3
from optparse import OptionParser
8
from stat import S_IRUSR, S_IWUSR, S_IXUSR
9
from stat import S_IRGRP, S_IWGRP, S_IXGRP
10
from stat import S_IROTH, S_IWOTH, S_IXOTH
11
from stat import S_IMODE, S_IFMT
17
# Handle command line parameters
21
parser = OptionParser()
22
parser.add_option("-c", "--sysconfdir", type="string", dest="sysconfdir",
23
help="location of directory containing config files",
25
parser.add_option("-p", "--prefix", type="string", dest="prefix",
26
help="slurm install directory prefix", metavar="DIR")
27
(options, args) = parser.parse_args(args=argv)
28
if options.prefix is None:
29
options.prefix = '/usr'
30
print 'Assuming installation prefix is "%s"' % (options.prefix)
31
if options.sysconfdir is None:
32
options.sysconfdir = '/etc/slurm'
33
options.conf = options.sysconfdir + '/slurm.conf'
34
print 'Assuming slurm conf file is "%s"' % (options.conf)
36
options.conf = options.sysconfdir + '/slurm.conf'
38
# Parse the slurm.conf file
40
conf = open(options.conf, 'r')
42
print >>sys.stderr, "Unable to open slurm configuration file", options.conf
44
for line in conf.readlines():
46
line = line.split('#')[0] # eliminate comments
47
m = re.compile('\s*([^=]+)\s*=\s*([^\s]+)').search(line)
49
confpairs[m.group(1)] = m.group(2)
53
# Make sure that these files are NOT world writable.
56
print "NOTE: slurm_epilog and slurm_prolog only exist on BlueGene systems"
57
print "NOTE: federation.conf only exists on AIX systems"
58
print "NOTE: sview, slurmdbd and slurmdbd.conf exists only on selected systems"
59
print "NOTE: JobCredentialPrivateKey, SlurmctldLogFile, and StateSaveLocation only on control host"
60
print "NOTE: SlurmdLogFile and SlurmdSpoolDir only exist on compute servers"
62
print "Ensuring the following are not world writable:"
64
files.append(options.sysconfdir)
65
files.append(options.conf)
66
files.append(options.sysconfdir+'/bluegene.conf')
67
files.append(options.sysconfdir+'/federation.conf')
68
files.append(options.sysconfdir+'/slurm.conf')
69
files.append(options.sysconfdir+'/slurmdbd.conf')
70
files.append(options.sysconfdir+'/wiki.conf')
71
files.append(options.prefix+'/bin/mpiexec')
72
files.append(options.prefix+'/bin/sacct')
73
files.append(options.prefix+'/bin/sacctmgr')
74
files.append(options.prefix+'/bin/salloc')
75
files.append(options.prefix+'/bin/sattach')
76
files.append(options.prefix+'/bin/sbatch')
77
files.append(options.prefix+'/bin/sbcast')
78
files.append(options.prefix+'/bin/scancel')
79
files.append(options.prefix+'/bin/scontrol')
80
files.append(options.prefix+'/bin/sinfo')
81
files.append(options.prefix+'/bin/smap')
82
files.append(options.prefix+'/bin/squeue')
83
files.append(options.prefix+'/bin/srun')
84
files.append(options.prefix+'/bin/strigger')
85
files.append(options.prefix+'/bin/sview')
86
files.append(options.prefix+'/sbin/slurmctld')
87
files.append(options.prefix+'/sbin/slurmd')
88
files.append(options.prefix+'/sbin/slurmdbd')
89
files.append(options.prefix+'/sbin/slurmstepd')
90
files.append(options.prefix+'/sbin/slurm_epilog')
91
files.append(options.prefix+'/sbin/slurm_prolog')
92
append_file(files, confpairs, 'Prolog')
93
append_file(files, confpairs, 'Epilog')
94
append_file(files, confpairs, 'JobCredentialPrivateKey')
95
append_file(files, confpairs, 'JobCredentialPublicCertificate')
96
append_file(files, confpairs, 'SlurmdSpoolDir')
97
append_file(files, confpairs, 'StateSaveLocation')
98
append_file(files, confpairs, 'SlurmctldLogFile')
99
append_file(files, confpairs, 'SlurmdLogFile')
100
append_file(files, confpairs, 'JobCompLog')
101
append_file(files, confpairs, 'PluginDir')
102
append_dir(files, confpairs, 'PluginDir')
105
pwname = pwd.getpwnam(confpairs['SlurmUser'])
107
pwname = pwd.getpwnam('slurm')
110
rc = verify_perms(fname, S_IWOTH, pwname)
115
# Make sure that these files are NOT world READABLE.
118
print "Ensuring the following are not world readable:"
120
append_file(files, confpairs, 'JobCredentialPrivateKey')
121
files.append(options.sysconfdir+'/slurmdbd.conf')
122
files.append(options.sysconfdir+'/wiki.conf')
125
rc = verify_perms(fname, S_IROTH, pwname)
131
print 'FAILURE. Some file permissions were incorrect.'
137
def append_file(l, d, key):
138
"""If 'key' exists in dictionary 'd', then append its value to list 'l'"""
145
def append_dir(l, d, key):
146
"""If 'key' exists in dictionary 'd', then the value in 'd' is a directory
147
name. Append all of the entries in the directory to list 'l'."""
149
for fname in os.listdir(d[key]):
150
l.append(d[key] + '/' + fname)
152
def verify_perms(filename, perm_bits, pwname):
153
"""Check file ownership and permission.
155
Returns 'True' when the permission and ownership are verified, and 'False'
156
otherwise. The checks fail if the file's permissions contain the bits
157
'perm_bits', of if the file's uid does not match the supplied entry from
160
s = os.stat(filename)
162
print >>sys.stderr, 'WARNING: Unable to stat', filename
165
perm = S_IMODE(s.st_mode)
167
print >>sys.stderr, 'ERROR: %s: %o has bits %.3o set' % (filename, perm, perm_bits)
169
elif s.st_uid != 0 and s.st_uid != pwname.pw_uid:
170
print >>sys.stderr, 'ERROR: %s has incorrect uid %d' % (filename, s.st_uid)
173
print 'OK: %o %s ' % (perm, filename)
176
if __name__ == "__main__":