boinc/tools/check_project

205 lines
6.3 KiB
Plaintext
Raw Normal View History

#!/usr/bin/env python3
# $Id$
'''
Checks project permissions and php modules.
This script is designed to run AFTER make_project is executed.
'''
import functools, argparse
import grp, pwd
import os, socket, sys
import subprocess
import shlex
#-----------------------------------------------------------
# Functions
def gethostname():
try:
return socket.getfqdn().split('.')[0]
except:
return 'localhost'
#gethostname
def check_user(user):
try:
mypwdb = pwd.getpwnam(user)
except KeyError as e:
print("ERROR: ", e)
print("ERROR: Specified apache user (%s) not found, Aborting"%(user))
sys.exit(1)
#try
# check_user
def check_dir(dir):
if not os.path.isdir(dir):
print("ERROR: project directory %s does not exist, Aborting"%(dir))
sys.exit(1)
#try
return dir
#check_dir
def determineapacheuser(user):
'''Attempts to determine the apache Web server user from the password
database. Checks a few possibilities that are linux defaults. If
one user matches, it is returned, otherwise an error created.
2016-05-25 10:21:43 +00:00
Known Issue: if the system has multiple users defined from the list below,
the script will abort.
'''
possibleapacheusers = [ 'apache',
'apache2',
'http',
'httpd',
'web-data',
'www-data']
if user=="FINDOUT":
allusernames = [x.pw_name for x in pwd.getpwall()]
out1 = set(allusernames).intersection(possibleapacheusers)
2016-05-25 10:21:43 +00:00
if len(out1)==1:
return out1.pop()
print("WARNING: Script could not determine which user runs apache Web server. Aborting")
print(" You should specify the apache user with the -a/--apache_user flag")
print(" Try running the following command with apache Web server running:")
print(" ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root")
2016-05-20 16:13:16 +00:00
sys.exit(1)
else:
check_user(user)
return user
#endif
#determineapacheuser
def check_permissions(user, fpath):
mypwdb = pwd.getpwnam(user)
try:
mystat = os.stat(fpath)
except OSError as e:
print("ERROR: ", e)
return 1
#try
2016-05-25 10:21:43 +00:00
owner_permissions = oct(mystat.st_mode)[4:5]
group_permissions = oct(mystat.st_mode)[5:6]
file_owner = pwd.getpwuid(mystat.st_uid).pw_name
group_members = grp.getgrgid(mystat.st_gid).gr_mem
'''Three checks:
1) if file owner is the user and owner's permissions allow for writing
2) if user is in group_members and group's permissions allow for writing
3) if user's gid is the same as the file's gid, and group's permissions allow for writing
2016-05-25 10:21:43 +00:00
The last condition is required because group_members (from gr_mem) does not
contain the primary user of the group.
'''
2016-05-25 10:21:43 +00:00
if (file_owner == user and owner_permissions >=5) or (user in group_members and group_permissions >=5) or (mypwdb.pw_gid==mystat.st_gid and group_permissions >=5) :
print("Info: User %s can write to file/dir %s"%(user, fpath))
return 0
#end if
2016-05-25 10:21:43 +00:00
print("WARNING: User %s can NOT write to %s"%(user, fpath))
return 2
#check_permissions
def check_php_modules(modulestocheck):
'''Uses php -m and checks to see if certain php modules are installed.
'''
phpcmd = ['php','-m']
try:
phpout = subprocess.check_output(phpcmd)
except Exception as e:
print("ERROR: ",e)
print("ERROR: Can't execute %s"%(" ".join(phpcmd)))
#try
phpout = str(phpout)
phpmodules = phpout.split("\n")
modulesnotfound = set(modulestocheck).difference(phpmodules)
if len(modulesnotfound)>0:
print("WARNING: The following php modules were not found on your system: %s"%(" ".join(modulesnotfound)))
return 1
print("Info: All required/recommended php modules found.")
return 0
#check_php_modules
# Checks the given command if it is executable
# can also check output (not implemented yet)
def check_tool(command):
# make sure command is a valid list to pass to subprocess.call()
if not isinstance(command, list):
command = shlex.split(command)
try:
cmdout = subprocess.check_output(command,stderr=subprocess.STDOUT)
except OSError as e:
print("WARNING: The following tool was not found on your system: %s"%(command[0]))
if e.errno != os.errno.ENOENT:
print("ERROR: ",e)
print("ERROR: Can't execute %s"%(" ".join(command)))
return 1
except subprocess.CalledProcessError as cpe:
print("WARNING: The following tool reported a non-zero returncode: %s"%(" ".join(command)))
return 2
return 0
#check_tool
#-----------------------------------------------------------
# Main program
parser = argparse.ArgumentParser(description="Checks BOINC project directory permissions and php modules.")
parser.add_argument("-p","--project_dir", action="store", dest="project_dir", required=True, help="Full path to the project root directory.")
parser.add_argument("-a","--apache_user", action="store", dest="apache_user", default="FINDOUT", help="User which apache runs. Typically www-data (Debian based), httpd (Redhat based), or apache. If not specified, the script will automatically try to determine.")
try:
args = parser.parse_args()
except Exception as e:
print("ERROR: command-line parser error", e)
sys.exit(1)
#try
# Define global variables
S_HOSTNAME = gethostname()
APACHE_USER = determineapacheuser(args.apache_user)
PROJECT_DIR = check_dir(args.project_dir)
PATHS = ['log_'+S_HOSTNAME,
'html',
'html/cache',
'html/inc',
'html/languages',
'html/languages/compiled',
'upload',]
MODULES = ["curl","gd","mysqli","xml"]
TOOLS = ['curl --version']
# Run the check_permissions function on all directories
rcperm = map(functools.partial(check_permissions, APACHE_USER), [os.path.join(PROJECT_DIR,p) for p in PATHS])
# Check for php modules
rcphp = check_php_modules(MODULES)
# Check for tools
rctools = map(check_tool,TOOLS)
if sum(rcperm)+rcphp+sum(rctools) == 0:
print("---All permissions checks passed, necessary php modules and tools installed. Your BOINC project should be ready to start.---")
else:
print("WARNING: Some problems were found with your BOINC installation, please check the messages above for details.")
2016-05-25 10:21:43 +00:00
sys.exit(0)