Commit 550fe7da authored by Leigh B Stoller's avatar Leigh B Stoller

Changes for setting the sunlnk flag when OPSVM_ENABLE=1; has to be done

on boss cause that is where the actual file systems are.
parent 5edc45cc
...@@ -132,6 +132,7 @@ my $FSPROJROOT = "@FSDIR_PROJ@"; ...@@ -132,6 +132,7 @@ my $FSPROJROOT = "@FSDIR_PROJ@";
my $FSGROUPROOT = "@FSDIR_GROUPS@"; my $FSGROUPROOT = "@FSDIR_GROUPS@";
my $FSSCRATCHROOT = "@FSDIR_SCRATCH@"; my $FSSCRATCHROOT = "@FSDIR_SCRATCH@";
# These are duplicated in db/Project.pm.in ...
# Project subdir list # Project subdir list
my @DIRLIST = ("exp", "images", "logs", "deltas", "tarfiles", "rpms", my @DIRLIST = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates"); "groups", "tiplogs", "images/sigs", "templates");
......
...@@ -25,10 +25,10 @@ package Project; ...@@ -25,10 +25,10 @@ package Project;
use strict; use strict;
use Exporter; use Exporter;
use vars qw(@ISA @EXPORT); use vars qw(@ISA @EXPORT @PROJDIRECTORIES @GROUPDIRECTORIES);
@ISA = "Exporter"; @ISA = "Exporter";
@EXPORT = qw ( ); @EXPORT = qw ();
use libdb; use libdb;
use libtestbed; use libtestbed;
...@@ -60,6 +60,11 @@ my $MAILMANSUPPORT = @MAILMANSUPPORT@; ...@@ -60,6 +60,11 @@ my $MAILMANSUPPORT = @MAILMANSUPPORT@;
my $ADDPROJADMINLIST = "$TB/sbin/addprojadminlist"; my $ADDPROJADMINLIST = "$TB/sbin/addprojadminlist";
my $EXPORTS_SETUP = "$TB/sbin/exports_setup"; my $EXPORTS_SETUP = "$TB/sbin/exports_setup";
# These are duplicated in account/accountsetup.in ...
@PROJDIRECTORIES = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates");
@GROUPDIRECTORIES = ("exp", "images", "logs", "tarfiles", "rpms", "tiplogs");
# Cache of instances to avoid regenerating them. # Cache of instances to avoid regenerating them.
my %projects = (); my %projects = ();
BEGIN { use emutil; emutil::AddCache(\%projects); } BEGIN { use emutil; emutil::AddCache(\%projects); }
......
...@@ -47,7 +47,9 @@ use Data::Dumper; ...@@ -47,7 +47,9 @@ use Data::Dumper;
use POSIX qw(:signal_h); use POSIX qw(:signal_h);
# Configure variables. # Configure variables.
my $TB = "@prefix@"; my $TB = "@prefix@";
my $OPSVM_ENABLE = @OPSVM_ENABLE@;
my $CHFLAGS = "/bin/chflags";
# #
# Store up the list of caches to flush # Store up the list of caches to flush
...@@ -1086,5 +1088,61 @@ sub ReadFile($) ...@@ -1086,5 +1088,61 @@ sub ReadFile($)
return $contents; return $contents;
} }
#
# Use chflags on certain directories to prevent users from deleting things.
# Just a bandaid on the real problem.
#
sub SetNoDelete($)
{
my ($filename) = @_;
my $useflags = 0;
#
# We use flags to prevent deletion of certain dirs, on FreeBSD 10
# or greater. Note that when OPSVM_ENABLE=1, the file systems are
# actually on boss, not on ops, so have to this here on boss instead.
#
if ($OPSVM_ENABLE) {
if (`uname -r` =~ /^(\d+)\.(\d+)/) {
if ($1 >= 10) {
$useflags = 1;
}
}
}
return 0
if (!$useflags);
system("$CHFLAGS sunlink $filename");
return ($? ? -1 : 0);
}
sub ClearNoDelete($)
{
my ($filename) = @_;
my $useflags = 0;
return 0
if (! -e $filename);
#
# We use flags to prevent deletion of certain dirs, on FreeBSD 10
# or greater. Note that when OPSVM_ENABLE=1, the file systems are
# actually on boss, not on ops, so have to this here on boss instead.
#
if ($OPSVM_ENABLE) {
if (`uname -r` =~ /^(\d+)\.(\d+)/) {
if ($1 >= 10) {
$useflags = 1;
}
}
}
return 0
if (!$useflags);
# Do a recursive change here since we tend to do deletions on the
# top level directories.
system("$CHFLAGS -R nosunlink $filename");
return ($? ? -1 : 0);
}
# _Always_ make sure that this 1 is at the end of the file... # _Always_ make sure that this 1 is at the end of the file...
