Recent Changes - Search:

CheckHomeDirPermissions

(:source lang=python:)

import getopt import sys import os import grp import pwd import stat

exclude_dirs = ['apolloh', 'bioscope', 'src', 'tmp', 'data', 'KEEPME', 'examples', '.snapshots', 'VR0002', '.panfs.userquota', 'apache-activemq', 'hadoop','scratch'] exclude_home_dirs = ['backup'] verbose = False suggest = False

def usage():

    print "Usage: check_home_dir_permissions [-v] [-h]"
    print "   -v: Verbose mode"
    print "   -h: Print help"
    print "   -s: Print suggestions"

def check_shared_directory(shared_dir, group):

    global suggest

    if not os.path.isdir(shared_dir):
        if suggest:
            print "mkdir  (shared_dir)
        else:
            print "ERROR: Shared dir  (shared_dir)
    share_stat = os.stat(shared_dir)
    if share_stat.st_uid != 0:
        if suggest:
            print "chown root  (shared_dir)
        else:
            print "ERROR: Shared dir  (shared_dir)
    try:
        group_st = grp.getgrnam(group)
    except KeyError, err:
        print "ERROR: Doesn't appear to be an LDAP group for  (group)
        return

    if share_stat.st_gid != group_st.gr_gid:
        if suggest:
            print "chgrp s" % (group, shared_dir)
        else:
            print "ERROR: Shared dir s" % (shared_dir, group)
    if share_stat.st_mode != 17912:
        if suggest:
            print "chmod 2770  (shared_dir)
        else:
            print "ERROR: Shared dir s" % (shared_dir, share_stat.st_mode)

def check_home_directory(home_dir, user, group):

    global suggest, exclude_home_dirs

    if user in exclude_home_dirs:
        if verbose:
            print "Excluding it"
        return

    if not os.path.isdir(home_dir):
        if suggest:
            print "mkdir  (home_dir)
        else:
            print "ERROR: Home dir  (home_dir)
    home_stat = os.stat(home_dir)
    try:
        group_st = grp.getgrnam(group)
    except KeyError, err:
        print "ERROR: Doesn't appear to be an LDAP group for  (group)
        return
    try:
        user_st = pwd.getpwnam(user)
    except KeyError, err:
        print "ERROR: Doesn't appear to be an LDAP user for  (user)
        return

    if group_st and home_stat.st_gid != group_st.gr_gid:
        if suggest:
            print "chgrp s" % (group, home_dir)
        else:
            print "ERROR: Home dir s" % (home_dir, group)
    if home_stat.st_uid != user_st.pw_uid:
        if suggest:
            print "chown s" % (user, home_dir)
        else:
            print "ERROR: Home dir s" % (home_dir, user)

    if (home_stat.st_mode & stat.S_IWOTH):
        if suggest:
            print "chmod o-w  (home_dir)
        else:
            print "ERROR: Home dir  (home_dir)

    if (home_stat.st_mode & stat.S_IROTH):
        if suggest:
            print "chmod o-r  (home_dir)
        else:
            print "ERROR: Home dir  (home_dir)

    if (home_stat.st_mode & stat.S_IXOTH):
        if suggest:
            print "chmod o-x  (home_dir)
        else:
            print "ERROR: Home dir  (home_dir)

def check_project_directory(project_dir):

    global suggest

    if not os.path.isdir(project_dir):
        if suggest:
            print "mkdir  (project_dir)
        else:
            print "ERROR: Project dir  (project_dir)
    if not os.path.isdir(os.path.join(project_dir, 'shared')):
        if suggest:
            print "mkdir  (os.path.join(project_dir, 'shared'))
        else:
            print "ERROR: Project dir  (project_dir)
    proj_stat = os.stat(project_dir)
    if proj_stat.st_uid != 0:
        if suggest:
            print "chown root  (project_dir)
        else:
            print "ERROR: Project dir  (project_dir)
    if proj_stat.st_gid != 503:
        if suggest:
            print "chgrp home  (project_dir)
        else:
            print "ERROR: Project dir  (project_dir)
    if proj_stat.st_mode != 16893:
        if suggest:
            print "chmod 0775  (project_dir)
        else:
            print "ERROR: Project dir s" % (project_dir, proj_stat.st_mode)

def check_scratch_project_directory(project_dir, group):

    global suggest

    if not os.path.isdir(project_dir):
        if suggest:
            print "mkdir  (project_dir)
        else:
            print "ERROR: Project dir  (project_dir)
    proj_stat = os.stat(project_dir)
    if proj_stat.st_uid != 0:
        if suggest:
            print "chown root  (project_dir)
        else:
            print "ERROR: Project dir  (project_dir)
    groupinfo = grp.getgrnam(group)
    if proj_stat.st_gid != groupinfo.gr_gid:
        if suggest:
            print "chgrp s" % (group, project_dir)
        else:
            print "ERROR: Project dir s" % (project_dir, group)
    if proj_stat.st_mode != 17912:
        if suggest:
            print "chmod 0770  (project_dir)
        else:
            print "ERROR: Project dir s" % (project_dir, proj_stat.st_mode)

def recurse_dir(base):

    """Check directory permissions for project, home and scratch dirs"""

    global exclude_dirs, verbose

    dirs_to_check = os.listdir(base)
    for thisdir in dirs_to_check:
        dir_full = os.path.join(base, thisdir)
        if not os.path.isdir(dir_full):
            if verbose:
                print "Found a non-directory entry:  (dir_full)
            continue
        if verbose:
            print "Checking a project directory:  (dir_full)
        if thisdir in exclude_dirs:
            if verbose:
                print "Excluding it"
            continue
        check_project_directory(dir_full)
        subdirs_to_check = os.listdir(dir_full)
        for subdir in subdirs_to_check:
            subdir_full = os.path.join(dir_full, subdir)
            if not os.path.isdir(subdir_full):
                if verbose:
                    print "Found a non-directory entry:  (subdir_full)
                continue
            if subdir == "shared":
                if verbose:
                    print "Checking a shared directory:  (subdir_full)
                check_shared_directory(subdir_full, thisdir)
            elif subdir == "VR0002.1":
                if verbose:
                    print "Checking a shared directory:  (subdir_full)
                check_shared_directory(subdir_full, 'VR0002.1')
            else:
                if verbose:
                    print "Checking a home directory:  (subdir_full)
                check_home_directory(subdir_full, subdir, thisdir)

def recurse_scratch(base):

    """Check scratch directory permissions for project dirs"""

    global exclude_dirs, verbose

    dirs_to_check = os.listdir(base)
    for thisdir in dirs_to_check:
        if not thisdir.startswith('VR'):
            continue
        dir_full = os.path.join(base, thisdir)
        if not os.path.isdir(dir_full):
            if verbose:
                print "Found a non-directory entry:  (dir_full)
            continue
        if verbose:
            print "Checking a project directory:  (dir_full)
        if thisdir in exclude_dirs:
            if verbose:
                print "Excluding it"
            continue
        check_scratch_project_directory(dir_full, thisdir)

if __name__ == "__main__":

    try:
        opts, args = getopt.getopt(sys.argv[1:], 'vhs')
    except getopt.GetoptError, e:
        print e
        usage()
        sys.exit(-1)
    opts = dict(opts)

    if '-v' in opts:
        verbose = True

    if '-s' in opts:
        suggest = True

    if '-h' in opts:
        usage()
        sys.exit(0)

    recurse_dir('/vlsci')

    if os.path.isdir('/scratch'):
        recurse_scratch('/scratch')

(:sourceend:)

Page last modified by brett on May 04, 2012, at 11:00 PM