[24319] | 1 | #!/usr/bin/perl |
---|
[23095] | 2 | # Usage: afs_create locker type cell path quota user group |
---|
| 3 | |
---|
| 4 | require "/moira/bin/afs_utils.pl"; |
---|
| 5 | |
---|
| 6 | $protodir="/moira/dotfiles"; |
---|
| 7 | $quota=1; |
---|
| 8 | |
---|
| 9 | %proc = |
---|
| 10 | ("ATHENA.MIT.EDU", 'athena_proc' ); |
---|
| 11 | |
---|
| 12 | umask(0); |
---|
| 13 | |
---|
| 14 | die "Usage: $0 locker type cell path user group\n" if (@ARGV != 6); |
---|
| 15 | ($locker,$type,$cell,$path,$user,$group) = @ARGV; |
---|
| 16 | |
---|
| 17 | # Lookup volume type |
---|
| 18 | ($c = $cell) =~ s/\./_/g; |
---|
| 19 | $vtype = eval "\$vtypes_${c}{$type}"; |
---|
| 20 | die "Cannot create $type volumes in $cell\n" unless $vtype; |
---|
| 21 | $vname = $vtype . "." . $locker; |
---|
| 22 | $vname =~ s/[^-A-Za-z0-9_.]//g; # strip out illegal characters |
---|
| 23 | |
---|
| 24 | # Find free space/Create volume |
---|
| 25 | $tries = 0; $code = 1; |
---|
| 26 | while ($tries<3 && $code) { |
---|
| 27 | ($asrv,$apart) = &afs_find($cell,$type,$quota,@except); |
---|
| 28 | die "Unable to find space to create $vname in $cell\n" unless ($asrv&&$apart); |
---|
| 29 | $code = system("$vos create $asrv $apart $vname -cell $cell >/dev/null"); |
---|
| 30 | push(@except, $asrv); |
---|
| 31 | $tries++; |
---|
| 32 | } |
---|
| 33 | &fatal("Unable to create $vname in $cell") if ($code); # Too many create errors |
---|
| 34 | push(@clean, "$vos remove $asrv $apart $vname -cell $cell >/dev/null"); |
---|
| 35 | |
---|
| 36 | # Create mountpoint and set quota |
---|
| 37 | $path =~ s:^/afs/([^.]):/afs/.\1:; |
---|
| 38 | system("$fs checkv >/dev/null; $fs mkm $path $vname"); |
---|
| 39 | &fatal("Unable to create $path") if ($?); |
---|
| 40 | push(@clean, "$fs rmm $path"); |
---|
| 41 | |
---|
| 42 | # Obtain user/group information (uid >= 0, gid <= 0) |
---|
| 43 | $uid = $gid = 0; |
---|
| 44 | open(PTS, "$pts ex $user -cell $cell|"); |
---|
| 45 | chop($_ = <PTS>); |
---|
| 46 | close(PTS); |
---|
| 47 | ($uid,$uid,$uid,$uid) = split(/[:,] /, $_) unless ($?); |
---|
| 48 | |
---|
| 49 | open(PTS, "$pts ex system:$group -cell $cell|"); |
---|
| 50 | chop($_ = <PTS>); |
---|
| 51 | close(PTS); |
---|
| 52 | ($gid,$gid,$gid,$gid) = split(/[:,] /, $_) unless ($?); |
---|
| 53 | |
---|
| 54 | # Dispatch to the cell-specific creation routines |
---|
| 55 | eval "&$proc{$cell}"; |
---|
| 56 | &fatal($@) if ($@); |
---|
| 57 | |
---|
| 58 | # Set the filesystem quota |
---|
| 59 | system("$fs sq $path $quota"); |
---|
| 60 | &fatal("Unable to set the quota on $path") if ($?); |
---|
| 61 | |
---|
| 62 | # Release the parent volume |
---|
| 63 | ($p = $path) =~ s:/[^/]+$::; |
---|
| 64 | open(FS, "$fs lv $p|") || &fatal("Can't get information about $p"); |
---|
| 65 | chop($_ = <FS>); |
---|
| 66 | close(FS); |
---|
| 67 | &fatal("Can't get information about $p") if ($?); |
---|
| 68 | @tmp = (split(/ /,$_)); |
---|
| 69 | if ($tmp[$#tmp] !~ /user\../) { |
---|
| 70 | $tries = 0; $code = 1; |
---|
| 71 | while ($tries<3 && $code) { |
---|
| 72 | $code = system("$vos release $tmp[$#tmp] -cell $cell >/dev/null"); |
---|
| 73 | $tries++; |
---|
| 74 | } |
---|
| 75 | warn "Couldn't release $tmp[$#tmp] in cell $cell" if ($code) # Don't treat as fatal. |
---|
| 76 | } |
---|
| 77 | |
