Merge pull request #1211 from dbungert/log-dir-perms
logging: 0770 log dir in install env, 0750 later
This commit is contained in:
commit
428dc9502f
|
@ -19,7 +19,10 @@ import os
|
|||
import platform
|
||||
import subprocess
|
||||
|
||||
from subiquitycore.file_util import open_perms
|
||||
from subiquitycore.file_util import (
|
||||
open_perms,
|
||||
set_log_perms,
|
||||
)
|
||||
from subiquitycore.context import with_context
|
||||
from subiquitycore.utils import arun_command, run_command
|
||||
|
||||
|
@ -98,6 +101,9 @@ class ShutdownController(SubiquityController):
|
|||
else:
|
||||
await arun_command(
|
||||
['cp', '-aT', '/var/log/installer', target_logs])
|
||||
# Close the permissions from group writes on the target.
|
||||
set_log_perms(target_logs, isdir=True, group_write=False)
|
||||
|
||||
journal_txt = os.path.join(target_logs, 'installer-journal.txt')
|
||||
try:
|
||||
with open_perms(journal_txt) as output:
|
||||
|
|
|
@ -16,19 +16,37 @@
|
|||
import contextlib
|
||||
import datetime
|
||||
import grp
|
||||
import logging
|
||||
import os
|
||||
import tempfile
|
||||
|
||||
import yaml
|
||||
|
||||
_DEF_PERMS = 0o640
|
||||
_DEF_PERMS_FILE = 0o640
|
||||
_DEF_GROUP = 'adm'
|
||||
|
||||
log = logging.getLogger('subiquitycore.file_util')
|
||||
|
||||
|
||||
def set_log_perms(target, *, isdir=True, group_write=False, mode=None):
|
||||
if os.getuid() != 0:
|
||||
log.warning('set_log_perms: running as non-root - not adjusting' +
|
||||
' group owner or permissions for ' + target)
|
||||
return
|
||||
if mode is None:
|
||||
mode = _DEF_PERMS_FILE
|
||||
if isdir:
|
||||
mode |= 0o110
|
||||
if group_write:
|
||||
mode |= 0o020
|
||||
os.chmod(target, mode)
|
||||
os.chown(target, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
|
||||
|
||||
|
||||
@contextlib.contextmanager
|
||||
def open_perms(filename, *, cmode=None):
|
||||
if cmode is None:
|
||||
cmode = _DEF_PERMS
|
||||
cmode = _DEF_PERMS_FILE
|
||||
|
||||
tf = None
|
||||
try:
|
||||
|
@ -37,9 +55,7 @@ def open_perms(filename, *, cmode=None):
|
|||
tf = tempfile.NamedTemporaryFile(dir=dirname, delete=False, mode='w')
|
||||
yield tf
|
||||
tf.close()
|
||||
os.chmod(tf.name, cmode)
|
||||
if os.getuid() == 0:
|
||||
os.chown(tf.name, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
|
||||
set_log_perms(tf.name, mode=cmode)
|
||||
os.rename(tf.name, filename)
|
||||
except OSError as e:
|
||||
if tf is not None:
|
||||
|
|
|
@ -13,18 +13,17 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import grp
|
||||
import logging
|
||||
import os
|
||||
|
||||
from subiquitycore.file_util import _DEF_PERMS, _DEF_GROUP
|
||||
from subiquitycore.file_util import set_log_perms
|
||||
|
||||
|
||||
def setup_logger(dir, base='subiquity'):
|
||||
os.makedirs(dir, exist_ok=True)
|
||||
if os.getuid() == 0:
|
||||
os.chmod(dir, 0o750)
|
||||
os.chown(dir, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
|
||||
# Create the log directory in such a way that users in the group may
|
||||
# write to this directory in the installation environment.
|
||||
set_log_perms(dir, isdir=True, group_write=True)
|
||||
|
||||
logger = logging.getLogger("")
|
||||
logger.setLevel(logging.DEBUG)
|
||||
|
@ -35,9 +34,7 @@ def setup_logger(dir, base='subiquity'):
|
|||
nopid_file = os.path.join(dir, "{}-{}.log".format(base, level))
|
||||
logfile = "{}.{}".format(nopid_file, os.getpid())
|
||||
handler = logging.FileHandler(logfile)
|
||||
os.chmod(logfile, _DEF_PERMS)
|
||||
if os.getuid() == 0:
|
||||
os.chown(logfile, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
|
||||
set_log_perms(logfile, isdir=False, group_write=False)
|
||||
# os.symlink cannot replace an existing file or symlink so create
|
||||
# it and then rename it over.
|
||||
tmplink = logfile + ".link"
|
||||
|
|
Loading…
Reference in New Issue