forked from ungleich-public/cdist
[__acl] remove deprecated parameters, fix some bugs and improve manual
This commit is contained in:
parent
2885c6a248
commit
e3d906a85f
11 changed files with 26 additions and 75 deletions
|
@ -1,39 +0,0 @@
|
|||
#!/bin/sh -e
|
||||
#
|
||||
# 2019 Ander Punnar (ander-at-kvlt-dot-ee)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
# cdist is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# cdist is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
# TODO check if filesystem has ACL turned on etc
|
||||
|
||||
if [ -f "$__object/parameter/acl" ]
|
||||
then
|
||||
grep -E '^(default:)?(user|group):' "$__object/parameter/acl" \
|
||||
| while read -r acl
|
||||
do
|
||||
param="$( echo "$acl" | awk -F: '{print $(NF-2)}' )"
|
||||
check="$( echo "$acl" | awk -F: '{print $(NF-1)}' )"
|
||||
|
||||
[ "$param" = 'user' ] && db=passwd || db="$param"
|
||||
|
||||
if ! getent "$db" "$check" > /dev/null
|
||||
then
|
||||
echo "missing $param '$check'" >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
fi
|
4
cdist/conf/type/__acl/explorer/getent
Executable file
4
cdist/conf/type/__acl/explorer/getent
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
getent passwd | awk -F: '{print "user:"$1}'
|
||||
getent group | awk -F: '{print "group:"$1}'
|
|
@ -22,8 +22,8 @@ file_is="$( cat "$__object/explorer/file_is" )"
|
|||
|
||||
if [ "$file_is" = 'missing' ] \
|
||||
&& [ -z "$__cdist_dry_run" ] \
|
||||
&& \( [ ! -f "$__object/parameter/file" ] \
|
||||
|| [ ! -f "$__object/parameter/directory" ] \)
|
||||
&& [ ! -f "$__object/parameter/file" ] \
|
||||
&& [ ! -f "$__object/parameter/directory" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
|
@ -47,28 +47,26 @@ then
|
|||
elif [ -f "$__object/parameter/entry" ]
|
||||
then
|
||||
acl_should="$( cat "$__object/parameter/entry" )"
|
||||
elif [ -f "$__object/parameter/acl" ]
|
||||
then
|
||||
acl_should="$( cat "$__object/parameter/acl" )"
|
||||
elif
|
||||
[ -f "$__object/parameter/user" ] \
|
||||
|| [ -f "$__object/parameter/group" ] \
|
||||
|| [ -f "$__object/parameter/mask" ] \
|
||||
|| [ -f "$__object/parameter/other" ]
|
||||
then
|
||||
acl_should="$( for param in user group mask other
|
||||
do
|
||||
[ ! -f "$__object/parameter/$param" ] && continue
|
||||
|
||||
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
|
||||
|
||||
echo "$param$sep$( cat "$__object/parameter/$param" )"
|
||||
done )"
|
||||
else
|
||||
echo 'no parameters set' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# instead of setfacl's non-helpful message "Option -m: Invalid argument near character X"
|
||||
# let's check if target has necessary users and groups, since mistyped or missing
|
||||
# users/groups in target is most common reason.
|
||||
echo "$acl_should" \
|
||||
| grep -Po '(user|group):[^:]+' \
|
||||
| sort -u \
|
||||
| while read -r l
|
||||
do
|
||||
if ! grep "$l" -Fxq "$__object/explorer/getent"
|
||||
then
|
||||
echo "no $l' in target" | sed "s/:/ '/" >&2
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -f "$__object/parameter/default" ]
|
||||
then
|
||||
acl_should="$( echo "$acl_should" \
|
||||
|
|
|
@ -12,11 +12,14 @@ Fully supported and tested on Linux (ext4 filesystem), partial support for FreeB
|
|||
|
||||
See ``setfacl`` and ``acl`` manpages for more details.
|
||||
|
||||
One of ``--entry`` or ``--source`` must be used.
|
||||
|
||||
REQUIRED MULTIPLE PARAMETERS
|
||||
|
||||
OPTIONAL MULTIPLE PARAMETERS
|
||||
----------------------------
|
||||
entry
|
||||
Set ACL entry following ``getfacl`` output syntax.
|
||||
Must be used if ``--source`` is not used.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
|
@ -25,6 +28,7 @@ source
|
|||
Read ACL entries from stdin or file.
|
||||
Ordering of entries is not important.
|
||||
When reading from file, comments and empty lines are ignored.
|
||||
Must be used if ``--entry`` is not used.
|
||||
|
||||
file
|
||||
Create/change file with ``__file`` using ``user:group:mode`` pattern.
|
||||
|
@ -48,12 +52,6 @@ remove
|
|||
``mask`` and ``other`` entries can't be removed, but only changed.
|
||||
|
||||
|
||||
DEPRECATED PARAMETERS
|
||||
---------------------
|
||||
Parameters ``acl``, ``user``, ``group``, ``mask`` and ``other`` are deprecated and they
|
||||
will be removed in future versions. Please use ``entry`` parameter instead.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
see manual for details
|
|
@ -1 +0,0 @@
|
|||
see manual for details
|
|
@ -1 +0,0 @@
|
|||
see manual for details
|
|
@ -1 +0,0 @@
|
|||
see manual for details
|
|
@ -1 +0,0 @@
|
|||
see manual for details
|
|
@ -1,5 +1,3 @@
|
|||
mask
|
||||
other
|
||||
source
|
||||
file
|
||||
directory
|
||||
|
|
|
@ -1,4 +1 @@
|
|||
entry
|
||||
acl
|
||||
user
|
||||
group
|
||||
|
|
Loading…
Reference in a new issue