[LON-CAPA-cvs] cvs: loncom / lchtmldir

foxr lon-capa-cvs@mail.lon-capa.org
Wed, 20 Oct 2004 09:30:58 -0000 

foxr		Wed Oct 20 05:30:58 2004 EDT

  Modified files:              
    /loncom	lchtmldir 
  Log:
  When the auth mode is being changed to internal, and the user has a 
  /home/username dir (has authorship role), prior to setting the permissions
  and ownership, write a script named restore_n.sh in the users's /home/username
  diretory that will restore all currently extant files to their prior ownershp
  and permissions.  This is done in case a filesystem user is accidently changed
  into an internal user and then is changed back... the default action of
  lchtmldir in that case may leave files without the prior permissions, if the
  user did some interesting stuff with group ownership, or had sensitive stuff.
  
  The user can the login, locate the most recent version of the script and
  execute it to get back to something close to what they had before
  
  
Index: loncom/lchtmldir
diff -u loncom/lchtmldir:1.10 loncom/lchtmldir:1.11
--- loncom/lchtmldir:1.10	Tue Oct 19 07:11:34 2004
+++ loncom/lchtmldir	Wed Oct 20 05:30:57 2004
@@ -232,6 +232,13 @@
     # is that a file system user is being demoted to internal user...
 
     if($authentication eq "internal:") {
+	#  In case the user was a unix/filesystem authenticated user,
+	#  we'll take a bit of time here to write  a script in the
+	#  user's home directory that can reset ownerships and permissions
+	#  back the way the used to be.
+
+	&write_restore_script($homedir);
+
 	&System("/bin/chown -R root:root ".$homedir);
     }
     &System("/bin/chown -R www:www  ".$fulldir);
@@ -371,7 +378,13 @@
 
 }
 #
-#  Simple test of process_tree:
+#   Callback from process_tree to write the script lines
+#   requried to restore files to current ownership and permission.
+# Parameters:
+#    dir         - Name of the directory the file lives in.
+#    name        - Name of the file itself.
+#    statinfo    - Array from lstat called on the file.
+#
 #
 sub write_script {
     my ($dir, $name, $statinfo) = @_;
@@ -392,6 +405,46 @@
 
 
 }
+# 
+#    Write a script in the user's home directory that can restore
+#    the permissions and ownerhips of all the files in the directory
+#    tree to their current ownerships and permissions.  This is done
+#    prior to making the user into an internally authenticated user
+#    in case they were previously file system authenticated and
+#    need to go back.
+#      The file we will create will be of the form
+#        restore_n.sh  Where n is a number that we will keep
+#   incrementing as needed until there isn't a file by that name.
+#   
+# Parameters:
+#    dir      - Path to the user's home directory.
+#
+sub write_restore_script {
+    my ($dir)   = @_;
+
+    #   Create a unique file:
+
+    my $version_number     = 0;
+    my $filename           = 'restore_'.$version_number.'.sh';
+    my $full_name           = $dir.$path_sep.$filename;
+
+    while(-e $full_name) {
+	$version_number++;
+	$filename         = 'restore_'.$version_number.'.sh';
+	$full_name        = $dir.$path_sep.$filename;
+    }
+    # $full_name is the full path of a file that does not yet exist
+    # of the form we want:
+
+    open(CHMODSCRIPT, "> $full_name");
+
+    &process_tree(\&write_script, $dir);
+
+    close(CHMODSCRIPT);
+
+    chmod(0750, $full_name);
+
+}