1; 1;
#!/usr/bin/perl -wT #!/usr/bin/perl -wT
# #
# Copyright (c) 2000-2016 University of Utah and the Flux Group. # Copyright (c) 2000-2016, 2018 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -57,6 +57,7 @@ my $BUGDBSUPPORT= @BUGDBSUPPORT@; ...@@ -57,6 +57,7 @@ my $BUGDBSUPPORT= @BUGDBSUPPORT@;
my $OPSDBSUPPORT= @OPSDBSUPPORT@; my $OPSDBSUPPORT= @OPSDBSUPPORT@;
my $TBBASE = "@TBBASE@"; my $TBBASE = "@TBBASE@";
my $TBWWW = "@TBWWW@"; my $TBWWW = "@TBWWW@";
my $OPSVM_ENABLE= @OPSVM_ENABLE@;
my $WITHZFS = @WITHZFS@; my $WITHZFS = @WITHZFS@;
my $ZFS_NOEXPORT= @ZFS_NOEXPORT@; my $ZFS_NOEXPORT= @ZFS_NOEXPORT@;
my $WITHAMD = @WITHAMD@; my $WITHAMD = @WITHAMD@;
...@@ -66,7 +67,6 @@ my $OPSDBCONTROL= "$TB/sbin/opsdb_control"; ...@@ -66,7 +67,6 @@ my $OPSDBCONTROL= "$TB/sbin/opsdb_control";
my $GROUPADD = "/usr/sbin/pw groupadd"; my $GROUPADD = "/usr/sbin/pw groupadd";
my $ACCOUNTPROXY= "$TB/sbin/accountsetup"; my $ACCOUNTPROXY= "$TB/sbin/accountsetup";
my $EXPORTSSETUP= "$TB/sbin/exports_setup"; my $EXPORTSSETUP= "$TB/sbin/exports_setup";
my @DIRLIST = ("exp", "images", "logs", "tarfiles", "rpms", "tiplogs");
my $SAVEUID = $UID; my $SAVEUID = $UID;
# Locals # Locals
...@@ -96,6 +96,7 @@ use libaudit; ...@@ -96,6 +96,7 @@ use libaudit;
use libdb; use libdb;
use libtestbed; use libtestbed;
use User; use User;
use Project;
use Group; use Group;
use emutil; use emutil;
...@@ -272,10 +273,15 @@ if ($pid ne $gid) { ...@@ -272,10 +273,15 @@ if ($pid ne $gid) {
if (! -e $groupdir) { if (! -e $groupdir) {
fatal("Could not access directory $groupdir"); fatal("Could not access directory $groupdir");
} }
foreach my $dir (@DIRLIST) { emutil::SetNoDelete("$groupdir")
if ($OPSVM_ENABLE);
foreach my $dir (@Project::GROUPDIRECTORIES) {
if (! -e "$groupdir/$dir") { if (! -e "$groupdir/$dir") {
fatal("Could not access directory $groupdir/$dir"); fatal("Could not access directory $groupdir/$dir");
} }
emutil::SetNoDelete("$groupdir/$dir")
if ($OPSVM_ENABLE);
} }
# Exotic features # Exotic features
...@@ -295,6 +301,16 @@ if ($pid ne $gid) { ...@@ -295,6 +301,16 @@ if ($pid ne $gid) {
$EUID = 0; $EUID = 0;
} }
} }
elsif ($OPSVM_ENABLE) {
emutil::SetNoDelete("$projdir");
emutil::SetNoDelete("$GRPROOT/$pid");
# Also the symlink.
emutil::SetNoDelete("$GRPROOT/$pid/$pid");
foreach my $dir (@Project::PROJDIRECTORIES) {
emutil::SetNoDelete("$projdir/$dir");
}
}
# No email when the project group being created. # No email when the project group being created.
if (!$silent && !$group->IsProjectGroup()) { if (!$silent && !$group->IsProjectGroup()) {
......
#!/usr/bin/perl -wT #!/usr/bin/perl -wT
# #
# Copyright (c) 2000-2015 University of Utah and the Flux Group. # Copyright (c) 2000-2018 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -82,9 +82,6 @@ my $ADDMMLIST = "$TB/sbin/addmmlist"; ...@@ -82,9 +82,6 @@ my $ADDMMLIST = "$TB/sbin/addmmlist";
my $OPSDBCONTROL = "$TB/sbin/opsdb_control"; my $OPSDBCONTROL = "$TB/sbin/opsdb_control";
my $CLOSEPROJADMINLIST = "$TB/sbin/closeprojadminlist"; my $CLOSEPROJADMINLIST = "$TB/sbin/closeprojadminlist";
my @DIRLIST = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates");
# #
# Untaint the path # Untaint the path
# #
...@@ -349,10 +346,11 @@ if (! -e "$PROJROOT/$pid") { ...@@ -349,10 +346,11 @@ if (! -e "$PROJROOT/$pid") {
fatal("Could not access directory $PROJROOT/$pid"); fatal("Could not access directory $PROJROOT/$pid");
} }
} }
foreach my $dir (@DIRLIST) { foreach my $dir (@Project::PROJDIRECTORIES) {
if (! -e "$PROJROOT/$pid/$dir") { if (! -e "$PROJROOT/$pid/$dir") {
fatal("Could not access directory $PROJROOT/$pid/$dir"); fatal("Could not access directory $PROJROOT/$pid/$dir");
} }
emutil::SetNoDelete("$PROJROOT/$pid/$dir");
} }
if (! -e "$GRPROOT/$pid") { if (! -e "$GRPROOT/$pid") {
......
