aboutsummaryrefslogtreecommitdiffstats
path: root/src/msec/libmsec.py
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-04-07 19:31:41 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-04-07 19:31:41 +0000
commit7e6b498905ced17a46f47131c15882795219ea89 (patch)
tree1e9ca227c03e2a2b4cddef6aae8f65297a448301 /src/msec/libmsec.py
parent1fc6a3dd659cee5ca38fca27f24d06998562d356 (diff)
downloadmsec-7e6b498905ced17a46f47131c15882795219ea89.tar
msec-7e6b498905ced17a46f47131c15882795219ea89.tar.gz
msec-7e6b498905ced17a46f47131c15882795219ea89.tar.bz2
msec-7e6b498905ced17a46f47131c15882795219ea89.tar.xz
msec-7e6b498905ced17a46f47131c15882795219ea89.zip
Add support for ACL (based on patch from Tiago Marques
<tiago.marques@caixamagica.pt>, #58640)
Diffstat (limited to 'src/msec/libmsec.py')
-rwxr-xr-xsrc/msec/libmsec.py33
1 files changed, 29 insertions, 4 deletions
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index bcd7e7b..f43ee4c 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -861,7 +861,7 @@ class PERMS:
self.log.info(config.MODIFICATIONS_NOT_FOUND)
for file in self.files:
- newperm, newuser, newgroup, force = self.files[file]
+ newperm, newuser, newgroup, force, newacl = self.files[file]
# are we in enforcing mode?
if enforce:
force = True
@@ -896,13 +896,35 @@ class PERMS:
else:
self.log.warn(_("Wrong permissions of %s: should be %o") % (file, newperm))
+ if newacl != None:
+ if force and really_commit:
+ self.log.warn(_("Enforcing acl on %s") % (file))
+ try:
+ # TODO: only change ACL if it differs from actual
+ # TODO: and use python code instead of os.system
+ os.system('setfacl -b %s' % (file))
+ users = newacl.split(",")
+ for acluser in users :
+ if acluser.split(":")[0] == "": # clean root from list
+ print acluser
+ continue
+ # make the acl rule stick
+ ret = os.system('setfacl -m u:%s %s' % (acluser, file))
+ if ret != 0:
+ # problem setting setfacl
+ self.log.error(_("Unable to add filesystem-specific ACL %s to %s") % (acluser, file))
+ except:
+ self.log.error(_("Error changing acl on %s: %s") % (file, sys.exc_value))
+ else:
+ self.log.warn(_("Wrong acl of %s") % (file))
+
def check_perms(self, perms, files_to_check=[]):
'''Checks permissions for all entries in perms (PermConfig).
If files_to_check is specified, only the specified files are checked.'''
for file in perms.list_options():
- user_s, group_s, perm_s, force = perms.get(file)
+ user_s, group_s, perm_s, force, acl = perms.get(file)
# permission
if perm_s == 'current':
@@ -962,14 +984,17 @@ class PERMS:
newperm = None
newuser = None
newgroup = None
+ newacl = None
if perm != -1 and perm != curperm:
newperm = perm
if user != -1 and user != curuser:
newuser = user
if group != -1 and group != curgroup:
newgroup = group
- if newperm != None or newuser != None or newgroup != None:
- self.files[f] = (newperm, newuser, newgroup, force)
+ if acl != "":
+ newacl = acl
+ if newperm != None or newuser != None or newgroup != None or newacl != None:
+ self.files[f] = (newperm, newuser, newgroup, force, newacl)
self.log.debug("Updating %s (matched by '%s')" % (f, file))
else:
# see if any other rule put this file into the list
generated by cgit v1.2.1 (git 2.21.0) at 2024-06-13 18:23:19 +0000