]>
Commit | Line | Data |
---|---|---|
6ff63c15 | 1 | #!/usr/athena/bin/perl |
6231b320 | 2 | # Usage: afs_create locker type cell path quota user group |
3 | ||
4 | require "/moira/bin/afs_utils.pl"; | |
5 | ||
c09dcc8c | 6 | $protodir="/moira/dotfiles"; |
6231b320 | 7 | $quota=1; |
8 | ||
6231b320 | 9 | %proc = |
10 | ("ATHENA.MIT.EDU", 'athena_proc' ); | |
11 | ||
12 | umask(0); | |
13 | ||
14 | die "Usage: $0 locker type cell path user group\n" if (@ARGV != 6); | |
15 | ($locker,$type,$cell,$path,$user,$group) = @ARGV; | |
16 | ||
17 | # Lookup volume type | |
18 | ($c = $cell) =~ s/\./_/g; | |
19 | $vtype = eval "\$vtypes_$c{$type}"; | |
20 | die "Cannot create $type volumes in $cell\n" unless $vtype; | |
21 | $vname = $vtype . "." . $locker; | |
870213d6 | 22 | $vname =~ s/[^-A-Za-z0-9_.]//g; # strip out illegal characters |
6231b320 | 23 | |
24 | # Find free space | |
25 | ($asrv,$apart) = &afs_find($cell,$type,$quota); | |
26 | die "Unable to find space to create $vname in $cell\n" unless ($asrv&&$apart); | |
27 | ||
28 | # Create volume | |
29 | system("$vos create $asrv $apart $vname -cell $cell >/dev/null") && | |
30 | &fatal("Unable to create $vname in $cell"); | |
31 | push(@clean, "$vos remove $asrv $apart $vname -cell $cell >/dev/null"); | |
32 | ||
33 | # Create mountpoint and set quota | |
34 | $path =~ s:^/afs/([^.]):/afs/.\1:; | |
870213d6 | 35 | system("$fs checkv >/dev/null; $fs mkm $path $vname"); |
6231b320 | 36 | &fatal("Unable to create $path") if ($?); |
37 | push(@clean, "$fs rmm $path"); | |
38 | ||
6ff63c15 | 39 | # Obtain user/group information (uid >= 0, gid <= 0) |
6231b320 | 40 | $uid = $gid = 0; |
41 | open(PTS, "$pts ex $user -cell $cell|"); | |
42 | chop($_ = <PTS>); | |
43 | close(PTS); | |
44 | ($uid,$uid,$uid,$uid) = split(/[:,] /, $_) unless ($?); | |
45 | ||
46 | open(PTS, "$pts ex system:$group -cell $cell|"); | |
47 | chop($_ = <PTS>); | |
48 | close(PTS); | |
49 | ($gid,$gid,$gid,$gid) = split(/[:,] /, $_) unless ($?); | |
6231b320 | 50 | |
51 | # Dispatch to the cell-specific creation routines | |
52 | eval "&$proc{$cell}"; | |
53 | &fatal($@) if ($@); | |
54 | ||
55 | # Set the filesystem quota | |
56 | system("$fs sq $path $quota"); | |
57 | &fatal("Unable to set the quota on $path") if ($?); | |
58 | ||
59 | # Release the parent volume | |
60 | ($p = $path) =~ s:/[^/]+$::; | |
61 | open(FS, "$fs lv $p|") || &fatal("Can't get information about $p"); | |
62 | chop($_ = <FS>); | |
63 | close(FS); | |
64 | &fatal("Can't get information about $p") if ($?); | |
65 | @tmp = (split(/ /,$_)); | |
66 | system("$vos release $tmp[$#tmp] -cell $cell >/dev/null") && | |
67 | &fatal("Can't release $tmp[$#tmp] in cell $cell"); | |
68 | ||
69 | &afs_quota_adj($cell,$asrv,$apart,$quota); | |
70 | exit(0); | |
71 | ||
72 | sub fatal | |
73 | { | |
74 | local($cmd); | |
75 | $_ = join(' ',@_); | |
76 | s/\n$//; | |
77 | ||
78 | while (@clean) { | |
79 | $cmd = pop(@clean); | |
80 | warn "$locker: Cleanup failed: $cmd\n" if (system("$cmd")); | |
81 | } | |
82 | die "$locker: $_\n"; | |
83 | } | |
84 | ||
85 | # Cell specific procedures | |
86 | sub athena_proc | |
87 | { | |
88 | # Default acls: | |
89 | # | |
90 | # ACTIVITY <user> all <group> all system:anyuser rl | |
91 | # APROJ <user> all <group> all system:anyuser rl | |
92 | # AREF <user> all <group> rl | |
93 | # CONTRIB <user> all system:anyuser rl | |
