group checks are bypassed). Global disable overrides global
      enable. There are actually two different flags. Lots of rope, I mean
      flexibility.
      
      boss> wap emulabfeature enable NewFeature 1
      boss> wap emulabfeature enable NewFeature 0
      
      boss> wap emulabfeature disable NewFeature 1
      boss> wap emulabfeature disable NewFeature 0
      
      To display a list of all features and associated settings:
      
      boss> wap emulabfeature list
      
      To show the details (including the users and groups) of a specific
      feature:
      
      boss> wap emulabfeature show NewFeature
      
      Oh, if a test is made in the code for a feature, and that feature is
      not in the emulab_features table (as might be the case on other
      Emulab's), the feature is "disabled".
      1d430992
  13. 22 Mar, 2010 1 commit
    • Leigh Stoller's avatar
      Finish up user deletion. The big visible change is that when a user is · 2965922b
      Leigh Stoller authored
      deleted, they still remain in the user table with a status of
      "archived", but since all the queries in the system now use uid_idx
      instead of uid, it is safe to reuse a uid since they are no longer
      ambiguous. 
      
      The reason for not deleting users from the users table is so that the
      stats records can refer to the original record (who was that person
      named "mike"). This is very handy and worth the additional effort it
      has taken.
      
      There is no way to ressurect a user, but it would not be hard to add.
      2965922b
  14. 10 Apr, 2008 1 commit
  15. 24 Oct, 2007 1 commit
    • Russ Fish's avatar
      Fix the approveproject:Destroy option. · c6291e10
      Russ Fish authored
      approveproject.php3 - Take the user out of project group first,
          then 'nuke' the user, similar to how approveproject:Nuke does it,
          before removing the destroyed project.
      tbsetup/rmuser.in - Allow removing an unapproved project leader when nuking.
      tbsetup/rmgroup.in - There are no /etc/group entries for an unapproved project group.
      db/Group.pm.in - More exclude_leader fixes to Group->MemberList.
      c6291e10
  16. 02 Aug, 2007 1 commit
  17. 09 Jan, 2007 2 commits
  18. 03 Nov, 2006 1 commit
    • Leigh Stoller's avatar
      Big set of changes intended to solve a couple of problems with long · ff9061d4
      Leigh Stoller authored
      term archiving of firstclass objects like users, projects, and of
      course templates.
      
      * Projects, Users, and Groups are now uniquely identified inside the
        DB by a index value that will not be reused. If necessary, this
        could easily be a globally unique identifier, but without federation
        there is no reason to do that yet.
      
      * Currently, pid, gid, and uid still need to be locally unique until
        all of the changes are in place (which is going to take a fairly
        long time since the entire system operates in terms of those, except
        for the few places that I had to change to get the ball rolling).
      
      * We currently archive deleted users to the deleted_users table (their
        user_stats are kept forever since they are indexed by the new index
        column). Eventually do the same with projects (not sure about
        groups) but since we rarely if ever delete a project, there is no
        rush on this one.
      
      * At the same time, I have started a large reorg of the code, to move
        all of the user, group, project code into modules, both in php and
        perl, turning them into first class "objects" (as far as that goes
        in php and perl). Eventually, the number of query statements
        scattered around the code will be manageable, or so I hope.
      
      * Another related part of this reorg is to make it easier to move the
        new user/project/group code in the perl backend so that it can be
        made available via the xmlrpc interface (without duplication of the
        code).
      ff9061d4
  19. 20 Oct, 2006 1 commit
    • Mike Hibler's avatar
      Wow, this should make me look important! · afa5e919
      Mike Hibler authored
      Two-day boondoggle to support "/scratch", an optional large, shared filesystem
      for users.  To do this, I needed to find all the instances where /proj is used
      and behave accordingly.  The boondoggle part was the decision to gather up all
      the hardwired instances of shared directory names ("/proj", "/users", etc.)
      so that they are set in a common place (via unexposed configure variables).
      This is a boondoggle because:
      
      1. I didn't change the client-side scripts.  They need a different mechanism
         (e.g., tmcd) to get the info, configure is the wrong way.
      
      2. Even if I had done #1 it is likely--no, certain--that something would
         fail if you tried to rename "/proj" to be "/mike".  These names are just
         too ingrained.
      
