From 22446cefaa073f4cf52f805a0ab14a53b0ec2f81 Mon Sep 17 00:00:00 2001
From: Damian Alvarez <d.alvarez@fz-juelich.de>
Date: Wed, 22 Jun 2022 17:01:40 +0200
Subject: [PATCH] This commit changes:

- Enables multiple owners per package (but does not enable to
  remove/ovewrite already installed files)
- Enables writting in the eb_repo directory
---
 acls.yml    |  8 ++++++++
 bin/setacls | 22 ++++++++++++++++++----
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/acls.yml b/acls.yml
index a579f99e1..ab21fe485 100644
--- a/acls.yml
+++ b/acls.yml
@@ -36,6 +36,14 @@
 #    owner: 'strube1'
 #    base: True
 
+# Multiple users can be set as owners using a list. For example:
+#software:
+#  - name: 'TensorFlow'
+#    owner: ['strube1', 'goebbert1']
+#    base: True
+#
+# This does not apply to already installed software, as the ACLs are not applied recursively!
+
 base:
   - name: 'GCCcore'
     version: '11.2.0'
diff --git a/bin/setacls b/bin/setacls
index 0eae3ea7b..585e253f0 100755
--- a/bin/setacls
+++ b/bin/setacls
@@ -117,8 +117,18 @@ def process_acls(sw, path, opts):
         else:
             LOGGER.debug(f'{bcolors.WARNING}{path} does not exist and will not be created {bcolors.ENDC}')
         if os.path.isdir(path) and not reset:
-            cmd = ['setfacl', '-m', f'u:{sw["owner"]}:rwx', path]
-            run_cmd(cmd, dry_run, force)
+            if isinstance(sw["owner"], str):
+                cmd = ['setfacl', '-m', f'u:{sw["owner"]}:rwx', path]
+                run_cmd(cmd, dry_run, force)
+            elif isinstance(sw["owner"], list):
+                for owner in sw["owner"]:
+                    cmd = ['setfacl', '-m', f'u:{owner}:rwx', path]
+                    run_cmd(cmd, dry_run, force)
+            else:
+                e_str = f'ERROR: The owner of {sw["name"]} is neither a string nor a list. Please double check it.'
+                print(f'{bcolors.FAIL}{e_str}{bcolors.ENDC}')
+                LOGGER.debug(e_str)
+                sys.exit()
 
 def locks(l_config, opts):
     """Checks/sets the $STAGES/$STAGE/.locks directory access rights"""
@@ -160,15 +170,19 @@ def sw_loop(l_config, opts):
         print(f'{bcolors.WARNING}The following commands will be executed:{bcolors.ENDC}')
 
     sw_path = os.path.join(opts.stage_path, 'software')
+    eb_repo_path = os.path.join(opts.stage_path, 'eb_repo')
 
     # Loop over software
     for sw in l_config['software']:
         LOGGER.debug(f'Processing {sw["name"]}...')
-        # Adjust SW installation directory if at least one of the 4 levels in the hierarchy is
-        # correctly configured. Assume that the owner of the package is the owner for all levels
+        # Adjust SW installation directory and eb_repo directory if at least one of the 4 levels
+        # in the hierarchy is correctly configured. Assume that the owner of the package is the
+        # owner for all levels
         if sw.get('system') or sw.get('base') or sw.get('compiler') or sw.get('mpi'):
             LOGGER.debug(f'Adjusting the software installation directory for {sw["name"]}')
             process_acls(sw, os.path.join(sw_path, sw['name']), opts)
+            LOGGER.debug(f'Adjusting the eb_repo directory for {sw["name"]}')
+            process_acls(sw, os.path.join(eb_repo_path, sw['name']), opts)
         # Adjust ACLs on SYSTEM toolchain
         if sw.get('system'):
             LOGGER.debug(f'{sw["name"]} is part of the system toolchain')
-- 
GitLab