Merge branch '__acl_improvements_vol2' into 'master'

__acl improvements vol 2

See merge request ungleich-public/cdist!780
This commit is contained in:
poljakowski 2019-05-25 16:06:46 +02:00
commit bd27d432b1
3 changed files with 26 additions and 45 deletions

View File

@ -18,7 +18,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
[ ! -e "/$__object_id" ] && exit 0
# TODO check if filesystem has ACL turned on etc
for parameter in user group
do
@ -40,7 +40,8 @@ do
if ! getent "$getent_db" "$check" > /dev/null
then
echo "missing $parameter '$check'"
echo "missing $parameter '$check'" >&2
exit 1
fi
done \
< "$__object/parameter/$parameter"

View File

@ -20,15 +20,7 @@
file_is="$( cat "$__object/explorer/file_is" )"
[ "$file_is" = 'missing' ] && exit 0
missing_users_groups="$( cat "$__object/explorer/missing_users_groups" )"
if [ -n "$missing_users_groups" ]
then
echo "$missing_users_groups" >&2
exit 1
fi
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
os="$( cat "$__global/explorer/os" )"
@ -56,7 +48,7 @@ do
then
[ "$file_is" = 'directory' ] && rep=x || rep=-
acl="$( echo "$acl" | sed "s/\(.*\)X/\1$rep/" )"
acl="$( echo "$acl" | sed "s/\\(.*\\)X/\\1$rep/" )"
fi
echo "$parameter" | grep -Eq '(mask|other)' && sep=:: || sep=:
@ -72,7 +64,7 @@ setfacl_exec='setfacl'
if [ -f "$__object/parameter/recursive" ]
then
if echo "$os" | grep -Eq 'macosx|freebsd'
if echo "$os" | grep -Fq 'freebsd'
then
echo "$os setfacl do not support recursive operations" >&2
else
@ -82,41 +74,33 @@ fi
if [ -f "$__object/parameter/remove" ]
then
if echo "$os" | grep -Fq 'solaris'
then
# Solaris setfacl behaves differently.
# We will not support Solaris for now, because no way to test it.
# But adding support should be easy (use -s instead of -m on modify).
echo "$os setfacl do not support -x flag for ACL remove" >&2
else
echo "$acl_is" | while read -r acl
do
# Skip wanted ACL entries which already exist
# and skip mask and other entries, because we
# can't actually remove them, but only change.
if echo "$acl_should" | grep -Eq "^$acl" \
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
then continue
fi
echo "$acl_is" | while read -r acl
do
# Skip wanted ACL entries which already exist
# and skip mask and other entries, because we
# can't actually remove them, but only change.
if echo "$acl_should" | grep -Eq "^$acl" \
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
then continue
fi
if echo "$os" | grep -Eq 'macosx|freebsd'
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
if echo "$os" | grep -Fq 'freebsd'
then
remove="$acl"
else
remove="$( echo "$acl" | sed 's/:...$//' )"
fi
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out"
done
fi
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
echo "removed '$remove'" >> "$__messages_out"
done
fi
for acl in $acl_should
do
if ! echo "$acl_is" | grep -Eq "^$acl"
then
if echo "$os" | grep -Eq 'macosx|freebsd' \
if echo "$os" | grep -Fq 'freebsd' \
&& echo "$acl" | grep -Eq '^default:'
then
echo "setting default ACL in $os is currently not supported. sorry :(" >&2

View File

@ -10,11 +10,7 @@ DESCRIPTION
-----------
ACL must be defined as 3-symbol combination, using ``r``, ``w``, ``x`` and ``-``.
Fully supported on Linux (tested on Debian and CentOS).
Partial support for FreeBSD, OSX and Solaris.
OpenBSD and NetBSD support is not possible.
Fully supported and tested on Linux (ext4 filesystem), partial support for FreeBSD.
See ``setfacl`` and ``acl`` manpages for more details.