94 | # COURSE <user> all <group> all system:facdev all system:authuser rl | |
95 | # HOMEDIR <user> all | |
96 | # PROJECT <user> all <group> all | |
97 | # REF <user> all system:anyuser rl | |
98 | # SW <user> all system:swmaint all system:authuser rl | |
99 | # SYSTEM system:administrators all system:anyuser rl | |
9edc1a1d | 100 | # UROP <user> all <group> all system:facdev all system:authuser rl |
6231b320 | 101 | # |
102 | # Notes: | |
103 | # 1. All directories also have "system:expunge ld". | |
104 | ||
105 | @acl=("system:expunge ld"); | |
9edc1a1d | 106 | push(@acl,"system:facdev all") if ($type =~ /^(COURSE|UROP)/); |
6231b320 | 107 | push(@acl,"system:swmaint all") if ($type =~ /^(SW)/); |
108 | push(@acl,"system:administrators all") if ($type =~ /^(SYSTEM)/); | |
109 | push(@acl,"$user all") | |
9edc1a1d | 110 | if ($uid != 0 && $type =~ /^(ACTIVITY|APROJ|AREF|CONTRIB|COURSE|HOMEDIR|PROJECT|REF|SW|UROP)/); |
6231b320 | 111 | push(@acl,"system:$group all") |
9edc1a1d | 112 | if ($gid != 0 && $type =~ /^(ACTIVITY|APROJ|COURSE|PROJECT|UROP)/); |
6ff63c15 | 113 | push(@acl,"system:$group rl") if ($gid != 0 && $type =~ /^(AREF)/); |
6231b320 | 114 | push(@acl,"system:authuser rl") |
9edc1a1d | 115 | if ($type =~ /^(COURSE|SW|UROP)/); |
6231b320 | 116 | push(@acl,"system:anyuser rl") |
117 | if ($type =~ /^(ACTIVITY|APROJ|CONTRIB|REF|SYSTEM)/); | |
118 | ||
119 | if ($type !~ /^(AREF|SYSTEM)/) { | |
120 | system("$fs mkm $path/OldFiles $vname.backup"); | |
121 | warn "$locker: Unable to create OldFiles mountpoint\n" if ($?); | |
122 | } | |
123 | ||
6ff63c15 | 124 | if ($type =~ /ACTIVITY|APROJ|PROJECT/) { |
125 | chown($gid,0,$path) || | |
126 | die "Unable to set volume ownership\n"; | |
127 | } elsif ($type =~ /HOMEDIR|UROP/) { | |
128 | chown($uid,0,$path) || | |
129 | die "Unable to set volume ownership\n"; | |
130 | } | |
131 | ||
6231b320 | 132 | if ($type eq "HOMEDIR") { |
133 | die "Unable to get uid for user\n" unless ($uid); | |
134 | ||
135 | mkdir("$path/Public",0755) && chown($uid,0,"$path/Public") && | |
136 | mkdir("$path/Private",0700) && mkdir("$path/Mail", 0700) && | |
137 | chown($uid,0,"$path/Public","$path/Private","$path/Mail") || | |
138 | die "Unable to create subdirectories\n"; | |
139 | system("$fs sa $path/Public @acl system:anyuser rl -clear") && | |
140 | die "Unable to set acl on Public directory"; | |
141 | system("$fs sa -dir $path/Private $path/Mail -acl @acl -clear") && | |
142 | die "Unable to set acl on Private and/or Mail directories\n"; | |
143 | ||
144 | opendir(DIR,$protodir) || die "Unable to open prototype directory\n"; | |
145 | @files=readdir(DIR); | |
146 | closedir(DIR); | |
147 | ||
148 | for $i (@files) { | |
149 | next if ($i eq "." || $i eq ".."); | |
150 | next unless -f "$protodir/$i"; | |
151 | open(IN,"<$protodir/$i") || die "Unable to open $protodir/$i\n"; | |
152 | open(OUT,">$path/$i") || die "Unable to create $i\n"; | |
153 | while ($_=<IN>) { print OUT $_; }; | |
154 | close(OUT); | |
155 | close(IN); | |
156 | chown($uid,0,"$path/$i"); | |
157 | } | |
6ff63c15 | 158 | system("$fs sa $path @acl system:anyuser l -clear") && |
159 | die "Unable to set acl on top-level directory\n"; | |
6231b320 | 160 | return; |
161 | } | |
162 | ||
163 | system("$fs sa $path @acl -clear") && | |
164 | die "Unable to set acl of $path\n"; | |
165 | } |