From ab62481b597edcc099811039f7fd60743353d979 Mon Sep 17 00:00:00 2001 From: Michael Fenn Date: Fri, 28 Jun 2013 23:56:30 -0400 Subject: Info: make builddir add owner write permissions to all files Since bcfg2-info isn't normally run as root, it can remove write permissions from itself in certain situations. This patch ensures that owner write is added to the mode for all files written by builddir. For example, suppose a bundle specifies a file /etc/foo/private with mode 0444. The POSIX tool will create /etc/foo with mode 0555. Any subsequent files that are specified to exist in /etc/foo will not be created because bcfg2-info will hit a permission denied error. --- src/sbin/bcfg2-info | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/sbin/bcfg2-info b/src/sbin/bcfg2-info index 133e1ccb3..a8aad3730 100755 --- a/src/sbin/bcfg2-info +++ b/src/sbin/bcfg2-info @@ -10,6 +10,7 @@ import fnmatch import logging import lxml.etree import traceback +import stat from code import InteractiveConsole import Bcfg2.Logger import Bcfg2.Options @@ -280,6 +281,9 @@ Bcfg2 client itself.""") for entry in struct: if entry.tag == 'Path': entry.set('name', odir + '/' + entry.get('name')) + if entry.get('mode') != None: + entry.set('mode', \ + oct(int(entry.get('mode'), 8)|stat.S_IWUSR)) posix = Bcfg2.Client.Tools.POSIX.POSIX(MockLog(), self.setup, -- cgit v1.2.3-1-g7c22 From 8f4a8d386f6f2988de08e686f04c457a62189dfd Mon Sep 17 00:00:00 2001 From: Michael Fenn Date: Sat, 29 Jun 2013 12:37:00 -0400 Subject: Make pylint happy --- src/sbin/bcfg2-info | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/sbin/bcfg2-info b/src/sbin/bcfg2-info index a8aad3730..ce6e09ec4 100755 --- a/src/sbin/bcfg2-info +++ b/src/sbin/bcfg2-info @@ -281,9 +281,11 @@ Bcfg2 client itself.""") for entry in struct: if entry.tag == 'Path': entry.set('name', odir + '/' + entry.get('name')) - if entry.get('mode') != None: - entry.set('mode', \ - oct(int(entry.get('mode'), 8)|stat.S_IWUSR)) + if entry.get('mode') is not None: + entry.set( + 'mode', + oct(int(entry.get('mode'), 8) | stat.S_IWUSR) + ) posix = Bcfg2.Client.Tools.POSIX.POSIX(MockLog(), self.setup, -- cgit v1.2.3-1-g7c22 From 8bc16592a62e4e30da570c5ef7f134a00190768d Mon Sep 17 00:00:00 2001 From: Michael Fenn Date: Mon, 1 Jul 2013 16:03:23 -0400 Subject: Revert "Make pylint happy" This reverts commit 8f4a8d386f6f2988de08e686f04c457a62189dfd. --- src/sbin/bcfg2-info | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/sbin/bcfg2-info b/src/sbin/bcfg2-info index ce6e09ec4..a8aad3730 100755 --- a/src/sbin/bcfg2-info +++ b/src/sbin/bcfg2-info @@ -281,11 +281,9 @@ Bcfg2 client itself.""") for entry in struct: if entry.tag == 'Path': entry.set('name', odir + '/' + entry.get('name')) - if entry.get('mode') is not None: - entry.set( - 'mode', - oct(int(entry.get('mode'), 8) | stat.S_IWUSR) - ) + if entry.get('mode') != None: + entry.set('mode', \ + oct(int(entry.get('mode'), 8)|stat.S_IWUSR)) posix = Bcfg2.Client.Tools.POSIX.POSIX(MockLog(), self.setup, -- cgit v1.2.3-1-g7c22 From ed1b4c4fbf0833904cfea6f0cb0561a1f18361a8 Mon Sep 17 00:00:00 2001 From: Michael Fenn Date: Mon, 1 Jul 2013 16:03:33 -0400 Subject: Revert "Info: make builddir add owner write permissions to all files" This reverts commit ab62481b597edcc099811039f7fd60743353d979. --- src/sbin/bcfg2-info | 4 ---- 1 file changed, 4 deletions(-) (limited to 'src') diff --git a/src/sbin/bcfg2-info b/src/sbin/bcfg2-info index a8aad3730..133e1ccb3 100755 --- a/src/sbin/bcfg2-info +++ b/src/sbin/bcfg2-info @@ -10,7 +10,6 @@ import fnmatch import logging import lxml.etree import traceback -import stat from code import InteractiveConsole import Bcfg2.Logger import Bcfg2.Options @@ -281,9 +280,6 @@ Bcfg2 client itself.""") for entry in struct: if entry.tag == 'Path': entry.set('name', odir + '/' + entry.get('name')) - if entry.get('mode') != None: - entry.set('mode', \ - oct(int(entry.get('mode'), 8)|stat.S_IWUSR)) posix = Bcfg2.Client.Tools.POSIX.POSIX(MockLog(), self.setup, -- cgit v1.2.3-1-g7c22 From 2519c6dbbd49b06042b4f21f10c6fecfbf7e5230 Mon Sep 17 00:00:00 2001 From: Michael Fenn Date: Mon, 1 Jul 2013 16:08:59 -0400 Subject: New approach, just create nwe directories with mode 0755 regardless --- src/lib/Bcfg2/Client/Tools/POSIX/base.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py index 16fe0acb5..3778569a6 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py +++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py @@ -706,16 +706,10 @@ class POSIXTool(Bcfg2.Client.Tools.Tool): (path, err)) rv = False - # we need to make sure that we give +x to everyone who needs - # it. E.g., if the file that's been distributed is 0600, we - # can't make the parent directories 0600 also; that'd be - # pretty useless. They need to be 0700. + # set auto-created directories to mode 755, if you need + # something else, you should specify it in your config tmpentry = copy.deepcopy(entry) - newmode = int(entry.get('mode'), 8) - for i in range(0, 3): - if newmode & (6 * pow(8, i)): - newmode |= 1 * pow(8, i) - tmpentry.set('mode', oct_mode(newmode)) + tmpentry.set('mode', '0755') for acl in tmpentry.findall('ACL'): acl.set('perms', oct_mode(self._norm_acl_perms(acl.get('perms')) | -- cgit v1.2.3-1-g7c22