Merge pull request #1211 from dbungert/log-dir-perms

logging: 0770 log dir in install env, 0750 later

subiquity/server/controllers/shutdown.py

@@ -19,7 +19,10 @@ import os
 import platform
 import subprocess
 
-from subiquitycore.file_util import open_perms
+from subiquitycore.file_util import (
+    open_perms,
+    set_log_perms,
+)
 from subiquitycore.context import with_context
 from subiquitycore.utils import arun_command, run_command
 
@@ -98,6 +101,9 @@ class ShutdownController(SubiquityController):
         else:
             await arun_command(
                 ['cp', '-aT', '/var/log/installer', target_logs])
+            # Close the permissions from group writes on the target.
+            set_log_perms(target_logs, isdir=True, group_write=False)
+
         journal_txt = os.path.join(target_logs, 'installer-journal.txt')
         try:
             with open_perms(journal_txt) as output:

subiquitycore/file_util.py

@@ -16,19 +16,37 @@
 import contextlib
 import datetime
 import grp
+import logging
 import os
 import tempfile
 
 import yaml
 
-_DEF_PERMS = 0o640
+_DEF_PERMS_FILE = 0o640
 _DEF_GROUP = 'adm'
 
+log = logging.getLogger('subiquitycore.file_util')
+
+
+def set_log_perms(target, *, isdir=True, group_write=False, mode=None):
+    if os.getuid() != 0:
+        log.warning('set_log_perms: running as non-root - not adjusting' +
+                    ' group owner or permissions for ' + target)
+        return
+    if mode is None:
+        mode = _DEF_PERMS_FILE
+        if isdir:
+            mode |= 0o110
+        if group_write:
+            mode |= 0o020
+    os.chmod(target, mode)
+    os.chown(target, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
+
 
 @contextlib.contextmanager
 def open_perms(filename, *, cmode=None):
     if cmode is None:
-        cmode = _DEF_PERMS
+        cmode = _DEF_PERMS_FILE
 
     tf = None
     try:
@@ -37,9 +55,7 @@ def open_perms(filename, *, cmode=None):
         tf = tempfile.NamedTemporaryFile(dir=dirname, delete=False, mode='w')
         yield tf
         tf.close()
-        os.chmod(tf.name, cmode)
-        if os.getuid() == 0:
-            os.chown(tf.name, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
+        set_log_perms(tf.name, mode=cmode)
         os.rename(tf.name, filename)
     except OSError as e:
         if tf is not None:

subiquitycore/log.py

@@ -13,18 +13,17 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import grp
 import logging
 import os
 
-from subiquitycore.file_util import _DEF_PERMS, _DEF_GROUP
+from subiquitycore.file_util import set_log_perms
 
 
 def setup_logger(dir, base='subiquity'):
     os.makedirs(dir, exist_ok=True)
-    if os.getuid() == 0:
-        os.chmod(dir, 0o750)
-        os.chown(dir, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
+    # Create the log directory in such a way that users in the group may
+    # write to this directory in the installation environment.
+    set_log_perms(dir, isdir=True, group_write=True)
 
     logger = logging.getLogger("")
     logger.setLevel(logging.DEBUG)
@@ -35,9 +34,7 @@ def setup_logger(dir, base='subiquity'):
         nopid_file = os.path.join(dir, "{}-{}.log".format(base, level))
         logfile = "{}.{}".format(nopid_file, os.getpid())
         handler = logging.FileHandler(logfile)
-        os.chmod(logfile, _DEF_PERMS)
-        if os.getuid() == 0:
-            os.chown(logfile, -1, grp.getgrnam(_DEF_GROUP).gr_gid)
+        set_log_perms(logfile, isdir=False, group_write=False)
         # os.symlink cannot replace an existing file or symlink so create
         # it and then rename it over.
         tmplink = logfile + ".link"