Elastifile Access Permission Tool

Overview

The Elastifile Access Permission tool allows multiple operations:

  1. show_conf- Print the existing access permission configuration on all system's exports and ACLs.
  2. export- Export the system's exports and ACLs access permission configuration to an external JSON file.
  3. read_only- Move all read_write system's exports and ACLs to read_only access permission.
  4. read_write- Move all original read_write system's exports and ACLs to their original access permission, assuming the configuration was exported.

Tool Execution

1. SSH to the required system's EMS

2. Download the script

# wget https://storage.googleapis.com/elastifile-software-repo/scripts/access_permission.py

3. Print the current configuration using the show_conf argument

# python access_permission.py -a show_conf -p changeme

Export ID 1: no_access

Export ID 2: list_only
Export ID 2- Rule ID 4: list_only
Export ID 2- Rule ID 5: read_only
Export ID 2- Rule ID 6: read_only

Export ID 3: read_only

Export ID 4: read_write
Export ID 4- Rule ID 1: read_write
Export ID 4- Rule ID 2: read_write
Export ID 4- Rule ID 3: read_write

Export ID 5: read_only
Export ID 5- Rule ID 7: read_only
Export ID 5- Rule ID 8: read_write
Export ID 5- Rule ID 9: read_write
Export ID 5- Rule ID 11: list_only

4. Export the current configuration to an external JSON file

# python access_permission.py -a export -p changeme
File named /root/exports.json was exported successfully
NOTE: If a file with the same name already exists, you will have to delete the file manually.
IMPORTANT:  If the original file will be deleted, the script will not be able to restore the original permissions

5. Move the current configuration to a read_only mode:

# python access_permission.py -a read_only -p changeme

Are you sure you want to move all exports and ACLs to READ_ONLY mode?
Only 'Yes' will be accepted to approve.
Enter a value: Yes

Check export ID 1
Export has no_access permission. No need to touch
Export ID 1 has no ACLs configured.

Check export ID 2
Export has list_only permission. No need to touch
Export ID 2 has ACLs configured. Modifying..
Check rule ID 4 on export ID 2
Check rule ID 5 on export ID 2
Check rule ID 6 on export ID 2

Check export ID 4
Export has read_write permission. Modifying..
Export ID 4 has ACLs configured. Modifying..
Check rule ID 1 on export ID 4
Rule has read_write permission. Modifying..
Check rule ID 2 on export ID 4
Rule has read_write permission. Modifying..
Check rule ID 3 on export ID 4
Rule has read_write permission. Modifying..

Check export ID 5
Export has read_only permission. No need to touch
Export ID 5 has ACLs configured. Modifying..
Check rule ID 7 on export ID 5
Check rule ID 8 on export ID 5
Rule has read_write permission. Modifying..
Check rule ID 9 on export ID 5
Rule has read_write permission. Modifying..
Check rule ID 11 on export ID 5

6. Validate the configuration was changed

# python access_permission.py -a show_conf -p changeme

Export ID 1: no_access

Export ID 2: list_only
Export ID 2- Rule ID 4: list_only
Export ID 2- Rule ID 5: read_only
Export ID 2- Rule ID 6: read_only

Export ID 3: read_only

Export ID 4: read_only
Export ID 4- Rule ID 1: read_only
Export ID 4- Rule ID 2: read_only
Export ID 4- Rule ID 3: read_only

Export ID 5: read_only
Export ID 5- Rule ID 7: read_only
Export ID 5- Rule ID 8: read_only
Export ID 5- Rule ID 9: read_only
Export ID 5- Rule ID 11: list_only

7. Revert the configuration to the original mode:

# python access_permission.py -a read_write -p changeme

Are you sure you want to move all exports and ACLs to READ_WRITE mode?
Only 'Yes' will be accepted to approve.
Enter a value: Yes

Check export ID 1
Export has no_access permission. No need to touch
Export ID 1 has no ACLs configured.

Check export ID 2
Export has list_only permission. No need to touch
Export ID 2 has ACLs configured. Modifying..
Check rule ID 4 on export ID 2
Check rule ID 5 on export ID 2
Check rule ID 6 on export ID 2

Check export ID 4
Export has read_write permission. Modifying..
Export ID 4 has ACLs configured. Modifying..
Check rule ID 1 on export ID 4
Rule has read_write permission. Modifying..
Check rule ID 2 on export ID 4
Rule has read_write permission. Modifying..
Check rule ID 3 on export ID 4
Rule has read_write permission. Modifying..

Check export ID 5
Export has read_only permission. No need to touch
Export ID 5 has ACLs configured. Modifying..
Check rule ID 7 on export ID 5
Check rule ID 8 on export ID 5
Rule has read_write permission. Modifying..
Check rule ID 9 on export ID 5
Rule has read_write permission. Modifying..
Check rule ID 11 on export ID 5

Tool Usage

# python access_permission.py --help

Usage: access_permission.py [options]

Options:
  -h, --help            show this help message and exit
  -u USER, --user=USER  Enter the user name. [Default: admin]
  -p PASSWORD, --password=PASSWORD
                        Enter the user name password. [Default: changeme]
  -a ACTION, --action=ACTION
                        Specify the action you would like to perform. The
                        options are: export, show_conf, read_only and
                        read_write

 

 

Was this helpful?

How can we improve it?
true
Search
Clear search
Close search
Google apps
Main menu
3826386617546411568
true
Search Help Center
true
true
true
false
false