added refreshing for NSCD cache after modifying group membership

27d453f6 · sveseli · 12718088 · 27d453f6 · 27d453f6
Commit 27d453f6 authored 9 years ago by sveseli
--- a/etc/dm.sudo-rules.template
+++ b/etc/dm.sudo-rules.template
@@ -7,7 +7,8 @@ Cmnd_Alias USERMOD=/usr/sbin/usermod -a -G * *
 Cmnd_Alias GROUPADD=/usr/sbin/groupadd *
 Cmnd_Alias CHOWN=/bin/chown -R \:* *
 Cmnd_Alias GPASSWD=/usr/bin/gpasswd * * *
+Cmnd_Alias NSCD=/usr/sbin/nscd -i *

-USER HOST = (root) NOPASSWD: SETFACL,USERMOD,GROUPADD,CHOWN,GPASSWD
+USER HOST = (root) NOPASSWD: SETFACL,USERMOD,GROUPADD,CHOWN,GPASSWD,NSCD


--- a/src/python/dm/common/utility/ldapLinuxPlatformUtility.py
+++ b/src/python/dm/common/utility/ldapLinuxPlatformUtility.py
@@ -20,6 +20,7 @@ class LdapLinuxPlatformUtility:
    SETFACL_CMD = '/usr/bin/setfacl'
    CHOWN_CMD = '/bin/chown'
    GPASSWD_CMD = '/usr/bin/gpasswd'
+    NSCD_CMD = '/usr/sbin/nscd'

    def __init__(self, serverUrl, adminDn, adminPasswordFile, groupDnFormat, minGidNumber=None):
        self.serverUrl = serverUrl
@@ -166,6 +167,9 @@ class LdapLinuxPlatformUtility:
            logger.error('Could not add user %s to group %s: %s' % (username, groupName, ex))
            raise InternalError(exception=ex)

+        # Refresh NSCD cache
+        self.refreshNscdGroupCache()
+
    def deleteUserFromGroup(self, username, groupName):
        """ Remove user from group. """
        logger = self.getLogger()
@@ -195,6 +199,10 @@ class LdapLinuxPlatformUtility:
            logger.error('Could not remove user %s from group %s: %s' % (username, groupName, ex))
            raise InternalError(exception=ex)

+        # Refresh NSCD cache
+        self.refreshNscdGroupCache()
+
+
    @classmethod
    def createLocalGroup(cls, name):
        """ Create local group if it does not exist. """
@@ -257,6 +265,9 @@ class LdapLinuxPlatformUtility:
            logger.error('Could not set users %s for group %s: %s' % (usernameList, groupName, ex))
            raise InternalError(exception=ex)

+        # Refresh NSCD cache
+        self.refreshNscdGroupCache()
+
    @classmethod
    def setPathReadExecutePermissionsForGroup(cls, path, groupName):
        """ Set path permissions for the given group. """
@@ -272,6 +283,17 @@ class LdapLinuxPlatformUtility:
        cmd = '%s \:%s %s' % (cls.CHOWN_CMD, groupName, path)
        cls.executeSudoCommand(cmd)

+    @classmethod
+    def refreshNscdGroupCache(cls):
+        logger = cls.getLogger()
+        try:
+            logger.debug('Refreshing NCSD secondary group membership cache')
+            cmd = '%s -i group' % (cls.NSCD_CMD)
+            cls.executeSudoCommand(cmd)
+        except Exception, ex:
+            logger.warn('Failed to refresh NCSD group cache: %s' % (str(ex)))
+
+
 #######################################################################
 # Testing.