[checkmk-commits] Check_MK Git: check_mk: Fix further WATO permissions in manual mode

3 Jan 2012

Module: check_mk
Branch: master
Commit: 43d72c2bbe1dffec77e2868b4569bcbe8d7f37d6
URL:   
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=43d72c2bbe1dff…

Author: Mathias Kettner &lt;mk(a)mathias-kettner.de&gt;
Date:   Tue Jan  3 14:07:10 2012 +0100

Fix further WATO permissions in manual mode

---

 .bugs/361          |    9 +++++++--
 scripts/setup.sh   |   14 +++++++++++++-
 web/htdocs/wato.py |   44 ++++++++++++++++++++++++--------------------
 3 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/.bugs/361 b/.bugs/361
index c6ebe38..c10b1bb 100644
--- a/.bugs/361
+++ b/.bugs/361
@@ -1,11 +1,16 @@
 Title: setup.sh does not setup permissions for WATO correctly
 Component: core
+State: done
+Class: cleanup
 Benefit: 1
-State: open
 Cost: 2
 Date: 2011-08-27 14:04:23
-Class: cleanup
+Targetversion: future
 
 The setup.sh should try to setup permissions for WATO. We might
 need a SGID bit and 775 permissions for the Webserver.
 Also check if OMD share mode is working correctly.
+
+2012-01-03 14:06:53: changed state open -> done
+I've fixed several directory permissions and hope
+that it's mostly working now.
diff --git a/scripts/setup.sh b/scripts/setup.sh
index aaf5028..9f9425d 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -449,7 +449,7 @@ autochecksdir               = '$vardir/autochecks'
 precompiled_hostchecks_dir  = '$vardir/precompiled'
 counters_directory          = '$vardir/counters'
 tcp_cache_dir		    = '$vardir/cache'
-tmp_dir		            = '$vardir'
+tmp_dir		            = '$vardir/tmp'
 logwatch_dir                = '$vardir/logwatch'
 nagios_objects_file         = '$nagconfdir/check_mk_objects.cfg'
 nagios_command_pipe_path    = '$nagpipe'
@@ -638,9 +638,21 @@ do
 	     chmod -R g+w $DESTDIR$vardir/web &&
 	     chgrp -R $wwwgroup $DESTDIR$vardir/wato &&
 	     chmod -R g+w $DESTDIR$vardir/wato
+             mkdir -p $DESTDIR$vardir/tmp &&
+	     chgrp -R $wwwgroup $DESTDIR$vardir/tmp &&
+             chmod g+w $DESTDIR$vardir/tmp &&
              mkdir -p $DESTDIR$confdir/conf.d/wato &&
              chmod -R g+w $DESTDIR$confdir/conf.d/wato &&
              chgrp -R $wwwgroup $DESTDIR$confdir/conf.d/wato
+             mkdir -p $DESTDIR$confdir/multisite.d/wato &&
+             chmod -R g+w $DESTDIR$confdir/multisite.d/wato &&
+             chgrp -R $wwwgroup $DESTDIR$confdir/multisite.d/wato
+             touch $DESTDIR$confdir/multisite.d/sites.mk &&
+             chgrp $wwwgroup $DESTDIR$confdir/multisite.d/sites.mk &&
+             chmod 664 $DESTDIR$confdir/multisite.d/sites.mk &&
+             touch $DESTDIR$confdir/conf.d/distributed_wato.mk &&
+             chgrp $wwwgroup $DESTDIR$confdir/conf.d/distributed_wato.mk &&
+             chmod 664 $DESTDIR$confdir/conf.d/distributed_wato.mk
 	   fi &&
 	   tar xzf $SRCDIR/conf.tar.gz -C $DESTDIR$confdir &&
 	   if [ -e $DESTDIR$confdir/check_mk.cfg -a ! -e $DESTDIR$confdir/main.mk ] ; then
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 61ef16f..9fc43ae 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -6300,8 +6300,11 @@ def create_distributed_wato_file(siteid, mode):
 
 def delete_distributed_wato_file():
     p = defaults.check_mk_configdir + "/distributed_wato.mk"
+    # We do not delete the file but empty it. That way
+    # we do not need write permissions to the conf.d 
+    # directory!
     if os.path.exists(p):
-        os.remove(p)
+        file(p, "w").write("")
 
 #.
 #   .-Users/Contacts-------------------------------------------------------.
@@ -6832,25 +6835,26 @@ def load_users():
     # That way heroes of the command line will still be able to
     # change passwords with htpasswd.
     filename = defaults.htpasswd_file
-    for line in file(filename):
-        id, password = line.strip().split(":")[:2]
-        if password.startswith("!"):
-            locked = True
-            password = password[1:]
-        else:
-            locked = False
-        if id in result:
-            result[id]["password"] = password
-            result[id]["locked"] = locked
-        elif id in config.admin_users:
-            # Create entry if this is an admin user
-            new_user = {
-                "roles" : [ "admin" ],
-                "password" : password,
-                "locked" : False
-            }
-            result[id] = new_user
-        # Other unknown entries will silently be dropped. Sorry...
+    if os.path.exists(filename):
+        for line in file(filename):
+            id, password = line.strip().split(":")[:2]
+            if password.startswith("!"):
+                locked = True
+                password = password[1:]
+            else:
+                locked = False
+            if id in result:
+                result[id]["password"] = password
+                result[id]["locked"] = locked
+            elif id in config.admin_users:
+                # Create entry if this is an admin user
+                new_user = {
+                    "roles" : [ "admin" ],
+                    "password" : password,
+                    "locked" : False
+                }
+                result[id] = new_user
+            # Other unknown entries will silently be dropped. Sorry...
 
     # Now read the automation secrets and add them to existing
     # users or create new users automatically


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[checkmk-commits] Check_MK Git: check_mk: Fix further WATO permissions in manual mode