---|
| 78 | # Update the quota records. |
---|
| 79 | &afs_quota_adj($cell,$asrv,$apart,$quota,0); |
---|
| 80 | exit(0); |
---|
| 81 | |
---|
| 82 | sub fatal |
---|
| 83 | { |
---|
| 84 | local($cmd); |
---|
| 85 | $_ = join(' ',@_); |
---|
| 86 | s/\n$//; |
---|
| 87 | |
---|
| 88 | while (@clean) { |
---|
| 89 | $cmd = pop(@clean); |
---|
| 90 | warn "$locker: Cleanup failed: $cmd\n" if (system("$cmd")); |
---|
| 91 | } |
---|
| 92 | die "$locker: $_\n"; |
---|
| 93 | } |
---|
| 94 | |
---|
| 95 | # Cell specific procedures |
---|
| 96 | sub athena_proc |
---|
| 97 | { |
---|
| 98 | # Default acls: |
---|
| 99 | # |
---|
| 100 | # ACTIVITY <user> all <group> all system:anyuser rl |
---|
| 101 | # APROJ <user> all <group> all system:anyuser rl |
---|
| 102 | # AREF <user> all <group> rl |
---|
| 103 | # CONTRIB <user> all system:anyuser rl |
---|
| 104 | # COURSE <user> all <group> all system:facdev all system:authuser rl |
---|
| 105 | # HOMEDIR <user> all |
---|
| 106 | # LEASE <user> all |
---|
| 107 | # ORG <user> all <group> all system:cwisfac all system:anyuser rl |
---|
| 108 | # PROJECT <user> all <group> all |
---|
| 109 | # REF <user> all system:anyuser rl |
---|
[25547] | 110 | # SITE system:sites-admin all system:sites-servers write |
---|
[23095] | 111 | # SW <user> all system:swmaint all system:authuser rl |
---|
| 112 | # SYSTEM system:administrators all system:anyuser rl |
---|
| 113 | # UROP <user> all <group> all system:facdev all system:authuser rl |
---|
| 114 | # |
---|
| 115 | # Notes: |
---|
| 116 | # 1. All directories also have "system:expunge ld". |
---|
| 117 | |
---|
| 118 | @acl=("system:expunge ld"); |
---|
[25547] | 119 | push(@acl,"system:sites-admin all") if ($type =~ /^(SITE)/); |
---|
| 120 | push(@acl,"system:sites-servers write") if ($type =~ /^(SITE)/); |
---|
[23095] | 121 | push(@acl,"system:facdev all") if ($type =~ /^(COURSE|UROP)/); |
---|
| 122 | push(@acl,"system:swmaint all") if ($type =~ /^(SW)/); |
---|
| 123 | push(@acl,"system:cwisfac all") if ($type =~ /^(ORG)/); |
---|
| 124 | push(@acl,"system:administrators all") if ($type =~ /^(SYSTEM)/); |
---|
| 125 | push(@acl,"$user all") |
---|
| 126 | if ($uid != 0 && $type =~ /^(ACTIVITY|APROJ|AREF|CONTRIB|COURSE|HOMEDIR|LEASE|ORG|PROJECT|REF|SW|UROP)/); |
---|
| 127 | push(@acl,"system:$group all") |
---|
| 128 | if ($gid != 0 && $type =~ /^(ACTIVITY|APROJ|COURSE|ORG|PROJECT|UROP)/); |
---|
| 129 | push(@acl,"system:$group rl") if ($gid != 0 && $type =~ /^(AREF)/); |
---|
| 130 | push(@acl,"system:authuser rl") |
---|
| 131 | if ($type =~ /^(COURSE|SW|UROP)/); |
---|
| 132 | push(@acl,"system:anyuser rl") |
---|
| 133 | if ($type =~ /^(ACTIVITY|APROJ|CONTRIB|ORG|REF|SYSTEM)/); |
---|
| 134 | |
---|
| 135 | if ($type !~ /^(AREF|ORG|SYSTEM)/) { |
---|
| 136 | system("$vos backup $vname >/dev/null"); |
---|
[25547] | 137 | if ($type !~ /^(SITE)/) { |
---|
| 138 | system("$fs mkm $path/OldFiles $vname.backup"); |
---|
| 139 | warn "$locker: Unable to create OldFiles mountpoint\n" if ($?); |
---|
| 140 | } |
---|
[23095] | 141 | } |
---|
| 142 | |
---|
| 143 | if ($type =~ /ACTIVITY|APROJ|PROJECT/) { |
---|
| 144 | system("/moira/bin/uchown $path $gid"); |
---|
| 145 | die "Unable to set volume ownership\n" if ($?); |
---|
| 146 | } elsif ($type =~ /HOMEDIR|UROP/) { |
