[Fusionforge-commits] FusionForge branch 6.0 updated. 34aa48875d381681b531db3dfbd0e02a53668e25

Sylvain Beucler beuc-inria at fusionforge.org
Mon Mar 16 18:43:57 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  34aa48875d381681b531db3dfbd0e02a53668e25 (commit)
      from  f28c7d11079ea55fa1769b6b0aa35af04ea175af (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 34aa48875d381681b531db3dfbd0e02a53668e25
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Mon Mar 16 18:42:50 2015 +0100

    unix accounts: fix name conflicts between per-user groups and project groups [#660]

diff --git a/src/CHANGES b/src/CHANGES
index 395a37b..176ba65 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -2,6 +2,7 @@ Fusionforge-6.0 (unreleased):
 * [#710] New install system (Inria)
 * [#147] Reactivity: system replication is now performed immediately (rather than waiting for cron jobs) (Inria)
 * [#519] SCM: concurrent SSH and HTTPS access, relying on Apache mod_itk (Roland Mas)
+* [#760] System: users now use a common default group ("users") rather than per-user group; avoids conflicts with project groups (Inria)
 * [#658] Docman: Basic Webdav write mkcol, delete, put, move support (TrivialDev)
 * [#657] Docman: Add move mass actions (TrivialDev)
 * [#747] Docman: Direct link to file details (TrivialDev)
diff --git a/src/common/include/User.class.php b/src/common/include/User.class.php
index e1c285a..cd203e7 100644
--- a/src/common/include/User.class.php
+++ b/src/common/include/User.class.php
@@ -1120,7 +1120,7 @@ Use one below, but make sure it is entered as the single line.)
 	 * @return	int	This user's GID.
 	 */
 	function getUnixGID() {
-		return $this->data_array['unix_gid'];
+		return forge_get_config('users_default_gid');
 	}
 
 	/**
diff --git a/src/common/include/system/pgsql.class.php b/src/common/include/system/pgsql.class.php
index fa79953..d517992 100644
--- a/src/common/include/system/pgsql.class.php
+++ b/src/common/include/system/pgsql.class.php
@@ -43,7 +43,7 @@ class pgsql extends System {
 	var $GID_ADD = 10000;
 
 	/**
- 	* Value to add to unix gid to get unix uid of anoncvs special user
+	* Value to add to unix gid to get unix gid of 'scm_xxx' group
  	*
  	* @var	constant	$SCM_UID_ADD
  	*/
@@ -108,11 +108,9 @@ class pgsql extends System {
 		} else {
 			$res = db_query_params ('UPDATE users SET
 			unix_uid=user_id+$1,
-			unix_gid=user_id+$2,
-			unix_status=$3
-			WHERE user_id=$4',
+			unix_status=$2
+			WHERE user_id=$3',
 						array ($this->UID_ADD,
-							   $this->UID_ADD,
 							   'A',
 							   $user_id)) ;
 					if (!$res) {
@@ -133,15 +131,6 @@ class pgsql extends System {
 				$this->setError('Error: Cannot Delete Group GID: '.db_error());
 				return false;
 			}
-			$res3 = db_query_params ('INSERT INTO nss_groups
-					(user_id, group_id,name, gid)
-					SELECT user_id, 0, user_name, unix_gid
-					FROM users WHERE user_id=$1',
-						 array ($user_id));
-			if (!$res3) {
-				$this->setError('Error: Cannot Update Group GID: '.db_error());
-				return false;
-			}
 
 			$pids = array () ;
 			foreach ($user->getGroups() as $p) {
@@ -281,8 +270,8 @@ class pgsql extends System {
 			return false;
 		}
 		$res4 = db_query_params ('INSERT INTO nss_groups
-					(user_id, group_id, name, gid)
-						SELECT 0, group_id, unix_group_name, group_id + $1
+					(group_id, name, gid)
+						SELECT group_id, unix_group_name, group_id + $1
 					FROM groups
 					WHERE group_id=$2',
 					 array ($this->GID_ADD,
@@ -292,8 +281,8 @@ class pgsql extends System {
 			return false;
 		}
 		$res5 = db_query_params ('INSERT INTO nss_groups
-					(user_id, group_id, name, gid)
-						SELECT 0, group_id, $1 || unix_group_name, group_id + $2
+					(group_id, name, gid)
+						SELECT group_id, $1 || unix_group_name, group_id + $2
 					FROM groups
 					WHERE group_id=$3',
 					 array ('scm_',
diff --git a/src/cronjobs/shell/homedirs.php b/src/cronjobs/shell/homedirs.php
index 2d6e86b..3773b84 100755
--- a/src/cronjobs/shell/homedirs.php
+++ b/src/cronjobs/shell/homedirs.php
@@ -64,7 +64,6 @@ require $gfcommon.'include/cron_utils.php';
 cron_reload_nscd();
 
 setup_gettext_from_sys_lang();
-define('USER_DEFAULT_GROUP', 'users');
 // error variable
 $err = '';
 
