add utilities for running commands and folder permission checking #153
Conversation
* from py4xs.utils and lix_profile_collection/03-security, respectively
mrakitin
left a comment
mrakitin
left a comment
There was a problem hiding this comment.
Thanks for porting the tools. The code needs a little work to make it more compatible with the rest of the code base.
| import subprocess | ||
|
|
||
|
|
||
| def run(cmd, path="", ignoreErrors=True, returnError=False, debug=False): |
There was a problem hiding this comment.
I'd prefer to name the kwargs in the snake_case style, i.e.:
ignoreErrors->ignore_errorsreturnError->return_error
|
|
||
|
|
||
| def run(cmd, path="", ignoreErrors=True, returnError=False, debug=False): | ||
| """cmd should be a list, e.g. ["ls", "-lh"] |
There was a problem hiding this comment.
The docstring should have a break between the first line and the following lines. Maybe an introductory sentence about this function can be useful.
Also, run seems to be too vague. Maybe something more specific such as execute_command can be more appropriate.
| if debug: | ||
| print(out.decode(), err.decode()) | ||
| if len(err) > 0 and not ignoreErrors: | ||
| print(err.decode()) | ||
| raise Exception(err.decode()) | ||
| if returnError: | ||
| return out.decode(), err.decode() | ||
| else: | ||
| return out.decode() |
There was a problem hiding this comment.
out.decode() and err.decode() are used a few times. Maybe worth calling them once, and reuse via variables?
|
|
||
| # this below may not be necessary | ||
| out = run(["getfacl", "-cn", fn]) | ||
| wgrps = [int(t[:-4].lstrip("group:")) for t in re.findall("groups:[0-9]*:rw.", out)] |
There was a problem hiding this comment.
What is -4 here for? Can it ever be more or less than 4 symbols?
Maybe it's worth adding an example (anonymized) output of that search to have a better understanding of what kind of data we are dealing with here.
| if not os.path.exists(fn): | ||
| raise Exception(f"{fn} does not exist ...") | ||
| if os.access(fn, os.W_OK): | ||
| print(f"write access to {fn} verified ...") |
There was a problem hiding this comment.
For this message, I think it will make sense to add a few words about this being verified via Unix permissions.
| print("user group membership: ", ugrps) | ||
| raise Exception(f"the current user does not have write access to {fn}") | ||
| else: | ||
| print(f"write access to {fn} verified ...") |
There was a problem hiding this comment.
For this message, I think it will make sense to add a few words about this being verified via ACL (getfacl).
2 participants
respectively
check_accesswas requested by Maksim,runlooked useful to me