[Kimchi-devel] [WIP 1/4] A module to manage the groups of the users

Shu Ming shuming at linux.vnet.ibm.com
Thu Jan 30 01:47:21 UTC 2014


2014/1/30 4:10, Adam King:
>
> On 1/29/2014 12:07 PM, Shu Ming wrote:
>> This module provide interfaces to create default groups
>> for kimchi, vmuser and vmadmin. Also it provide interfaces
>> to assign a user to one group as his supplementary group
> With the design we discussed on the list, we do not want or need to
> create kimchi unique groups.
I think using supplementary group is a implementation detail, not
necessary linked to the design.
>From your reply, I am not sure what is your implementation to have a
group/role mapping. Can you explain it in detail?

>
>>
>> Signed-off-by: Shu Ming <shuming at linux.vnet.ibm.com>
>> ---
>> src/kimchi/rolegroups.py | 36 ++++++++++++++++++++++++++++++++++++
>> 1 file changed, 36 insertions(+)
>> create mode 100644 src/kimchi/rolegroups.py
>>
>> diff --git a/src/kimchi/rolegroups.py b/src/kimchi/rolegroups.py
>> new file mode 100644
>> index 0000000..174c0f0
>> --- /dev/null
>> +++ b/src/kimchi/rolegroups.py
>> @@ -0,0 +1,36 @@
>> +import subprocess
>> +import grp
>> +from kimchi.utils import kimchi_log
>> +
>> +def new_group(gnam):
>> + cmd = " ".join(('groupadd', gnam))
>> +
>> + try:
>> + subprocess.call(cmd, shell=True,
>> + stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>> + except Exception, e:
>> + kimchi_log.info('Exception running command %s: %s', cmd, e)
>> +
>> +def vmadmin_group_check():
>> + try:
>> + grp.getgrnam("vmadmin")
>> + except KeyError:
>> + new_group("vmadmin");
>> +
>> +def vmuser_group_check():
>> + try:
>> + grp.getgrnam("vmuser")
>> + except KeyError:
>> + new_group("vmuser");
>> +
>> +def user_add_group(usernam, grpnam):
>> + cmd = " ".join(('usermod', '-a', '-G', grpnam, usernam)
>> + try:
>> + subprocess.call(cmd, shell=True,
>> + stdout=subprocess.PIPE, stderr=subprocess.PIPE)
>> + except Exception, e:
>> + kimchi_log.info('Exception running command %s: %s', cmd, e)
>> +
>> +if __name__ == '__main__':
>> + vmuser_group_check()
>> + vmadmin_group_check()
>




More information about the Kimchi-devel mailing list