Module: check_mk
Branch: master
Commit: 43d72c2bbe1dffec77e2868b4569bcbe8d7f37d6
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=43d72c2bbe1dff…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Tue Jan 3 14:07:10 2012 +0100
Fix further WATO permissions in manual mode
---
.bugs/361 | 9 +++++++--
scripts/setup.sh | 14 +++++++++++++-
web/htdocs/wato.py | 44 ++++++++++++++++++++++++--------------------
3 files changed, 44 insertions(+), 23 deletions(-)
diff --git a/.bugs/361 b/.bugs/361
index c6ebe38..c10b1bb 100644
--- a/.bugs/361
+++ b/.bugs/361
@@ -1,11 +1,16 @@
Title: setup.sh does not setup permissions for WATO correctly
Component: core
+State: done
+Class: cleanup
Benefit: 1
-State: open
Cost: 2
Date: 2011-08-27 14:04:23
-Class: cleanup
+Targetversion: future
The setup.sh should try to setup permissions for WATO. We might
need a SGID bit and 775 permissions for the Webserver.
Also check if OMD share mode is working correctly.
+
+2012-01-03 14:06:53: changed state open -> done
+I've fixed several directory permissions and hope
+that it's mostly working now.
diff --git a/scripts/setup.sh b/scripts/setup.sh
index aaf5028..9f9425d 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -449,7 +449,7 @@ autochecksdir = '$vardir/autochecks'
precompiled_hostchecks_dir = '$vardir/precompiled'
counters_directory = '$vardir/counters'
tcp_cache_dir = '$vardir/cache'
-tmp_dir = '$vardir'
+tmp_dir = '$vardir/tmp'
logwatch_dir = '$vardir/logwatch'
nagios_objects_file = '$nagconfdir/check_mk_objects.cfg'
nagios_command_pipe_path = '$nagpipe'
@@ -638,9 +638,21 @@ do
chmod -R g+w $DESTDIR$vardir/web &&
chgrp -R $wwwgroup $DESTDIR$vardir/wato &&
chmod -R g+w $DESTDIR$vardir/wato
+ mkdir -p $DESTDIR$vardir/tmp &&
+ chgrp -R $wwwgroup $DESTDIR$vardir/tmp &&
+ chmod g+w $DESTDIR$vardir/tmp &&
mkdir -p $DESTDIR$confdir/conf.d/wato &&
chmod -R g+w $DESTDIR$confdir/conf.d/wato &&
chgrp -R $wwwgroup $DESTDIR$confdir/conf.d/wato
+ mkdir -p $DESTDIR$confdir/multisite.d/wato &&
+ chmod -R g+w $DESTDIR$confdir/multisite.d/wato &&
+ chgrp -R $wwwgroup $DESTDIR$confdir/multisite.d/wato
+ touch $DESTDIR$confdir/multisite.d/sites.mk &&
+ chgrp $wwwgroup $DESTDIR$confdir/multisite.d/sites.mk &&
+ chmod 664 $DESTDIR$confdir/multisite.d/sites.mk &&
+ touch $DESTDIR$confdir/conf.d/distributed_wato.mk &&
+ chgrp $wwwgroup $DESTDIR$confdir/conf.d/distributed_wato.mk &&
+ chmod 664 $DESTDIR$confdir/conf.d/distributed_wato.mk
fi &&
tar xzf $SRCDIR/conf.tar.gz -C $DESTDIR$confdir &&
if [ -e $DESTDIR$confdir/check_mk.cfg -a ! -e $DESTDIR$confdir/main.mk ] ; then
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 61ef16f..9fc43ae 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -6300,8 +6300,11 @@ def create_distributed_wato_file(siteid, mode):
def delete_distributed_wato_file():
p = defaults.check_mk_configdir + "/distributed_wato.mk"
+ # We do not delete the file but empty it. That way
+ # we do not need write permissions to the conf.d
+ # directory!
if os.path.exists(p):
- os.remove(p)
+ file(p, "w").write("")
#.
# .-Users/Contacts-------------------------------------------------------.
@@ -6832,25 +6835,26 @@ def load_users():
# That way heroes of the command line will still be able to
# change passwords with htpasswd.
filename = defaults.htpasswd_file
- for line in file(filename):
- id, password = line.strip().split(":")[:2]
- if password.startswith("!"):
- locked = True
- password = password[1:]
- else:
- locked = False
- if id in result:
- result[id]["password"] = password
- result[id]["locked"] = locked
- elif id in config.admin_users:
- # Create entry if this is an admin user
- new_user = {
- "roles" : [ "admin" ],
- "password" : password,
- "locked" : False
- }
- result[id] = new_user
- # Other unknown entries will silently be dropped. Sorry...
+ if os.path.exists(filename):
+ for line in file(filename):
+ id, password = line.strip().split(":")[:2]
+ if password.startswith("!"):
+ locked = True
+ password = password[1:]
+ else:
+ locked = False
+ if id in result:
+ result[id]["password"] = password
+ result[id]["locked"] = locked
+ elif id in config.admin_users:
+ # Create entry if this is an admin user
+ new_user = {
+ "roles" : [ "admin" ],
+ "password" : password,
+ "locked" : False
+ }
+ result[id] = new_user
+ # Other unknown entries will silently be dropped. Sorry...
# Now read the automation secrets and add them to existing
# users or create new users automatically