|
Brett /
CheckHomeDirPermissions(:source lang=python:) import getopt import sys import os import grp import pwd import stat exclude_dirs = ['apolloh', 'bioscope', 'src', 'tmp', 'data', 'KEEPME', 'examples', '.snapshots', 'VR0002', '.panfs.userquota', 'apache-activemq', 'hadoop','scratch'] exclude_home_dirs = ['backup'] verbose = False suggest = False def usage(): print "Usage: check_home_dir_permissions [-v] [-h]"
print " -v: Verbose mode"
print " -h: Print help"
print " -s: Print suggestions"
def check_shared_directory(shared_dir, group): global suggest
if not os.path.isdir(shared_dir):
if suggest:
print "mkdir (shared_dir)
else:
print "ERROR: Shared dir (shared_dir)
share_stat = os.stat(shared_dir)
if share_stat.st_uid != 0:
if suggest:
print "chown root (shared_dir)
else:
print "ERROR: Shared dir (shared_dir)
try:
group_st = grp.getgrnam(group)
except KeyError, err:
print "ERROR: Doesn't appear to be an LDAP group for (group)
return
if share_stat.st_gid != group_st.gr_gid:
if suggest:
print "chgrp s" % (group, shared_dir)
else:
print "ERROR: Shared dir s" % (shared_dir, group)
if share_stat.st_mode != 17912:
if suggest:
print "chmod 2770 (shared_dir)
else:
print "ERROR: Shared dir s" % (shared_dir, share_stat.st_mode)
def check_home_directory(home_dir, user, group): global suggest, exclude_home_dirs
if user in exclude_home_dirs:
if verbose:
print "Excluding it"
return
if not os.path.isdir(home_dir):
if suggest:
print "mkdir (home_dir)
else:
print "ERROR: Home dir (home_dir)
home_stat = os.stat(home_dir)
try:
group_st = grp.getgrnam(group)
except KeyError, err:
print "ERROR: Doesn't appear to be an LDAP group for (group)
return
try:
user_st = pwd.getpwnam(user)
except KeyError, err:
print "ERROR: Doesn't appear to be an LDAP user for (user)
return
if group_st and home_stat.st_gid != group_st.gr_gid:
if suggest:
print "chgrp s" % (group, home_dir)
else:
print "ERROR: Home dir s" % (home_dir, group)
if home_stat.st_uid != user_st.pw_uid:
if suggest:
print "chown s" % (user, home_dir)
else:
print "ERROR: Home dir s" % (home_dir, user)
if (home_stat.st_mode & stat.S_IWOTH):
if suggest:
print "chmod o-w (home_dir)
else:
print "ERROR: Home dir (home_dir)
if (home_stat.st_mode & stat.S_IROTH):
if suggest:
print "chmod o-r (home_dir)
else:
print "ERROR: Home dir (home_dir)
if (home_stat.st_mode & stat.S_IXOTH):
if suggest:
print "chmod o-x (home_dir)
else:
print "ERROR: Home dir (home_dir)
def check_project_directory(project_dir): global suggest
if not os.path.isdir(project_dir):
if suggest:
print "mkdir (project_dir)
else:
print "ERROR: Project dir (project_dir)
if not os.path.isdir(os.path.join(project_dir, 'shared')):
if suggest:
print "mkdir (os.path.join(project_dir, 'shared'))
else:
print "ERROR: Project dir (project_dir)
proj_stat = os.stat(project_dir)
if proj_stat.st_uid != 0:
if suggest:
print "chown root (project_dir)
else:
print "ERROR: Project dir (project_dir)
if proj_stat.st_gid != 503:
if suggest:
print "chgrp home (project_dir)
else:
print "ERROR: Project dir (project_dir)
if proj_stat.st_mode != 16893:
if suggest:
print "chmod 0775 (project_dir)
else:
print "ERROR: Project dir s" % (project_dir, proj_stat.st_mode)
def check_scratch_project_directory(project_dir, group): global suggest
if not os.path.isdir(project_dir):
if suggest:
print "mkdir (project_dir)
else:
print "ERROR: Project dir (project_dir)
proj_stat = os.stat(project_dir)
if proj_stat.st_uid != 0:
if suggest:
print "chown root (project_dir)
else:
print "ERROR: Project dir (project_dir)
groupinfo = grp.getgrnam(group)
if proj_stat.st_gid != groupinfo.gr_gid:
if suggest:
print "chgrp s" % (group, project_dir)
else:
print "ERROR: Project dir s" % (project_dir, group)
if proj_stat.st_mode != 17912:
if suggest:
print "chmod 0770 (project_dir)
else:
print "ERROR: Project dir s" % (project_dir, proj_stat.st_mode)
def recurse_dir(base): """Check directory permissions for project, home and scratch dirs"""
global exclude_dirs, verbose
dirs_to_check = os.listdir(base)
for thisdir in dirs_to_check:
dir_full = os.path.join(base, thisdir)
if not os.path.isdir(dir_full):
if verbose:
print "Found a non-directory entry: (dir_full)
continue
if verbose:
print "Checking a project directory: (dir_full)
if thisdir in exclude_dirs:
if verbose:
print "Excluding it"
continue
check_project_directory(dir_full)
subdirs_to_check = os.listdir(dir_full)
for subdir in subdirs_to_check:
subdir_full = os.path.join(dir_full, subdir)
if not os.path.isdir(subdir_full):
if verbose:
print "Found a non-directory entry: (subdir_full)
continue
if subdir == "shared":
if verbose:
print "Checking a shared directory: (subdir_full)
check_shared_directory(subdir_full, thisdir)
elif subdir == "VR0002.1":
if verbose:
print "Checking a shared directory: (subdir_full)
check_shared_directory(subdir_full, 'VR0002.1')
else:
if verbose:
print "Checking a home directory: (subdir_full)
check_home_directory(subdir_full, subdir, thisdir)
def recurse_scratch(base): """Check scratch directory permissions for project dirs"""
global exclude_dirs, verbose
dirs_to_check = os.listdir(base)
for thisdir in dirs_to_check:
if not thisdir.startswith('VR'):
continue
dir_full = os.path.join(base, thisdir)
if not os.path.isdir(dir_full):
if verbose:
print "Found a non-directory entry: (dir_full)
continue
if verbose:
print "Checking a project directory: (dir_full)
if thisdir in exclude_dirs:
if verbose:
print "Excluding it"
continue
check_scratch_project_directory(dir_full, thisdir)
if __name__ == "__main__": try:
opts, args = getopt.getopt(sys.argv[1:], 'vhs')
except getopt.GetoptError, e:
print e
usage()
sys.exit(-1)
opts = dict(opts)
if '-v' in opts:
verbose = True
if '-s' in opts:
suggest = True
if '-h' in opts:
usage()
sys.exit(0)
recurse_dir('/vlsci')
if os.path.isdir('/scratch'):
recurse_scratch('/scratch')
(:sourceend:) |