From c5a2005af93d35bb5432a6957be5748f818cd3b8 Mon Sep 17 00:00:00 2001
From: Sinisa Veseli <sveseli@aps.anl.gov>
Date: Mon, 29 Jun 2015 21:42:54 +0000
Subject: [PATCH] update sudo rules, change file/directory group owners

---
 etc/dm.sudo-rules.template                                | 3 ++-
 src/python/dm/common/utility/linuxUtility.py              | 8 ++++++++
 .../dm/ds_web_service/service/impl/experimentManager.py   | 5 +++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/etc/dm.sudo-rules.template b/etc/dm.sudo-rules.template
index b43ddd08..a392c38c 100644
--- a/etc/dm.sudo-rules.template
+++ b/etc/dm.sudo-rules.template
@@ -5,7 +5,8 @@ User_Alias USER=DM_SYSTEM_USER
 Cmnd_Alias SETFACL=/usr/bin/setfacl -m group\:*\:rx DM_DATA_DIR/*
 Cmnd_Alias USERMOD=/usr/sbin/usermod -a -G * *
 Cmnd_Alias GROUPADD=/usr/sbin/groupadd *
+Cmnd_Alias CHOWN=/bin/chown -R \:* *
 
-USER HOST=(root) NOPASSWD: SETFACL,USERMOD,GROUPADD
+USER HOST=(root) NOPASSWD: SETFACL,USERMOD,GROUPADD,CHOWN
 
 
diff --git a/src/python/dm/common/utility/linuxUtility.py b/src/python/dm/common/utility/linuxUtility.py
index 4aa8f291..a78bf960 100755
--- a/src/python/dm/common/utility/linuxUtility.py
+++ b/src/python/dm/common/utility/linuxUtility.py
@@ -10,6 +10,7 @@ class LinuxUtility:
     GROUPADD_CMD = '/usr/sbin/groupadd'
     USERMOD_CMD = '/usr/sbin/usermod'
     SETFACL_CMD = '/usr/bin/setfacl'
+    CHOWN_CMD = '/bin/chown'
 
     @classmethod
     def getLogger(cls):
@@ -52,6 +53,13 @@ class LinuxUtility:
         cmd = '%s -m group\:%s\:rx %s' % (cls.SETFACL_CMD, groupName, path)
         cls.executeSudoCommand(cmd)
 
+    @classmethod
+    def changePathGroupOwner(cls, path, groupName):
+        logger = cls.getLogger()
+        logger.debug('Changing group owner to %s for path %s' % (groupName, path))
+        cmd = '%s -R \:%s %s' % (cls.CHOWN_CMD, groupName, path)
+        cls.executeSudoCommand(cmd)
+
 #######################################################################
 # Testing.
 
diff --git a/src/python/dm/ds_web_service/service/impl/experimentManager.py b/src/python/dm/ds_web_service/service/impl/experimentManager.py
index 13250c1d..586f2a2e 100755
--- a/src/python/dm/ds_web_service/service/impl/experimentManager.py
+++ b/src/python/dm/ds_web_service/service/impl/experimentManager.py
@@ -91,6 +91,9 @@ class ExperimentManager(Singleton):
             self.platformUtility.createGroup(experimentName)
             self.logger.debug('Setting permissions for %s to %s' % (storageDirectory, self.DIR_PERMISSIONS_MODE))
             OsUtility.chmodPath(storageDirectory, dirMode=self.DIR_PERMISSIONS_MODE)
+            self.logger.debug('Changing group owner for %s to %s' % (storageDirectory, experimentName))
+            self.platformUtility.changePathGroupOwner(storageDirectory, experimentName)
+
             experimentUsers = experiment.get('experimentUsernameList', [])
             self.logger.debug('Found experiment users: %s', experimentUsers)
             for username in experimentUsers:
@@ -109,6 +112,8 @@ class ExperimentManager(Singleton):
             if self.manageStoragePermissions:
                 self.logger.debug('Modifying permissions for %s' % filePath)
                 OsUtility.chmodPath(filePath, fileMode=self.FILE_PERMISSIONS_MODE)
+                self.logger.debug('Changing group owner for %s to %s' % (filePath, experimentName))
+                self.platformUtility.changePathGroupOwner(filePath, experimentName)
                 self.logger.debug('Processing file %s' % filePath)
                 self.fileProcessingManager.processFile(fileInfo)
         else:
-- 
GitLab