      3. We may not even use "/scratch" as it turns out.
      
      Note, I also didn't fix any of the .html documentation.  Anyway, it is done.
      To maintain my illusion in the future you should:
      
      1. Have perl scripts include "use libtestbed" and use the defined PROJROOT(),
         et.al. functions where possible.  If not possible, make sure they run
         through configure and use @PROJROOT_DIR@, etc.
      
      2. Use the configure method for python, C, php and other languages.
      
      3. There are perl (TBValidUserDir) and php (VALIDUSERPATH) functions which
         you should call to determine if an NS, template parameter, tarball or
         other file are in "an acceptable location."  Use these functions where
         possible.  They know about the optional "scratch" filesystem.  Note that
         the perl function is over-engineered to handles cases that don't occur
         in nature.
      afa5e919
  20. 19 Dec, 2005 1 commit
    • Leigh Stoller's avatar
      Add support for moving deleted users to a deleted users table. This · b4231fbf
      Leigh Stoller authored
      would be no big deal, except that we want to retain user_stats for
      deleted users, and rather then a deleted_user_stats table, I want to
      retain stats for deleted users in the user_stats table, since that
      is a more natural place for them.
      
      The main problem is that we use the login (uid) as the cross table
      reference slot all over the DB, which is fundamentally incorrect, if
      we want to be able reuse uids and still know what historical data
      refers to.
      
      So, I have taken a few baby steps towards weaning us off the uid, and
      towards permanently unique key for users, using the unix_uid integer
      for now, but probably something slightly different later.
      
      The user_stats is now indexed on this new key (called uid_idx in the
      users_stats table) instead of the plain uid.
      
      The unix_uid slot in the users table is no longer an auto_increment
      field, but instead uses the emulab_indicies table for the next
      available index.
      b4231fbf
  21. 20 Sep, 2005 1 commit
  22. 19 Sep, 2005 1 commit
    • Leigh Stoller's avatar
      Move all modification of the group_membership table to the backend, · cfba1ac7
      Leigh Stoller authored
      into a single new script call modgroups. Usage:
      
      	modgroups [-a pid:gid:trust[,pid:gid:trust]...]
                        [-m pid:gid:trust[,pid:gid:trust]...]
                        [-r pid:gid[,pid:gid]...] user
      
      So, -a to add groups, -r to remove groups, and -m to modify the trust
      value for a member of a group.
      
      The reason for doing this is that previously, we had no idea in the
      backend what group changes actually happened; we just knew what the
      current groups are. This make it hard to add and remove users from
      mailing lists, chat server buddy lists, etc. This is cleaner ...
      cfba1ac7
  23. 31 May, 2005 1 commit
  24. 04 Mar, 2004 1 commit
  25. 30 Sep, 2003 1 commit
  26. 12 May, 2003 1 commit
  27. 05 May, 2003 1 commit
  28. 28 Apr, 2003 1 commit
    • Leigh Stoller's avatar
      Add support for new {user,group,project,experiment}_stats tables. · 5e5508bf
      Leigh Stoller authored
      The first three are aggregate tables, while the experiment stats table
      gets a record for each new experiment, and is updated when an
      experiment is swapped in/out/modify or terminated. Look at the table
      to see what is tracked. Once the experiment_stats record is updated,
      the aggregate tables are updated as necessary. There are a bunch of
      ugly changes to assign_wrapper to get the stats. Note that pnodes is
      not incremented until an experiment sucessfully swaps in. This is in
      leu of getting status codes; I'm not tracking failed operations yet,
      nor creating the log file that Jay wants. I'll do that in the next
      round of changes when we see how useful these numbers are.
      
      Most of the changes are to create/delete table entries where
      appropriate, and to display the records. Display is only under admin
      mode, and the display is raw; just a dump of the assoc tables in php.
      The last 100 experiment stats records are available via the Experiment
      List page, using the "Stats" show option at the top. Bad place, but
      will do for now.
      5e5508bf
  29. 13 Feb, 2003 1 commit
  30. 24 Jan, 2003 1 commit
    • Leigh Stoller's avatar
      Proper rmuser script. Dump the old rmacct-ctrl (finally!) and replace · 6f56ae18
      Leigh Stoller authored
      with script to delete a user, either from a single project or from
      the entire testbed. All of the DB stuff is done in the script; the web
      interface no longer does anything but error checks. This is because
      removing a user requires some finess in when things are removed, and
      if there are any failures I wanted to make sure that the script could
      be rerun on a user, without barfing. Generally though, this is part of
      my trend to moving DB work from the web interface into the backend.
      6f56ae18