evilham
/
cdist
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch '__acl_improvements_vol2' into 'master' 

__acl improvements vol 2

See merge request ungleich-public/cdist!780
This commit is contained in:
poljakowski 2019-05-25 16:06:46 +02:00
parent 811ed151fc e30d76014a
commit bd27d432b1
3 changed files with 26 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cdist/conf/type/__acl/explorer/missing_users_groups → cdist/conf/type/__acl/explorer/checks
View File

@ -18,7 +18,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
[ ! -e "/$__object_id" ] && exit 0 # TODO check if filesystem has ACL turned on etc
for parameter in user group for parameter in user group
do do
@ -40,7 +40,8 @@ do
if ! getent "$getent_db" "$check" > /dev/null if ! getent "$getent_db" "$check" > /dev/null
then then
echo "missing $parameter '$check'" echo "missing $parameter '$check'" >&2
exit 1
fi fi
done \ done \
< "$__object/parameter/$parameter" < "$__object/parameter/$parameter"

26
cdist/conf/type/__acl/gencode-remote
View File

@ -20,15 +20,7 @@
file_is="$( cat "$__object/explorer/file_is" )" file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && exit 0 [ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
if [ -n "$missing_users_groups" ]
then
echo "$missing_users_groups" >&2
exit 1
fi
os="$( cat "$__global/explorer/os" )" os="$( cat "$__global/explorer/os" )"
@ -56,7 +48,7 @@ do
then then
[ "$file_is" = 'directory' ] && rep=x || rep=- [ "$file_is" = 'directory' ] && rep=x || rep=-
acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )" acl="$( echo "$acl" | sed "s/\\(.*\\)X/\\1$rep/" )"
fi fi
echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=: echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
@ -72,7 +64,7 @@ setfacl_exec='setfacl'
if [ -f "$__object/parameter/recursive" ] if [ -f "$__object/parameter/recursive" ]
then then
if echo "$os" | grep -Eq 'macosx|freebsd' if echo "$os" | grep -Fq 'freebsd'
then then
echo "$os setfacl do not support recursive operations" >&2 echo "$os setfacl do not support recursive operations" >&2
else else
@ -82,13 +74,6 @@ fi
if [ -f "$__object/parameter/remove" ] if [ -f "$__object/parameter/remove" ]
then then
if echo "$os" | grep -Fq 'solaris'
then
# Solaris setfacl behaves differently.
# We will not support Solaris for now, because no way to test it.
# But adding support should be easy (use -s instead of -m on modify).
echo "$os setfacl do not support -x flag for ACL remove" >&2
else
echo "$acl_is" | while read -r acl echo "$acl_is" | while read -r acl
do do
# Skip wanted ACL entries which already exist # Skip wanted ACL entries which already exist
@ -99,7 +84,7 @@ then
then continue then continue
fi fi
if echo "$os" | grep -Eq 'macosx|freebsd' if echo "$os" | grep -Fq 'freebsd'
then then
remove="$acl" remove="$acl"
else else
@ -109,14 +94,13 @@ then
echo "$setfacl_exec -x \"$remove\" \"$acl_path\"" echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out" echo "removed '$remove'" >> "$__messages_out"
done done
fi
fi fi
for acl in $acl_should for acl in $acl_should
do do
if ! echo "$acl_is" | grep -Eq "^$acl" if ! echo "$acl_is" | grep -Eq "^$acl"
then then
if echo "$os" | grep -Eq 'macosx|freebsd' \ if echo "$os" | grep -Fq 'freebsd' \
&& echo "$acl" | grep -Eq '^default:' && echo "$acl" | grep -Eq '^default:'
then then
echo "setting default ACL in $os is currently not supported. sorry :(" >&2 echo "setting default ACL in $os is currently not supported. sorry :(" >&2

6
cdist/conf/type/__acl/man.rst
View File

@ -10,11 +10,7 @@ DESCRIPTION
----------- -----------
ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``. ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
Fully supported on Linux (tested on Debian and CentOS). Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
Partial support for FreeBSD, OSX and Solaris.
OpenBSD and NetBSD support is not possible.
See ``setfacl`` and ``acl`` manpages for more details. See ``setfacl`` and ``acl`` manpages for more details.