---|
| 147 | chown($uid,0,$path) || |
---|
| 148 | die "Unable to set volume ownership\n"; |
---|
| 149 | } |
---|
| 150 | |
---|
| 151 | if ($type eq "COURSE") { |
---|
| 152 | mkdir("$path/www",0755) && |
---|
| 153 | chown(0,0,"$path/www") || |
---|
| 154 | die "Unable to create subdirectories\n"; |
---|
| 155 | system("$fs sa $path/www @acl system:anyuser rl -clear") && |
---|
| 156 | die "Unable to set acl on www directory\n"; |
---|
| 157 | |
---|
| 158 | system("$fs sa $path @acl system:anyuser l -clear") && |
---|
| 159 | die "Unable to set acl on top-level directory\n"; |
---|
| 160 | return; |
---|
| 161 | } |
---|
| 162 | |
---|
| 163 | if ($type eq "HOMEDIR") { |
---|
| 164 | die "Unable to get uid for user\n" unless ($uid); |
---|
| 165 | |
---|
| 166 | chmod(0755, $path); |
---|
| 167 | mkdir("$path/Public",0755) && mkdir("$path/www",0755) && |
---|
| 168 | mkdir("$path/Private",0700) && mkdir("$path/Mail", 0700) && |
---|
[24447] | 169 | mkdir("$path/Desktop",0755) && |
---|
| 170 | chown($uid,0,"$path/Public","$path/www", |
---|
| 171 | "$path/Private","$path/Mail","$path/Desktop") || |
---|
| 172 | die "Unable to create subdirectories\n"; |
---|
[23095] | 173 | system("$fs sa -dir $path/Public $path/www -acl @acl system:anyuser rl -clear") && |
---|
| 174 | die "Unable to set acl on Public directory"; |
---|
| 175 | system("$fs sa -dir $path/Private $path/Mail -acl @acl -clear") && |
---|
| 176 | die "Unable to set acl on Private and/or Mail directories\n"; |
---|
| 177 | |
---|
| 178 | opendir(DIR,$protodir) || die "Unable to open prototype directory\n"; |
---|
| 179 | @files=readdir(DIR); |
---|
| 180 | closedir(DIR); |
---|
| 181 | |
---|
| 182 | for $i (@files) { |
---|
| 183 | next if ($i eq "." || $i eq ".."); |
---|
| 184 | next unless -f "$protodir/$i"; |
---|
| 185 | open(IN,"<$protodir/$i") || die "Unable to open $protodir/$i\n"; |
---|
| 186 | open(OUT,">$path/$i") || die "Unable to create $i\n"; |
---|
| 187 | while ($_=<IN>) { print OUT $_; }; |
---|
| 188 | close(OUT); |
---|
| 189 | close(IN); |
---|
| 190 | chown($uid,0,"$path/$i"); |
---|
| 191 | } |
---|
[24447] | 192 | |
---|
| 193 | opendir(DIR,"$protodir/Desktop") || die "Unable to open prototype Desktop directory\n"; |
---|
| 194 | @files = readdir(DIR); |
---|
| 195 | closedir(DIR); |
---|
| 196 | |
---|
| 197 | for $i (@files) { |
---|
| 198 | next if ($i eq "." || $i eq ".."); |
---|
| 199 | next unless -f "$protodir/Desktop/$i"; |
---|
| 200 | open(IN,"<$protodir/Desktop/$i") || die "Unable to open $protodir/Desktop/$i\n"; |
---|
| 201 | open(OUT,">$path/Desktop/$i") || die "Unable to create Desktop/$i\n"; |
---|
| 202 | while ($_=<IN>) { print OUT $_; }; |
---|
| 203 | close(OUT); |
---|
| 204 | close(IN); |
---|
| 205 | chown($uid,0,"$path/Desktop/$i"); |
---|
| 206 | } |
---|
| 207 | |
---|
| 208 | system("$fs sa -dir $path/Desktop -acl @acl system:anyuser l -clear") && |
---|
| 209 | die "Unable to set acl on Desktop directory"; |
---|
| 210 | |
---|
[23095] | 211 | system("$fs sa $path @acl system:anyuser l -clear") && |
---|
| 212 | die "Unable to set acl on top-level directory\n"; |
---|
| 213 | return; |
---|
| 214 | } |
---|
| 215 | |
---|
| 216 | system("$fs sa $path @acl -clear") && |
---|
| 217 | die "Unable to set acl of $path\n"; |
---|
| 218 | } |
---|