~azzar1/unity/add-show-desktop-key

Viewing changes to www/common/makeuser.py

Committer: mattgiuca
Date: 2008-02-04 23:46:36 UTC
Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:406

makeuser.py: make_jail now allows jails to already exist. In this case it will
back up the user's home, vape the jail, rebuild it, then restore the
user's home.

files modified:
www/common/makeuser.py

Show diffs side-by-side

added added

removed removed

www/common/makeuser.py

# * Unix user account

# TODO: Sanitize login name and other fields.

# Users must not be called "temp" or "template".

# TODO: When creating a new home directory, chown it to its owner

import os

import shutil

import warnings

import conf

import db

if os.system("useradd -d %s '%s'" % (homedir, username)) != 0:

raise Exception("Failed to add Unix user account")

def make_jail(username):

def make_jail(username, force=True):

"""Creates a new user's jail space, in the jail directory as configured in

conf.py.

template directory, recursively.

Returns the path to the user's home directory.

force: If false, exception if jail already exists for this user.

If true (default), overwrites it, but preserves home directory.

"""

# MUST run as root or some of this may fail

if os.getuid() != 0:

raise Exception("Must run make_jail as root")

templatedir = os.path.join(conf.jail_base, 'template')

if not os.path.isdir(templatedir):

raise Exception("Template jail directory does not exist: " +

templatedir)

# tempdir is for putting backup homes in

tempdir = os.path.join(conf.jail_base, 'temp')

if not os.path.exists(tempdir):

os.makedirs(tempdir)

elif not os.path.isdir(tempdir):

os.unlink(tempdir)

os.mkdir(tempdir)

userdir = os.path.join(conf.jail_base, username)

homedir = os.path.join(userdir, 'home')

if os.path.exists(userdir):

raise Exception("User's jail directory already exists: " +

userdir)

# Hard-link (copy aliasing) the entire tree over

linktree(templatedir, userdir)

# Set up the user's home directory

homedir = os.path.join(userdir, 'home', username)

os.mkdir(homedir)

return homedir

if not force:

raise Exception("User's jail already exists")

# User jail already exists. Blow it away but preserve their home

# directory.

# Ignore warnings about the use of tmpnam

warnings.simplefilter('ignore')

homebackup = os.tempnam(tempdir)

warnings.resetwarnings()

# Note: shutil.move does not behave like "mv" - it does not put a file

# into a directory if it already exists, just fails. Therefore it is

# not susceptible to tmpnam symlink attack.

100

shutil.move(homedir, homebackup)

101

try:

102

# Any errors that occur after making the backup will be caught and

103

# the backup will be un-made.

104

# XXX This will still leave the user's jail in an unusable state,

105

# but at least they won't lose their files.

106

shutil.rmtree(userdir)

107

108

# Hard-link (copy aliasing) the entire tree over

109

linktree(templatedir, userdir)

110

finally:

111

# Set up the user's home directory (restore backup)

112

# First make sure the directory is empty and its parent exists

113

try:

114

shutil.rmtree(homedir)

115

except:

116

pass

117

# XXX If this fails the user's directory will be lost (in the temp

118

# directory). But it shouldn't fail as homedir should not exist.

119

os.makedirs(homedir)

120

shutil.move(homebackup, homedir)

121

return os.path.join(homedir, username)

122

else:

123

# No user jail exists

124

# Hard-link (copy aliasing) the entire tree over

125

linktree(templatedir, userdir)

126

127

# Set up the user's home directory

128

userhomedir = os.path.join(homedir, username)

129

os.mkdir(userhomedir)

130

return userhomedir

131

132

def linktree(src, dst):

133

"""Recursively hard-link a directory tree using os.link().

Older »