Skip to content

Commit

Permalink
Merge pull request #2559 from FroggyFlox/2556_suboptimal_permission_o…
Browse files Browse the repository at this point in the history 
…n_crontabs_created_by_Rockstor

Improve permissions on crontabs created by rockstor #2556
  • Loading branch information
@phillxnet
phillxnet authored May 27, 2023
2 parents 05400b5 + b32b943 commit 79ed934
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 29 deletions.
38 changes: 23 additions & 15 deletions src/rockstor/smart_manager/views/replication.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
"""
Copyright (c) 2012-2020 RockStor, Inc. <http://rockstor.com>
Copyright (c) 2012-2023 RockStor, Inc. <http://rockstor.com>
This file is part of RockStor.
RockStor is free software; you can redistribute it and/or modify
Expand All @@ -15,7 +15,10 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""

import os
import shutil
import stat
from tempfile import mkstemp

from rest_framework.response import Response
from rest_framework.exceptions import NotFound
Expand All @@ -42,19 +45,24 @@ def _refresh_crontab():
if EmailClient.objects.filter().exists():
eco = EmailClient.objects.filter().order_by("-id")[0]
mail_from = eco.sender
with open("/etc/cron.d/replicationtab", "w") as cfo:
fh, npath = mkstemp()
with open(npath, "w") as cfo:
cfo.write("SHELL=/bin/bash\n")
cfo.write("PATH=/sbin:/bin:/usr/sbin:/usr/bin\n")
cfo.write("MAILTO=root\n")
if mail_from is not None:
cfo.write("MAILFROM=%s\n" % mail_from)
cfo.write("MAILFROM={}\n".format(mail_from))
cfo.write("# These entries are auto generated by Rockstor. Do not edit.\n")
for replica in Replica.objects.filter(enabled=True):
if replica.crontab is not None:
cfo.write(
"%s root %s.venv/bin/send-replica %d\n"
% (replica.crontab, settings.ROOT_DIR, replica.id)
"{} root {}.venv/bin/send-replica {}\n".format(
replica.crontab, settings.ROOT_DIR, replica.id
)
)
# Set file to rw- --- --- (600) via stat constants
os.chmod(npath, stat.S_IRUSR | stat.S_IWUSR)
shutil.move(npath, "/etc/cron.d/replicationtab")

@staticmethod
def _validate_port(port, request):
Expand Down Expand Up @@ -90,8 +98,8 @@ def post(self, request):
if Replica.objects.filter(share=sname).exists():
e_msg = (
"Another replication task already exists for this "
"share(%s). Only 1-1 replication is supported "
"currently." % sname
"share({}). Only 1-1 replication is supported "
"currently.".format(sname)
)
handle_exception(Exception(e_msg), request)
share = self._validate_share(sname, request)
Expand Down Expand Up @@ -125,7 +133,7 @@ def _validate_share(sname, request):
try:
return Share.objects.get(name=sname)
except:
e_msg = "Share: %s does not exist" % sname
e_msg = "Share: {} does not exist".format(sname)
handle_exception(Exception(e_msg), request)

@staticmethod
Expand All @@ -134,7 +142,7 @@ def _validate_appliance(request):
ip = request.data.get("appliance", None)
return Appliance.objects.get(ip=ip)
except:
e_msg = "Appliance with ip(%s) is not recognized." % ip
e_msg = "Appliance with ip({}) is not recognized.".format(ip)
handle_exception(Exception(e_msg), request)


Expand All @@ -153,13 +161,13 @@ def put(self, request, rid):
try:
r = Replica.objects.get(id=rid)
except:
e_msg = "Replica(%s) does not exist" % rid
e_msg = "Replica({}) does not exist".format(rid)
handle_exception(Exception(e_msg), request)

r.crontab = request.data.get("crontab", r.crontab)
enabled = request.data.get("enabled", r.enabled)
if type(enabled) != bool:
e_msg = "enabled switch must be a boolean, not %s" % type(enabled)
e_msg = "enabled switch must be a boolean, not {}".format(type(enabled))
handle_exception(Exception(e_msg), request)
r.enabled = enabled
replication_ip = request.data.get("listener_ip", r.replication_ip)
Expand All @@ -180,13 +188,13 @@ def delete(self, request, rid):
try:
r = Replica.objects.get(id=rid)
except:
e_msg = "Replica(%s) does not exist" % rid
e_msg = "Replica({}) does not exist".format(rid)
handle_exception(Exception(e_msg), request)

if r.enabled is True:
e_msg = (
"Replica(%s) is enabled. If you are sure, disable it "
"first and then delete." % rid
"Replica({}) is enabled. If you are sure, disable it "
"first and then delete.".format(rid)
)
handle_exception(Exception(e_msg), request)

