util: ensure log file is root owned
This commit is contained in:
parent
3a319e77d7
commit
a2b63dae13
|
@ -44,7 +44,7 @@ def set_log_perms(target, *, group_write=False, mode=None, group=_DEF_GROUP):
|
||||||
if group_write:
|
if group_write:
|
||||||
mode |= 0o020
|
mode |= 0o020
|
||||||
os.chmod(target, mode)
|
os.chmod(target, mode)
|
||||||
os.chown(target, -1, grp.getgrnam(group).gr_gid)
|
os.chown(target, 0, grp.getgrnam(group).gr_gid)
|
||||||
|
|
||||||
|
|
||||||
@contextlib.contextmanager
|
@contextlib.contextmanager
|
||||||
|
|
|
@ -64,52 +64,52 @@ class TestLogPerms(SubiTestCase):
|
||||||
Path(target).touch()
|
Path(target).touch()
|
||||||
set_log_perms(target)
|
set_log_perms(target)
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_defaults_dir(self):
|
def test_defaults_dir(self):
|
||||||
target = self.tmp_dir()
|
target = self.tmp_dir()
|
||||||
set_log_perms(target)
|
set_log_perms(target)
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_group_write_file(self):
|
def test_group_write_file(self):
|
||||||
target = self.tmp_path("file")
|
target = self.tmp_path("file")
|
||||||
Path(target).touch()
|
Path(target).touch()
|
||||||
set_log_perms(target, group_write=True)
|
set_log_perms(target, group_write=True)
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o020)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o020)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_group_write_dir(self):
|
def test_group_write_dir(self):
|
||||||
target = self.tmp_dir()
|
target = self.tmp_dir()
|
||||||
set_log_perms(target, group_write=True)
|
set_log_perms(target, group_write=True)
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o130)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o130)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_nogroup_write_file(self):
|
def test_nogroup_write_file(self):
|
||||||
target = self.tmp_path("file")
|
target = self.tmp_path("file")
|
||||||
Path(target).touch()
|
Path(target).touch()
|
||||||
set_log_perms(target, group_write=False)
|
set_log_perms(target, group_write=False)
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_nogroup_write_dir(self):
|
def test_nogroup_write_dir(self):
|
||||||
target = self.tmp_dir()
|
target = self.tmp_dir()
|
||||||
set_log_perms(target, group_write=False)
|
set_log_perms(target, group_write=False)
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_mode_file(self):
|
def test_mode_file(self):
|
||||||
target = self.tmp_path("file")
|
target = self.tmp_path("file")
|
||||||
Path(target).touch()
|
Path(target).touch()
|
||||||
set_log_perms(target, mode=0o510)
|
set_log_perms(target, mode=0o510)
|
||||||
self.chmod.assert_called_once_with(target, 0o510)
|
self.chmod.assert_called_once_with(target, 0o510)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_mode_dir(self):
|
def test_mode_dir(self):
|
||||||
target = self.tmp_dir()
|
target = self.tmp_dir()
|
||||||
set_log_perms(target, mode=0o510)
|
set_log_perms(target, mode=0o510)
|
||||||
self.chmod.assert_called_once_with(target, 0o510)
|
self.chmod.assert_called_once_with(target, 0o510)
|
||||||
self.chown.assert_called_once_with(target, -1, self.mock_gid)
|
self.chown.assert_called_once_with(target, 0, self.mock_gid)
|
||||||
|
|
||||||
def test_group_file(self):
|
def test_group_file(self):
|
||||||
self.getgrnam.return_value = Mock(gr_gid=11)
|
self.getgrnam.return_value = Mock(gr_gid=11)
|
||||||
|
@ -117,11 +117,11 @@ class TestLogPerms(SubiTestCase):
|
||||||
Path(target).touch()
|
Path(target).touch()
|
||||||
set_log_perms(target, group="group1")
|
set_log_perms(target, group="group1")
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
|
||||||
self.chown.assert_called_once_with(target, -1, 11)
|
self.chown.assert_called_once_with(target, 0, 11)
|
||||||
|
|
||||||
def test_group_dir(self):
|
def test_group_dir(self):
|
||||||
self.getgrnam.return_value = Mock(gr_gid=11)
|
self.getgrnam.return_value = Mock(gr_gid=11)
|
||||||
target = self.tmp_dir()
|
target = self.tmp_dir()
|
||||||
set_log_perms(target, group="group1")
|
set_log_perms(target, group="group1")
|
||||||
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
|
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
|
||||||
self.chown.assert_called_once_with(target, -1, 11)
|
self.chown.assert_called_once_with(target, 0, 11)
|
||||||
|
|
Loading…
Reference in New Issue