#!/usr/bin/perl -wT #!/usr/bin/perl -wT
# #
# Copyright (c) 2000-2016 University of Utah and the Flux Group. # Copyright (c) 2000-2018 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -67,6 +67,7 @@ my $ELABINELAB = @ELABINELAB@; ...@@ -67,6 +67,7 @@ my $ELABINELAB = @ELABINELAB@;
my $MAILMANSUPPORT= @MAILMANSUPPORT@; my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $BUGDBSUPPORT = @BUGDBSUPPORT@; my $BUGDBSUPPORT = @BUGDBSUPPORT@;
my $OPSDBSUPPORT = @OPSDBSUPPORT@; my $OPSDBSUPPORT = @OPSDBSUPPORT@;
my $OPSVM_ENABLE = @OPSVM_ENABLE@;
my $SSH = "$TB/bin/sshtb"; my $SSH = "$TB/bin/sshtb";
my $GROUPDEL = "/usr/sbin/pw groupdel"; my $GROUPDEL = "/usr/sbin/pw groupdel";
...@@ -74,6 +75,7 @@ my $DELMMLIST = "$TB/sbin/delmmlist"; ...@@ -74,6 +75,7 @@ my $DELMMLIST = "$TB/sbin/delmmlist";
my $MODGROUPS = "$TB/sbin/modgroups"; my $MODGROUPS = "$TB/sbin/modgroups";
my $OPSDBCONTROL = "$TB/sbin/opsdb_control"; my $OPSDBCONTROL = "$TB/sbin/opsdb_control";
my $ACCOUNTPROXY = "$TB/sbin/accountsetup"; my $ACCOUNTPROXY = "$TB/sbin/accountsetup";
my $EXPORTSSETUP = "$TB/sbin/exports_setup";
# #
# Untaint the path # Untaint the path
...@@ -95,6 +97,7 @@ use libdb; ...@@ -95,6 +97,7 @@ use libdb;
use emutil; use emutil;
use libtestbed; use libtestbed;
use User; use User;
use Project;
use Group; use Group;
use EmulabFeatures; use EmulabFeatures;
...@@ -123,6 +126,7 @@ my $group = Group->Lookup($ARGV[0]); ...@@ -123,6 +126,7 @@ my $group = Group->Lookup($ARGV[0]);
if (!defined($group)) { if (!defined($group)) {
fatal("Could not lookup group object for $ARGV[0]"); fatal("Could not lookup group object for $ARGV[0]");
} }
my $project = $group->GetProject();
my $unix_gid = $group->unix_gid(); my $unix_gid = $group->unix_gid();
my $unix_name = $group->unix_name(); my $unix_name = $group->unix_name();
my $pid = $group->pid(); my $pid = $group->pid();
...@@ -220,18 +224,38 @@ if (system("grep -q '^${unix_gid}:' /etc/group")) { ...@@ -220,18 +224,38 @@ if (system("grep -q '^${unix_gid}:' /etc/group")) {
# #
$UID = 0; $UID = 0;
if ($CONTROL ne $BOSSNODE) { if ($OPSVM_ENABLE) {
my $cmdstr;
if ($pid eq $gid) { if ($pid eq $gid) {
$cmdstr = "delproject $gid $unix_name"; emutil::ClearNoDelete("$PROJROOT/$pid");
} else { emutil::ClearNoDelete("$GRPROOT/$pid");
$cmdstr = "delgroup $gid $unix_name $pid"; # Also the symlink.
} emutil::ClearNoDelete("$GRPROOT/$pid/$pid");
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n"; foreach my $dir (@Project::PROJDIRECTORIES) {
if (system("$SSH -host $CONTROL $ACCOUNTPROXY $cmdstr")) { emutil::ClearNoDelete("$PROJROOT/$pid/$dir");
fatal("Could not remove group $unix_name from $CONTROL!"); }
} }
else {
emutil::ClearNoDelete("$GRPROOT/$pid/$gid");
foreach my $dir (@Project::GROUPDIRECTORIES) {
emutil::ClearNoDelete("$GRPROOT/$pid/$gid/$dir")
}
}
}
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
my $cmdstr;
if ($pid eq $gid) {
$cmdstr = "delproject $gid $unix_name";
} else {
$cmdstr = "delgroup $gid $unix_name $pid";
}
print "Removing group $unix_name ($unix_gid) on $CONTROL.\n";
if (system("$SSH -host $CONTROL $ACCOUNTPROXY $cmdstr")) {
fatal("Could not remove group $unix_name from $CONTROL!");
} }
# #
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment