Remove All Shares Recursively in Zimbra 5.0

Zimbra has a way of developing unusable share permissions and the only way to fix this is to strip all of the permissions are start fresh. In earlier releases, you could use this script, but the parsing is broken in version 5.0.x. I have written a script to handle this. I could have written it in bash, but shell scripts have a hard time with many characters, like backslashes and quotes. This python script requires simplejson and should be ran as the zimbra user, just like zmmailbox. Usage is as such: 

Usage: fixgrants.py -u user [-t] folder ...

-u user = account to which the folders belong
-f = strip flags, this will fix inheritance problems.
-t = test_mode, just show commands, nothing will be executed

And here is the script: 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env python

"""
fixgrants is a utility script for maintaining Zimbra's mailbox sharing
permissions.  Zimbra has a tendency to develop unusable permission sets and this
script will strip all permissions from specified folders of a specified account.
It also will strip the folder flags, which will fix permission inheritance
issues.
"""

import getopt
import os
import simplejson
import sys

def get_flagged_list(folder):
    """ Parse getFolder JSON to get a dictionary of folders with flags """
    if 'flags' in folder:
        # Double escape backslashes
        folders = {folder['path'].replace('\\', '\\\\'): folder['flags'],}
    else:
        folders = {}
    if folder['children']:
        for child in folder['children']:
            folders.update(get_flagged_list(child))
    return folders

def get_grants_list(folder):
    """ Parse getFolder JSON to get a dictionary of folders with grants """
    if folder['grants']:
        # Double escape backslashes
        folders = {folder['path'].replace('\\', '\\\\'): folder['grants'],}
    else:
        folders = {}
    if folder['children']:
        for child in folder['children']:
            folders.update(get_grants_list(child))
    return folders

def rm_folder_grants(user, folder, test_mode=False):
    """
    Remove grants recursively

    rm_folder_grants(user, folder, test_mode=False)

    user is a zimbra account.
    folder is a getFolder JSON parsed by simplejson.
    test_mode determine if any commands will actually be executed.
    """
    print "Removing Grants"
    for folder, grants in get_grants_list(folder).iteritems():
        print "Processing", folder
        for grant in grants:
            grant['account'] = user
            grant['folder'] = folder
            cmd = "zmmailbox -z -m %(account)s mfg \"%(folder)s\" account %(name)s none" % grant
            print cmd
            if not test_mode is True:
                os.popen(cmd)

def rm_folder_flags(user, folder, test_mode=False):
    """
    Remove folder flags recursively

    rm_folder_flags(user, folder, test_mode=False)

    user is a zimbra account.
    folder is a getFolder JSON parsed by simplejson.
    test_mode determine if any commands will actually be executed.
    """
    print "Removing Flags"
    for folder in get_flagged_list(folder):
        print "Processing", folder
        args = {'account': user, 'folder': folder}
        cmd = "zmmailbox -z -m %(account)s mff \"%(folder)s\" ''" % args
        print cmd
        if not test_mode is True:
            os.popen(cmd)

def print_usage():
    sys.stderr.write("""
    Usage: %s -u user [-t] folder ...

    -u user = account to which the folders belong
    -f = strip flags, this will fix inheritance problems.
    -t = test_mode, just show commands, nothing will be executed
""" % sys.argv[0])


if __name__ == '__main__':
    optlist, args = getopt.getopt(sys.argv[1:], 'ftu:')
    if not args:
        sys.stderr.write("You must specify folders to alter\n")
        print_usage()
        raise SystemExit, 1
    optd = dict(optlist)
    if '-u' not in optd:
        sys.stderr.write("You must specify a user\n")
        print_usage()
        raise SystemExit, 1
    test_mode = False
    if '-t' in optd:
        test_mode = True
    strip_flags = False
    if '-f' in optd:
        strip_flags = True

    user = optd['-u']
    for folder in args:
        output = os.popen("zmmailbox -z -m \"%s\" gf \"%s\"" % (user, folder))
        folders = simplejson.load(output)
        rm_folder_grants(user, folders, test_mode=test_mode)
        if strip_flags is True:
            rm_folder_flags(user, folders, test_mode=test_mode)
Posted by Tyler Lesmann on April 3, 2009 at 14:21
Tagged as: fix python zimbra
Reddit Digg Slashdot del.icio.us YCombinator DZone Google StumbleUpon Facebook TwitThis Ping.fm email Print
Comments
#1 David Margolis wrote this 4 years, 1 month ago

Hi Tyler,

Great Blog!!

We have a 3 year contract assignnment in Phoenix, AZ with a Global Engineering Company. I thought you or somebody might know might be interested.

Looking for someone with an RHCE.

Please feel free to reach out to me at any time.

Dave Margolis
Business Development
Bernard, Nickels & Associates
Office: 212-477-8306 ext.28
Cell: 917-701-3923
dave@bnastaffing.com
www.linkedin.com/in/davemargolis
http://twitter.com/DaveMargolis

Post a comment