Expand Down
38 changes: 24 additions & 14 deletions src/rockstor/smart_manager/views/task_scheduler.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
"""
Copyright (c) 2012-2020 RockStor, Inc. <http://rockstor.com>
Copyright (c) 2012-2023 RockStor, Inc. <http://rockstor.com>
This file is part of RockStor.
RockStor is free software; you can redistribute it and/or modify
Expand All @@ -18,6 +18,10 @@

import json
import logging
import os
import shutil
import stat
from tempfile import mkstemp

from django.conf import settings
from django.db import transaction
Expand All @@ -42,12 +46,12 @@ def _validate_input(request):
crontabwindow = request.data.get("crontabwindow")
meta = request.data.get("meta", {})
if type(meta) != dict:
e_msg = "meta must be a dictionary, not %s" % type(meta)
e_msg = "meta must be a dictionary, not {}".format(meta)
handle_exception(Exception(e_msg), request)
if "pool" in meta:
if not Pool.objects.filter(id=meta["pool"]).exists():
raise Exception(
"Non-existent Pool(%s) in meta. %s" % (meta["pool"], meta)
"Non-existent Pool({}) in meta. {}".format(meta["pool"], meta)
)
# Add pool_name to task meta dictionary
pool = Pool.objects.get(id=meta["pool"])
Expand All @@ -61,7 +65,7 @@ def _validate_input(request):
)
if not Share.objects.filter(id=meta["share"]).exists():
raise Exception(
"Non-existent Share id (%s) in meta. %s" % (meta["pool"], meta)
"Non-existent Share id ({}) in meta. {}".format(meta["pool"], meta)
)
if "rtc_hour" in meta:
meta["rtc_hour"] = int(meta["rtc_hour"])
Expand All @@ -72,7 +76,7 @@ def _validate_input(request):
def _validate_enabled(request):
enabled = request.data.get("enabled", True)
if type(enabled) != bool:
e_msg = "enabled flag must be a boolean and not %s" % type(enabled)
e_msg = "enabled flag must be a boolean and not {}".format(type(enabled))
handle_exception(Exception(e_msg), request)
return enabled

Expand All @@ -81,7 +85,7 @@ def _task_def(request, tdid):
try:
return TaskDefinition.objects.get(id=tdid)
except:
e_msg = "Event with id: %s does not exist" % tdid
e_msg = "Event with id: {} does not exist".format(tdid)
handle_exception(Exception(e_msg), request)

@staticmethod
Expand All @@ -90,45 +94,51 @@ def _refresh_crontab():
if EmailClient.objects.filter().exists():
eco = EmailClient.objects.filter().order_by("-id")[0]
mail_from = eco.sender
with open("/etc/cron.d/rockstortab", "w") as cfo:
fh, npath = mkstemp()
with open(npath, "w") as cfo:
cfo.write("SHELL=/bin/bash\n")
cfo.write("PATH=/sbin:/bin:/usr/sbin:/usr/bin\n")
cfo.write("MAILTO=root\n")
if mail_from is not None:
cfo.write("MAILFROM=%s\n" % mail_from)
cfo.write("MAILFROM={}\n".format(mail_from))
cfo.write("# These entries are auto generated by Rockstor. Do not edit.\n")
for td in TaskDefinition.objects.filter(enabled=True):
if td.crontab is not None:
tab = "%s root" % td.crontab
tab = "{} root".format(td.crontab)
if td.task_type == "snapshot":
tab = "%s %s.venv/bin/st-snapshot %d" % (
tab = "{} {}.venv/bin/st-snapshot {}".format(
tab,
settings.ROOT_DIR,
td.id,
)
elif td.task_type == "scrub":
tab = "%s %s.venv/bin/st-pool-scrub %d" % (
tab = "{} {}.venv/bin/st-pool-scrub {}".format(
tab,
settings.ROOT_DIR,
td.id,
)
elif td.task_type in ["reboot", "shutdown", "suspend"]:
tab = "%s %s.venv/bin/st-system-power %d" % (
tab = "{} {}.venv/bin/st-system-power {}".format(
tab,
settings.ROOT_DIR,
td.id,
)
else:
logger.error("ignoring unknown task_type: %s" % td.task_type)
logger.error(
"ignoring unknown task_type: {}".format(td.task_type)
)
continue
if td.crontabwindow is not None:
# add crontabwindow as 2nd arg to task script, new line
# moved here
tab = "%s \%s\n" % (tab, td.crontabwindow)
tab = "{} \{}\n".format(tab, td.crontabwindow)
else:
logger.error("missing crontab window value")
continue
cfo.write(tab)
# Set file to rw- --- --- (600) via stat constants.
os.chmod(npath, stat.S_IRUSR | stat.S_IWUSR)
shutil.move(npath, "/etc/cron.d/rockstortab")


class TaskSchedulerListView(TaskSchedulerMixin, rfc.GenericView):
Expand Down

0 comments on commit 79ed934

Please sign in to comment.