class OodSupport::ACLs::PosixACL
Object describing a Posix ACL
Constants
Attributes
Name of owning group for this ACL
@return [String] group name
Mask set for this ACL
@return [Array<Symbol>] mask for this acl
Name of owner for this ACL
@return [String] owner name
Public Class Methods
Add ACL
to file path @param path [String] path to file or directory @param entry [PosixEntry] entry to add to file @raise [InvalidPath] file path doesn't exist @raise [BadExitCode] the command line called exited with non-zero status @return [PosixACL] new acl of path
# File lib/ood_support/acls/posix.rb, line 45 def self.add_facl(path:, entry:) path = Pathname.new path raise InvalidPath, "invalid path: #{path}" unless path.exist? _, err, s = Open3.capture3(SET_FACL_BIN, '-m', entry.to_s, path.to_s) raise BadExitCode, err unless s.success? get_facl(path: path) end
Clear all extended ACLs
from file path @param path [String] path to file or directory @return [PosixACL] new acl of path
# File lib/ood_support/acls/posix.rb, line 70 def self.clear_facl(path:) path = Pathname.new path raise InvalidPath, "invalid path: #{path}" unless path.exist? _, err, s = Open3.capture3(SET_FACL_BIN, '-b', path.to_s) raise BadExitCode, err unless s.success? get_facl(path: path) end
Get ACL
from file path @param path [String] path to file or directory @raise [InvalidPath] file path doesn't exist @raise [BadExitCode] the command line called exited with non-zero status @return [PosixACL] acl generated from path
# File lib/ood_support/acls/posix.rb, line 30 def self.get_facl(path:) path = Pathname.new path raise InvalidPath, "invalid path: #{path}" unless path.exist? stat = path.stat acl, err, s = Open3.capture3(GET_FACL_BIN, path.to_s) raise BadExitCode, err unless s.success? parse(acl, owner: User.new(stat.uid), group: Group.new(stat.gid)) end
@param owner [#to_s] name of owner @param group [#to_s] name of group @param mask [PosixACL] mask permissions @see ACL#initialize
OodSupport::ACL::new
# File lib/ood_support/acls/posix.rb, line 95 def initialize(owner:, group:, mask:, **kwargs) super(kwargs.merge(default: false)) @owner = owner.to_s @group = group.to_s @mask = mask end
Generate an ACL
by parsing a string along with options @param acl [#to_s] string describing acl @param kwargs [Hash] extra arguments defining acl @return [PosixACL] acl generated by string and options
# File lib/ood_support/acls/posix.rb, line 82 def self.parse(acl, **kwargs) entries = [] acl.to_s.strip.split(/\n|,/).grep(/^[^#]/).each do |entry| entries << entry_class.parse(entry) end mask = entries.detect {|e| e.flag == :mask} new(entries: entries - [mask], mask: mask, **kwargs) end
Remove ACL
from file path @param path [String] path to file or directory @param entry [PosixEntry] entry to remove from file @raise [InvalidPath] file path doesn't exist @raise [BadExitCode] the command line called exited with non-zero status @return [PosixACL] new acl of path
# File lib/ood_support/acls/posix.rb, line 59 def self.rem_facl(path:, entry:) path = Pathname.new path raise InvalidPath, "invalid path: #{path}" unless path.exist? _, err, s = Open3.capture3(SET_FACL_BIN, '-x', entry.to_s(w_perms: false), path.to_s) raise BadExitCode, err unless s.success? get_facl(path: path) end
Private Class Methods
Use PosixEntry
for entry objects
# File lib/ood_support/acls/posix.rb, line 142 def self.entry_class PosixEntry end
Public Instance Methods
Check if queried principle has access to resource @param principle [User, Group] principle to check against @param permission [Symbol] permission to check against @return [Boolean] does principle have access?
# File lib/ood_support/acls/posix.rb, line 106 def allow?(principle:, permission:) # First check owner entry then check rest of user entries (order # matters). If match, then this entry determines access. entries.select(&:user_entry?).sort_by {|e| e.user_owner_entry? ? 0 : 1}.each do |entry| return entry.has_permission?(permission: permission, mask: mask) if entry.match(principle: principle, owner: owner, group: group) end # Then check groups (order independent). Entry only determines access # if it contains requested permission. groups = entries.select {|e| e.group_entry? && e.match(principle: principle, owner: owner, group: group)}.map do |entry| entry.has_permission?(permission: permission, mask: mask) end unless groups.empty? # Found matching groups so check if any give access groups.any? else # Failed to find any matching groups so check "other" entry entries.detect(&:other_entry?).has_permission?(permission: permission, mask: mask) end end
Convert object to hash @return [Hash] the hash describing this object
OodSupport::ACL#to_h
# File lib/ood_support/acls/posix.rb, line 136 def to_h super.merge owner: owner, group: group, mask: mask end
Convert object to string @return [String] the string describing the object
# File lib/ood_support/acls/posix.rb, line 130 def to_s (entries + [mask]).join(",") end