aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2004-02-27 11:35:10 +0000
committerFrederic Lepied <flepied@mandriva.com>2004-02-27 11:35:10 +0000
commit4124f22b97db20f5a31a338c7f679a49fdf56ffa (patch)
tree46a7148cb3ed3fbeda060ff6e9a511414d96c90d
parent82c5ac8e626cd823e2faa43a149359dae5ff23b7 (diff)
downloadmsec-4124f22b97db20f5a31a338c7f679a49fdf56ffa.tar
msec-4124f22b97db20f5a31a338c7f679a49fdf56ffa.tar.gz
msec-4124f22b97db20f5a31a338c7f679a49fdf56ffa.tar.bz2
msec-4124f22b97db20f5a31a338c7f679a49fdf56ffa.tar.xz
msec-4124f22b97db20f5a31a338c7f679a49fdf56ffa.zip
- allow to specify only group or user in perm files (Bill Shirley)
- allow the force keyword in perm files to be able to lower security (Bill Shirley)
-rwxr-xr-xshare/Perms.py26
1 files changed, 20 insertions, 6 deletions
diff --git a/share/Perms.py b/share/Perms.py
index fee009b..c8c4e57 100755
--- a/share/Perms.py
+++ b/share/Perms.py
@@ -164,10 +164,24 @@ def fix_perms(path, _interactive):
user_str = group_str = ''
else:
(user_str, group_str) = string.split(fields[1], '.')
- user = get_user_id(user_str)
- group = get_group_id(group_str)
+ if user_str != '':
+ user = get_user_id(user_str)
+ else:
+ user = -1
+ if group_str != '':
+ group = get_group_id(group_str)
+ else:
+ group = -1
- if len(fields) == 4:
+ fieldcount = len(fields)
+ if fieldcount == 5:
+ if fields[3] == 'force':
+ mandatory = 1
+ fieldcount = 4
+ else:
+ mandatory = 0
+
+ if fieldcount == 4:
for f in glob.glob(fields[0]):
newperm = perm
if fs_regexp and fs_regexp.search(f):
@@ -201,7 +215,7 @@ def fix_perms(path, _interactive):
f = f[:-1]
if f[-2:] == '/.':
f = f[:-2]
- assoc[f] = (mode, uid, gid, newperm, user, group, user_str, group_str)
+ assoc[f] = (mode, uid, gid, newperm, user, group, user_str, group_str, mandatory)
else:
error(_('invalid syntax in %s line %d') % (path, lineno))
file.close()
@@ -209,10 +223,10 @@ def fix_perms(path, _interactive):
# commit the changes to the files
def act(change):
for f in assoc.keys():
- (mode, uid, gid, newperm, user, group, user_str, group_str) = assoc[f]
+ (mode, uid, gid, newperm, user, group, user_str, group_str, mandatory) = assoc[f]
# if we don't change the security level, try not to lower the security
# if the user has changed it manually
- if not change:
+ if not change and not mandatory:
newperm = newperm & mode
if newperm != -1 and mode != newperm:
try: