diff options
author | Jon Stanley <jonstanley@gmail.com> | 2009-12-09 17:42:08 -0500 |
---|---|---|
committer | Jon Stanley <jonstanley@gmail.com> | 2009-12-09 17:42:08 -0500 |
commit | af639cd0b0602eb114dee74c65169c9757fcb6c5 (patch) | |
tree | c1754ece0b6a4dda0f67a2055f4bc4914e7433a2 /setacls.py | |
parent | da9663505314a213e44e3de0a0a4723fbb10ffdf (diff) | |
download | cvssetfacl-af639cd0b0602eb114dee74c65169c9757fcb6c5.tar.gz cvssetfacl-af639cd0b0602eb114dee74c65169c9757fcb6c5.tar.xz cvssetfacl-af639cd0b0602eb114dee74c65169c9757fcb6c5.zip |
Add ACL application logic
Diffstat (limited to 'setacls.py')
-rwxr-xr-x | setacls.py | 28 |
1 files changed, 27 insertions, 1 deletions
@@ -64,7 +64,8 @@ def get_all(): def build_acl(acl_text): '''Builds an ACL from a line in the avail file. Expects a list of users and - groups (groups should be prepended with an @), and returns an ACL object''' + groups (groups should be prepended with an @), and returns an ACL object. + This will also add the secondary arch groups to the directories''' for item in acl_text: if GROUP.match(item): @@ -108,12 +109,14 @@ def build_acl(acl_text): #group_acl.qualifier = grp.getgrnam(item).gr_gid group_acl.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE | posix1e.ACL_EXECUTE) + for item in secondary_arch_groups: group_acl = posix1e.Entry(acl) group_acl.tag_type = posix1e.ACL_GROUP group_acl.qualifier = grp.getgrnam(item).gr_gid group_acl.permset.add(posix1e.ACL_READ | posix1e.ACL_WRITE | posix1e.ACL_EXECUTE) + for item in people: people_acl = posix1e.Entry(acl) people_acl.tag_type = posix1e.ACL_USER @@ -126,6 +129,29 @@ def build_acl(acl_text): #print '%s/%s' % ( CVSBASE, pkg ) return acl +def apply_acls(acl_dict): + '''Applies ACL's to the filesystem. Take a dictionary of ACL's, with the + keys being the path that you would like to ACL's on. The global variable + CVSBASE will be prepended to the keys of the dict. Ownership of the + directory on completion will be root:<scm_admin_group>. The ACL sets the + directories to be group writable, so the admin group will be able to write + to the directories, in addition to anyone specifically authorized''' + + scm_admin_gid = grp.getgrnam(scm_admin_group).gr_gid + + for dir in acl_dict.keys(): + real_dir = os.path.join(CVSBASE, dir) + acl_dict[dir].applyto(real_dir, posix1e.ACL_TYPE_DEFAULT) + acl_dict[dir].applyto(real_dir, posix1e.ACL_TYPE_ACCESS) + os.chown(real_path, 0, scm_admin_gid) + for file in os.listdir(real_dir): + real_file = os.path.join(real_dir, file) + if os.path.isdir(real_file): + acl_dict[dir].applyto(real_file, posix1e.ACL_TYPE_DEFAULT) + acl_dict[dir].applyto(real_file, posix1e.ACL_TYPE_ACCESS) + if os.path.isfile(real_file): + acl_dict[dir].applyto(real_file, posix1e.ACL_TYPE_ACCESS) + def main(): usage = '%prog [options] [pkgs...]' parser = OptionParser(usage, version=version) |