]>
Commit | Line | Data |
---|---|---|
6ff63c15 | 1 | #!/usr/athena/bin/perl |
6231b320 | 2 | # Usage: afs_create locker type cell path quota user group |
3 | ||
4 | require "/moira/bin/afs_utils.pl"; | |
5 | ||
c09dcc8c | 6 | $protodir="/moira/dotfiles"; |
6231b320 | 7 | $quota=1; |
8 | ||
9 | %vtypes_ATHENA_MIT_EDU = | |
10 | ("ACTIVITY", "activity", | |
11 | "APROJ", "aproj", | |
12 | "AREF", "aref", | |
13 | "CONTRIB", "contrib", | |
14 | "COURSE", "course", | |
15 | "HOMEDIR", "user", | |
16 | "PROJECT", "project", | |
17 | "REF", "ref", | |
18 | "SW", "sw", | |
bc6ad793 | 19 | "SYSTEM", "system", |
9edc1a1d | 20 | "UROP", "urop", |
6231b320 | 21 | ); |
22 | ||
23 | %proc = | |
24 | ("ATHENA.MIT.EDU", 'athena_proc' ); | |
25 | ||
26 | umask(0); | |
27 | ||
28 | die "Usage: $0 locker type cell path user group\n" if (@ARGV != 6); | |
29 | ($locker,$type,$cell,$path,$user,$group) = @ARGV; | |
30 | ||
31 | # Lookup volume type | |
32 | ($c = $cell) =~ s/\./_/g; | |
33 | $vtype = eval "\$vtypes_$c{$type}"; | |
34 | die "Cannot create $type volumes in $cell\n" unless $vtype; | |
35 | $vname = $vtype . "." . $locker; | |
870213d6 | 36 | $vname =~ s/[^-A-Za-z0-9_.]//g; # strip out illegal characters |
6231b320 | 37 | |
38 | # Find free space | |
39 | ($asrv,$apart) = &afs_find($cell,$type,$quota); | |
40 | die "Unable to find space to create $vname in $cell\n" unless ($asrv&&$apart); | |
41 | ||
42 | # Create volume | |
43 | system("$vos create $asrv $apart $vname -cell $cell >/dev/null") && | |
44 | &fatal("Unable to create $vname in $cell"); | |
45 | push(@clean, "$vos remove $asrv $apart $vname -cell $cell >/dev/null"); | |
46 | ||
47 | # Create mountpoint and set quota | |
48 | $path =~ s:^/afs/([^.]):/afs/.\1:; | |
870213d6 | 49 | system("$fs checkv >/dev/null; $fs mkm $path $vname"); |
6231b320 | 50 | &fatal("Unable to create $path") if ($?); |
51 | push(@clean, "$fs rmm $path"); | |
52 | ||
6ff63c15 | 53 | # Obtain user/group information (uid >= 0, gid <= 0) |
6231b320 | 54 | $uid = $gid = 0; |
55 | open(PTS, "$pts ex $user -cell $cell|"); | |
56 | chop($_ = <PTS>); | |
57 | close(PTS); | |
58 | ($uid,$uid,$uid,$uid) = split(/[:,] /, $_) unless ($?); | |
59 | ||
60 | open(PTS, "$pts ex system:$group -cell $cell|"); | |
61 | chop($_ = <PTS>); | |
62 | close(PTS); | |
63 | ($gid,$gid,$gid,$gid) = split(/[:,] /, $_) unless ($?); | |
6231b320 | 64 | |
65 | # Dispatch to the cell-specific creation routines | |
66 | eval "&$proc{$cell}"; | |
67 | &fatal($@) if ($@); | |
68 | ||
69 | # Set the filesystem quota | |
70 | system("$fs sq $path $quota"); | |
71 | &fatal("Unable to set the quota on $path") if ($?); | |
72 | ||
73 | # Release the parent volume | |
74 | ($p = $path) =~ s:/[^/]+$::; | |
75 | open(FS, "$fs lv $p|") || &fatal("Can't get information about $p"); | |
76 | chop($_ = <FS>); | |
77 | close(FS); | |
78 | &fatal("Can't get information about $p") if ($?); | |
79 | @tmp = (split(/ /,$_)); | |
80 | system("$vos release $tmp[$#tmp] -cell $cell >/dev/null") && | |
81 | &fatal("Can't release $tmp[$#tmp] in cell $cell"); | |
82 | ||
83 | &afs_quota_adj($cell,$asrv,$apart,$quota); | |
84 | exit(0); | |
85 | ||
86 | sub fatal | |
87 | { | |
88 | local($cmd); | |
89 | $_ = join(' ',@_); | |
90 | s/\n$//; | |
91 | ||
92 | while (@clean) { | |
93 | $cmd = pop(@clean); | |
94 | warn "$locker: Cleanup failed: $cmd\n" if (system("$cmd")); | |
95 | } | |
96 | die "$locker: $_\n"; | |
97 | } | |
98 | ||
99 | # Cell specific procedures | |
100 | sub athena_proc | |
101 | { | |
102 | # Default acls: | |
103 | # | |