@@ -126,7 +125,7 @@ foreach(util_result_column_to_array($res,0) as $uname) {
 		mkdir($uhome);
 		chmod($uhome, 0755);
 		chown($uhome, $uname);
-		chgrp($uhome, USER_DEFAULT_GROUP);
+		chgrp($uhome, forge_get_config('users_default_gid'));
 	}
 }
 
diff --git a/src/db/20150316-nss.sql b/src/db/20150316-nss.sql
new file mode 100644
index 0000000..5e510c9
--- /dev/null
+++ b/src/db/20150316-nss.sql
@@ -0,0 +1,20 @@
+-- unix accounts: fix name conflicts between per-user groups and project groups [#660]
+
+-- drop 'gid'
+DROP VIEW nss_passwd;
+CREATE VIEW nss_passwd AS
+  SELECT users.unix_uid AS uid,
+    users.user_name AS login,
+    users.unix_pw AS passwd,
+    users.realname AS gecos,
+    users.shell,
+    users.user_name AS homedir,
+    users.status
+  FROM users
+  WHERE users.unix_status = 'A';
+ALTER TABLE users DROP "unix_gid";
+
+-- only list project gids, users share a default gid (cf. 'users_default_gid')
+DELETE FROM nss_groups WHERE group_id=0;
+ALTER TABLE nss_groups DROP "user_id";
+ALTER TABLE nss_groups ADD CONSTRAINT "gid_pk" PRIMARY KEY (gid);
diff --git a/src/etc/config.ini.d/defaults.ini b/src/etc/config.ini.d/defaults.ini
index f2b47d6..026de83 100644
--- a/src/etc/config.ini.d/defaults.ini
+++ b/src/etc/config.ini.d/defaults.ini
@@ -92,3 +92,7 @@ scm_single_host = yes
 system_user=fusionforge
 system_user_ssh_akc=fusionforge_ssh_akc
 apache_auth_realm="SCM for FusionForge"
+
+; Default common group for user unix accounts:
+; group 'users' is 100 on Debian, CentOS and OpenSuSE
+users_default_gid=100
diff --git a/src/post-install.d/shell/shell.sh b/src/post-install.d/shell/shell.sh
index 770c7eb..45d1d4c 100755
--- a/src/post-install.d/shell/shell.sh
+++ b/src/post-install.d/shell/shell.sh
@@ -42,6 +42,7 @@ configure_libnss_pgsql(){
 	*) hostconf="host=$db_host"  ;; # 'host'
     esac
     if [ ! -s $DESTDIR/etc/nss-pgsql.conf ]; then
+	gid=$(forge_get_config users_default_gid)
 	cat > $DESTDIR/etc/nss-pgsql.conf <<EOF
 ### NSS Configuration for FusionForge
 
@@ -51,10 +52,10 @@ connectionstring = user=$db_user_nss dbname=$db_name $hostconf
 
 
 #----------------- NSS queries
-getpwnam        = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE login = \$1
-getpwuid        = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE uid = \$1
-#allusers        = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,gid FROM nss_passwd
-getgroupmembersbygid = SELECT login AS username FROM nss_passwd WHERE gid = \$1
+getpwnam        = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,$gid FROM nss_passwd WHERE login = \$1
+getpwuid        = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,$gid FROM nss_passwd WHERE uid = \$1
+#allusers        = SELECT login AS username,passwd,gecos,('$homedir_prefix' || login) AS homedir,shell,uid,$gid FROM nss_passwd
+getgroupmembersbygid = SELECT login AS username FROM nss_passwd WHERE $gid = \$1
 getgrnam = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE name = \$1
 getgrgid = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE gid = \$1
 #allgroups = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups 

-----------------------------------------------------------------------

Summary of changes:
 src/CHANGES                               |    1 +
 src/common/include/User.class.php         |    2 +-
 src/common/include/system/pgsql.class.php |   25 +++++++------------------
 src/cronjobs/shell/homedirs.php           |    3 +--
 src/db/20150316-nss.sql                   |   20 ++++++++++++++++++++
 src/etc/config.ini.d/defaults.ini         |    4 ++++
 src/post-install.d/shell/shell.sh         |    9 +++++----
 7 files changed, 39 insertions(+), 25 deletions(-)
 create mode 100644 src/db/20150316-nss.sql


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list