class OodSupport::ACLs::PosixACL

Object describing a Posix ACL

Constants

GET_FACL_BIN

The binary used to get the file ACLs

SET_FACL_BIN

The binary used to set the file ACLs

Attributes

group[R]

Name of owning group for this ACL @return [String] group name

mask[R]

Mask set for this ACL @return [Array<Symbol>] mask for this acl

owner[R]

Name of owner for this ACL @return [String] owner name

Public Class Methods

add_facl(path:, entry:) click to toggle source

Add ACL to file path @param path [String] path to file or directory @param entry [PosixEntry] entry to add to file @raise [InvalidPath] file path doesn't exist @raise [BadExitCode] the command line called exited with non-zero status @return [PosixACL] new acl of path

# File lib/ood_support/acls/posix.rb, line 45
def self.add_facl(path:, entry:)
  path = Pathname.new path
  raise InvalidPath, "invalid path: #{path}" unless path.exist?
  _, err, s = Open3.capture3(SET_FACL_BIN, '-m', entry.to_s, path.to_s)
  raise BadExitCode, err unless s.success?
  get_facl(path: path)
end
clear_facl(path:) click to toggle source

Clear all extended ACLs from file path @param path [String] path to file or directory @return [PosixACL] new acl of path

# File lib/ood_support/acls/posix.rb, line 70
def self.clear_facl(path:)
  path = Pathname.new path
  raise InvalidPath, "invalid path: #{path}" unless path.exist?
  _, err, s = Open3.capture3(SET_FACL_BIN, '-b', path.to_s)
  raise BadExitCode, err unless s.success?
  get_facl(path: path)
end
get_facl(path:) click to toggle source

Get ACL from file path @param path [String] path to file or directory @raise [InvalidPath] file path doesn't exist @raise [BadExitCode] the command line called exited with non-zero status @return [PosixACL] acl generated from path

# File lib/ood_support/acls/posix.rb, line 30
def self.get_facl(path:)
  path = Pathname.new path
  raise InvalidPath, "invalid path: #{path}" unless path.exist?
  stat = path.stat
  acl, err, s = Open3.capture3(GET_FACL_BIN, path.to_s)
  raise BadExitCode, err unless s.success?
  parse(acl, owner: User.new(stat.uid), group: Group.new(stat.gid))
end
new(owner:, group:, mask:, **kwargs) click to toggle source

@param owner [#to_s] name of owner @param group [#to_s] name of group @param mask [PosixACL] mask permissions @see ACL#initialize

Calls superclass method OodSupport::ACL::new
# File lib/ood_support/acls/posix.rb, line 95
def initialize(owner:, group:, mask:, **kwargs)
  super(kwargs.merge(default: false))
  @owner = owner.to_s
  @group = group.to_s
  @mask = mask
end
parse(acl, **kwargs) click to toggle source

Generate an ACL by parsing a string along with options @param acl [#to_s] string describing acl @param kwargs [Hash] extra arguments defining acl @return [PosixACL] acl generated by string and options

# File lib/ood_support/acls/posix.rb, line 82
def self.parse(acl, **kwargs)
  entries = []
  acl.to_s.strip.split(/\n|,/).grep(/^[^#]/).each do |entry|
    entries << entry_class.parse(entry)
  end
  mask = entries.detect {|e| e.flag == :mask}
  new(entries: entries - [mask], mask: mask, **kwargs)
end
rem_facl(path:, entry:) click to toggle source

Remove ACL from file path @param path [String] path to file or directory @param entry [PosixEntry] entry to remove from file @raise [InvalidPath] file path doesn't exist @raise [BadExitCode] the command line called exited with non-zero status @return [PosixACL] new acl of path

# File lib/ood_support/acls/posix.rb, line 59
def self.rem_facl(path:, entry:)
  path = Pathname.new path
  raise InvalidPath, "invalid path: #{path}" unless path.exist?
  _, err, s = Open3.capture3(SET_FACL_BIN, '-x', entry.to_s(w_perms: false), path.to_s)
  raise BadExitCode, err unless s.success?
  get_facl(path: path)
end

Private Class Methods

entry_class() click to toggle source

Use PosixEntry for entry objects

# File lib/ood_support/acls/posix.rb, line 142
def self.entry_class
  PosixEntry
end

Public Instance Methods

allow?(principle:, permission:) click to toggle source

Check if queried principle has access to resource @param principle [User, Group] principle to check against @param permission [Symbol] permission to check against @return [Boolean] does principle have access?

# File lib/ood_support/acls/posix.rb, line 106
def allow?(principle:, permission:)
  # First check owner entry then check rest of user entries (order
  # matters). If match, then this entry determines access.
  entries.select(&:user_entry?).sort_by {|e| e.user_owner_entry? ? 0 : 1}.each do |entry|
    return entry.has_permission?(permission: permission, mask: mask) if entry.match(principle: principle, owner: owner, group: group)
  end

  # Then check groups (order independent). Entry only determines access
  # if it contains requested permission.
  groups = entries.select {|e| e.group_entry? && e.match(principle: principle, owner: owner, group: group)}.map do |entry|
    entry.has_permission?(permission: permission, mask: mask)
  end

  unless groups.empty?
    # Found matching groups so check if any give access
    groups.any?
  else
    # Failed to find any matching groups so check "other" entry
    entries.detect(&:other_entry?).has_permission?(permission: permission, mask: mask)
  end
end
to_h() click to toggle source

Convert object to hash @return [Hash] the hash describing this object

Calls superclass method OodSupport::ACL#to_h
# File lib/ood_support/acls/posix.rb, line 136
def to_h
  super.merge owner: owner, group: group, mask: mask
end
to_s() click to toggle source

Convert object to string @return [String] the string describing the object

# File lib/ood_support/acls/posix.rb, line 130
def to_s
  (entries + [mask]).join(",")
end