104 | # ACTIVITY <user> all <group> all system:anyuser rl | |
105 | # APROJ <user> all <group> all system:anyuser rl | |
106 | # AREF <user> all <group> rl | |
107 | # CONTRIB <user> all system:anyuser rl | |
108 | # COURSE <user> all <group> all system:facdev all system:authuser rl | |
109 | # HOMEDIR <user> all | |
110 | # PROJECT <user> all <group> all | |
111 | # REF <user> all system:anyuser rl | |
112 | # SW <user> all system:swmaint all system:authuser rl | |
113 | # SYSTEM system:administrators all system:anyuser rl | |
9edc1a1d | 114 | # UROP <user> all <group> all system:facdev all system:authuser rl |
6231b320 | 115 | # |
116 | # Notes: | |
117 | # 1. All directories also have "system:expunge ld". | |
118 | ||
119 | @acl=("system:expunge ld"); | |
9edc1a1d | 120 | push(@acl,"system:facdev all") if ($type =~ /^(COURSE|UROP)/); |
6231b320 | 121 | push(@acl,"system:swmaint all") if ($type =~ /^(SW)/); |
122 | push(@acl,"system:administrators all") if ($type =~ /^(SYSTEM)/); | |
123 | push(@acl,"$user all") | |
9edc1a1d | 124 | if ($uid != 0 && $type =~ /^(ACTIVITY|APROJ|AREF|CONTRIB|COURSE|HOMEDIR|PROJECT|REF|SW|UROP)/); |
6231b320 | 125 | push(@acl,"system:$group all") |
9edc1a1d | 126 | if ($gid != 0 && $type =~ /^(ACTIVITY|APROJ|COURSE|PROJECT|UROP)/); |
6ff63c15 | 127 | push(@acl,"system:$group rl") if ($gid != 0 && $type =~ /^(AREF)/); |
6231b320 | 128 | push(@acl,"system:authuser rl") |
9edc1a1d | 129 | if ($type =~ /^(COURSE|SW|UROP)/); |
6231b320 | 130 | push(@acl,"system:anyuser rl") |
131 | if ($type =~ /^(ACTIVITY|APROJ|CONTRIB|REF|SYSTEM)/); | |
132 | ||
133 | if ($type !~ /^(AREF|SYSTEM)/) { | |
134 | system("$fs mkm $path/OldFiles $vname.backup"); | |
135 | warn "$locker: Unable to create OldFiles mountpoint\n" if ($?); | |
136 | } | |
137 | ||
6ff63c15 | 138 | if ($type =~ /ACTIVITY|APROJ|PROJECT/) { |
139 | chown($gid,0,$path) || | |
140 | die "Unable to set volume ownership\n"; | |
141 | } elsif ($type =~ /HOMEDIR|UROP/) { | |
142 | chown($uid,0,$path) || | |
143 | die "Unable to set volume ownership\n"; | |
144 | } | |
145 | ||
6231b320 | 146 | if ($type eq "HOMEDIR") { |
147 | die "Unable to get uid for user\n" unless ($uid); | |
148 | ||
149 | mkdir("$path/Public",0755) && chown($uid,0,"$path/Public") && | |
150 | mkdir("$path/Private",0700) && mkdir("$path/Mail", 0700) && | |
151 | chown($uid,0,"$path/Public","$path/Private","$path/Mail") || | |
152 | die "Unable to create subdirectories\n"; | |
153 | system("$fs sa $path/Public @acl system:anyuser rl -clear") && | |
154 | die "Unable to set acl on Public directory"; | |
155 | system("$fs sa -dir $path/Private $path/Mail -acl @acl -clear") && | |
156 | die "Unable to set acl on Private and/or Mail directories\n"; | |
157 | ||
158 | opendir(DIR,$protodir) || die "Unable to open prototype directory\n"; | |
159 | @files=readdir(DIR); | |
160 | closedir(DIR); | |
161 | ||
162 | for $i (@files) { | |
163 | next if ($i eq "." || $i eq ".."); | |
164 | next unless -f "$protodir/$i"; | |
165 | open(IN,"<$protodir/$i") || die "Unable to open $protodir/$i\n"; | |
166 | open(OUT,">$path/$i") || die "Unable to create $i\n"; | |
167 | while ($_=<IN>) { print OUT $_; }; | |
168 | close(OUT); | |
169 | close(IN); | |
170 | chown($uid,0,"$path/$i"); | |
171 | } | |
6ff63c15 | 172 | system("$fs sa $path @acl system:anyuser l -clear") && |
173 | die "Unable to set acl on top-level directory\n"; | |
6231b320 | 174 | return; |
175 | } | |
176 | ||
177 | system("$fs sa $path @acl -clear") && | |
178 | die "Unable to set acl of $path\n"; | |
179 | } |