213
217
warnings.simplefilter('ignore')
214
218
homebackup = os.tempnam(tempdir)
215
219
warnings.resetwarnings()
216
# Back up the /home directory, delete the entire jail, recreate the
217
# jail directory tree, then copy the /home back
218
# NOTE that shutil.move changed in Python 2.6, it now moves a
219
# directory INTO the target (like `mv`), which it didn't use to do.
220
# This code works regardless.
220
# Note: shutil.move does not behave like "mv" - it does not put a file
221
# into a directory if it already exists, just fails. Therefore it is
222
# not susceptible to tmpnam symlink attack.
221
223
shutil.move(homedir, homebackup)
222
224
shutil.rmtree(userdir)
224
226
shutil.move(homebackup, homedir)
225
227
# Change the ownership of all the files to the right unixid
226
228
logging.debug("chown %s's home directory files to uid %d"
227
229
%(user.login, user.unixid))
228
os.spawnvp(os.P_WAIT, 'chown', ['chown', '-R', '%d:%d' % (user.unixid,
229
user.unixid), userhomedir])
230
os.chown(userhomedir, user.unixid, user.unixid)
231
for root, dirs, files in os.walk(userhomedir):
232
for fsobj in dirs + files:
233
os.chown(os.path.join(root, fsobj), user.unixid, user.unixid)
231
235
# No user jail exists
232
236
# Set up the user's home directory
236
240
# Chmod to rwxr-xr-x (755)
237
241
os.chmod(userhomedir, 0755)
239
make_ivle_conf(user.login, userdir, user.svn_pass)
243
make_conf_py(user.login, userdir, ivle.conf.jail_system, user.svn_pass)
240
244
make_etc_passwd(user.login, userdir, ivle.conf.jail_system, user.unixid)
242
246
return userhomedir
244
def make_ivle_conf(username, user_jail_dir, svn_pass):
248
def make_conf_py(username, user_jail_dir, staging_dir, svn_pass):
246
250
Creates (overwriting any existing file, and creating directories) a
247
file /etc/ivle/ivle.conf in a given user's jail.
251
file ${python_site_packages}/ivle/conf/conf.py in a given user's jail.
248
252
username: Username.
249
253
user_jail_dir: User's jail dir, ie. ivle.conf.jail_base + username
250
svn_pass: User's SVN password.
254
staging_dir: The dir with the staging copy of the jail. (With the
255
template conf.py file).
256
svn_pass: As with make_jail. User's SVN password, but if not supplied,
257
will look up in the DB.
252
conf_path = os.path.join(user_jail_dir, "etc/ivle/ivle.conf")
259
template_conf_path = os.path.join(staging_dir,
260
ivle.conf.python_site_packages[1:], "ivle/conf/conf.py")
261
conf_path = os.path.join(user_jail_dir,
262
ivle.conf.python_site_packages[1:], "ivle/conf/conf.py")
253
263
os.makedirs(os.path.dirname(conf_path))
255
# In the "in-jail" version of conf, we don't need MOST of the details
256
# (it would be a security risk to have them here).
257
# So we just write root_dir.
258
conf_obj = ivle.config.Config(blank=True)
259
conf_obj.filename = conf_path
260
conf_obj['urls']['root'] = ivle.conf.root_dir
261
conf_obj['urls']['public_host'] = ivle.conf.public_host
262
conf_obj['urls']['svn_addr'] = ivle.conf.svn_addr
263
conf_obj['user_info']['login'] = username
264
conf_obj['user_info']['svn_pass'] = svn_pass
265
# Read the contents of the template conf file
267
template_conf_file = open(template_conf_path, "r")
268
template_conf_data = template_conf_file.read()
269
template_conf_file.close()
271
# Couldn't open template conf.py for some reason
272
# Just treat it as empty file
273
template_conf_data = ("# Warning: Problem building config script.\n"
274
"# Could not find template conf.py file.\n")
276
conf_file = open(conf_path, "w")
277
conf_file.write(template_conf_data)
278
conf_file.write("\n# The login name for the owner of the jail\n")
279
conf_file.write("login = %s\n" % repr(username))
280
conf_file.write("\n")
281
conf_file.write("# The subversion-only password for the owner of "
283
conf_file.write("svn_pass = %s\n" % repr(svn_pass))
267
286
# Make this file world-readable
268
287
# (chmod 644 conf_path)