forked from ungleich-public/cdist
		
	[__acl] remove deprecated parameters, fix some bugs and improve manual
This commit is contained in:
		
					parent
					
						
							
								2885c6a248
							
						
					
				
			
			
				commit
				
					
						e3d906a85f
					
				
			
		
					 11 changed files with 26 additions and 75 deletions
				
			
		|  | @ -1,39 +0,0 @@ | |||
| #!/bin/sh -e | ||||
| # | ||||
| # 2019 Ander Punnar (ander-at-kvlt-dot-ee) | ||||
| # | ||||
| # This file is part of cdist. | ||||
| # | ||||
| # cdist is free software: you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # cdist is distributed in the hope that it will be useful, | ||||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
| # GNU General Public License for more details. | ||||
| # | ||||
| # You should have received a copy of the GNU General Public License | ||||
| # along with cdist. If not, see <http://www.gnu.org/licenses/>. | ||||
| # | ||||
| 
 | ||||
| # TODO check if filesystem has ACL turned on etc | ||||
| 
 | ||||
| if [ -f "$__object/parameter/acl" ] | ||||
| then | ||||
|     grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \ | ||||
|     | while read -r acl | ||||
|     do | ||||
|         param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )" | ||||
|         check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )" | ||||
| 
 | ||||
|         [ "$param" = 'user' ] && db=passwd || db="$param" | ||||
| 
 | ||||
|         if ! getent "$db" "$check" > /dev/null | ||||
|         then | ||||
|             echo "missing $param '$check'" >&2 | ||||
|             exit 1 | ||||
|         fi | ||||
|     done | ||||
| fi | ||||
							
								
								
									
										4
									
								
								cdist/conf/type/__acl/explorer/getent
									
										
									
									
									
										Executable file
									
								
							
							
						
						
									
										4
									
								
								cdist/conf/type/__acl/explorer/getent
									
										
									
									
									
										Executable file
									
								
							|  | @ -0,0 +1,4 @@ | |||
| #!/bin/sh -e | ||||
| 
 | ||||
| getent passwd | awk -F: '{print "user:"$1}' | ||||
| getent group | awk -F: '{print "group:"$1}' | ||||
|  | @ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )" | |||
| 
 | ||||
| if [ "$file_is" = 'missing' ] \ | ||||
|     && [ -z "$__cdist_dry_run" ] \ | ||||
|     && \( [ ! -f "$__object/parameter/file" ] \ | ||||
|         || [ ! -f "$__object/parameter/directory" ] \) | ||||
|     && [ ! -f "$__object/parameter/file" ] \ | ||||
|     && [ ! -f "$__object/parameter/directory" ] | ||||
| then | ||||
|     exit 0 | ||||
| fi | ||||
|  | @ -47,28 +47,26 @@ then | |||
| elif [ -f "$__object/parameter/entry" ] | ||||
| then | ||||
|     acl_should="$( cat "$__object/parameter/entry" )" | ||||
| elif [ -f "$__object/parameter/acl" ] | ||||
| then | ||||
|     acl_should="$( cat "$__object/parameter/acl" )" | ||||
| elif | ||||
|     [ -f "$__object/parameter/user" ] \ | ||||
|         || [ -f "$__object/parameter/group" ] \ | ||||
|         || [ -f "$__object/parameter/mask" ] \ | ||||
|         || [ -f "$__object/parameter/other" ] | ||||
| then | ||||
|     acl_should="$( for param in user group mask other | ||||
|     do | ||||
|         [ ! -f "$__object/parameter/$param" ] && continue | ||||
| 
 | ||||
|         echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=: | ||||
| 
 | ||||
|         echo "$param$sep$( cat "$__object/parameter/$param" )" | ||||
|     done )" | ||||
| else | ||||
|     echo 'no parameters set' >&2 | ||||
|     exit 1 | ||||
| fi | ||||
| 
 | ||||
| # instead of setfacl's non-helpful message "Option -m: Invalid argument near character X" | ||||
| # let's check if target has necessary users and groups, since mistyped or missing | ||||
| # users/groups in target is most common reason. | ||||
| echo "$acl_should" \ | ||||
|     | grep -Po '(user|group):[^:]+' \ | ||||
|     | sort -u \ | ||||
|     | while read -r l | ||||
|     do | ||||
|         if ! grep "$l" -Fxq "$__object/explorer/getent" | ||||
|         then | ||||
|             echo "no $l' in target" | sed "s/:/ '/" >&2 | ||||
|             exit 1 | ||||
|         fi | ||||
|     done | ||||
| 
 | ||||
| if [ -f "$__object/parameter/default" ] | ||||
| then | ||||
|     acl_should="$( echo "$acl_should" \ | ||||
|  |  | |||
|  | @ -12,11 +12,14 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB | |||
| 
 | ||||
| See ``setfacl`` and ``acl`` manpages for more details. | ||||
| 
 | ||||
| One of ``--entry`` or ``--source`` must be used. | ||||
| 
 | ||||
| REQUIRED MULTIPLE PARAMETERS | ||||
| 
 | ||||
| OPTIONAL MULTIPLE PARAMETERS | ||||
| ---------------------------- | ||||
| entry | ||||
|    Set ACL entry following ``getfacl`` output syntax. | ||||
|    Must be used if ``--source`` is not used. | ||||
| 
 | ||||
| 
 | ||||
| OPTIONAL PARAMETERS | ||||
|  | @ -25,6 +28,7 @@ source | |||
|    Read ACL entries from stdin or file. | ||||
|    Ordering of entries is not important. | ||||
|    When reading from file, comments and empty lines are ignored. | ||||
|    Must be used if ``--entry`` is not used. | ||||
| 
 | ||||
| file | ||||
|    Create/change file with ``__file`` using ``user:group:mode`` pattern. | ||||
|  | @ -48,12 +52,6 @@ remove | |||
|    ``mask`` and ``other`` entries can't be removed, but only changed. | ||||
| 
 | ||||
| 
 | ||||
| DEPRECATED PARAMETERS | ||||
| --------------------- | ||||
| Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they | ||||
| will be removed in future versions. Please use ``entry`` parameter instead. | ||||
| 
 | ||||
| 
 | ||||
| EXAMPLES | ||||
| -------- | ||||
| 
 | ||||
|  |  | |||
|  | @ -1 +0,0 @@ | |||
| see manual for details | ||||
|  | @ -1 +0,0 @@ | |||
| see manual for details | ||||
|  | @ -1 +0,0 @@ | |||
| see manual for details | ||||
|  | @ -1 +0,0 @@ | |||
| see manual for details | ||||
|  | @ -1 +0,0 @@ | |||
| see manual for details | ||||
|  | @ -1,5 +1,3 @@ | |||
| mask | ||||
| other | ||||
| source | ||||
| file | ||||
| directory | ||||
|  |  | |||
|  | @ -1,4 +1 @@ | |||
| entry | ||||
| acl | ||||
| user | ||||
| group | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue