diff options
| author | Matthieu Patou <mat@matws.net> | 2010-01-08 17:00:54 +0300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2010-01-21 07:11:17 +1300 |
| commit | d4514a6539052b6944582ef8e5e1930b5f42ffd7 (patch) | |
| tree | c19dfb082ebb18fb04a2f09ab96c3a87baa51224 /source4/setup/provision | |
| parent | 711c7606a5a2c36ea252ffd6d3aafc06fa5b675c (diff) | |
| download | samba-d4514a6539052b6944582ef8e5e1930b5f42ffd7.tar.gz samba-d4514a6539052b6944582ef8e5e1930b5f42ffd7.tar.bz2 samba-d4514a6539052b6944582ef8e5e1930b5f42ffd7.zip | |
provision: introduce use-xattr parameter for defining where to store attributes
This option allow simple user (non root) to invoke provision without facing an error
while insuring that ACL on shared files will always be set
Diffstat (limited to 'source4/setup/provision')
| -rwxr-xr-x | source4/setup/provision | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/source4/setup/provision b/source4/setup/provision index 1165eda1a3..26e28ccbd4 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -24,11 +24,14 @@ import optparse import sys +import os +import tempfile # Find right directory when running from source tree sys.path.insert(0, "bin/python") import samba +import samba.ntacls from samba.credentials import DONT_USE_KERBEROS from samba.auth import system_session import samba.getopt as options @@ -110,7 +113,7 @@ parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH", parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH", help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.") parser.add_option("--nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true") -parser.add_option("--nosetfileacl", help="Do not set NT ACL on files (set by default)", action="store_true") +parser.add_option("--use-xattrs", type="choice", choices=["yes","no","auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities") parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true") opts = parser.parse_args()[0] @@ -202,10 +205,22 @@ if opts.blank: elif opts.partitions_only: samdb_fill = FILL_DRS -setfileacl = True +if not opts.use_xattrs: + opts.use_xattrs="auto" + +eadb = True +if opts.use_xattrs == "yes": + eadb = False +elif opts.use_xattrs == "auto": + file=tempfile.NamedTemporaryFile() + try: + samba.ntacls.setntacl(lp,file.name,"O:S-1-5-32G:S-1-5-32","native") + eadb = False + except: + print "Notice: you are not root or your system do not support xattr, tdb backend for attributes has been selected" + print " if you intend to use this provision in production you'd better rerun the script as root on a system supporting xattr" + file.close() -if opts.nosetfileacl: - setfileacl = False session = system_session() provision(setup_dir, message, @@ -215,7 +230,7 @@ provision(setup_dir, message, policyguid=opts.policy_guid, policyguid_dc=opts.policy_guid_dc, hostname=opts.host_name, hostip=opts.host_ip, hostip6=opts.host_ip6, - ntdsguid=opts.ntds_guid, + ntdsguid=opts.ntds_guid, invocationid=opts.invocationid, adminpass=opts.adminpass, krbtgtpass=opts.krbtgtpass, machinepass=opts.machinepass, dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody, @@ -225,4 +240,4 @@ provision(setup_dir, message, backend_type=opts.ldap_backend_type, ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls, slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path, - nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,setfileacl=setfileacl) + nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode,useeadb=eadb) |