From 56ae1baf7055155c7ec279fd5e5f1b7275366fee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Holger=20Wei=C3=9F?= <holger@zedat.fu-berlin.de>
Date: Fri, 18 May 2018 13:47:14 +0200
Subject: POSIX: Don't follow symlinks when changing owner

Don't let the client follow symbolic links when changing the owner of a
path.
---
 src/lib/Bcfg2/Client/Tools/POSIX/base.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/Bcfg2/Client/Tools')

diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
index 89675af02..ffa527cd6 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
@@ -130,14 +130,14 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
                                       % (path,
                                          self._norm_entry_uid(entry),
                                          self._norm_entry_gid(entry)))
-                    os.chown(path, self._norm_entry_uid(entry),
-                             self._norm_entry_gid(entry))
+                    os.lchown(path, self._norm_entry_uid(entry),
+                              self._norm_entry_gid(entry))
                 except (OSError, KeyError):
                     self.logger.error('POSIX: Failed to change ownership of %s'
                                       % path)
                     rv = False
                     if sys.exc_info()[0] == KeyError:
-                        os.chown(path, 0, 0)
+                        os.lchown(path, 0, 0)
         else:
             self.logger.debug("POSIX: Run as non-root, not setting ownership")
 
-- 
cgit v1.2.3-1-g7c22