StealthOS/subiquity
StealthOS
/
subiquity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

util: ensure log file is root owned

This commit is contained in:
Dan Bungert 2023-10-04 14:02:06 -06:00
parent 3a319e77d7
commit a2b63dae13
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
subiquitycore/file_util.py
View File

@ -44,7 +44,7 @@ def set_log_perms(target, *, group_write=False, mode=None, group=_DEF_GROUP):
if group_write:
mode |= 0o020
os.chmod(target, mode)
os.chown(target, -1, grp.getgrnam(group).gr_gid)
os.chown(target, 0, grp.getgrnam(group).gr_gid)
@contextlib.contextmanager

20
subiquitycore/tests/test_file_util.py
View File

@ -64,52 +64,52 @@ class TestLogPerms(SubiTestCase):
Path(target).touch()
set_log_perms(target)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_defaults_dir(self):
target = self.tmp_dir()
set_log_perms(target)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_group_write_file(self):
target = self.tmp_path("file")
Path(target).touch()
set_log_perms(target, group_write=True)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o020)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_group_write_dir(self):
target = self.tmp_dir()
set_log_perms(target, group_write=True)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o130)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_nogroup_write_file(self):
target = self.tmp_path("file")
Path(target).touch()
set_log_perms(target, group_write=False)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_nogroup_write_dir(self):
target = self.tmp_dir()
set_log_perms(target, group_write=False)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_mode_file(self):
target = self.tmp_path("file")
Path(target).touch()
set_log_perms(target, mode=0o510)
self.chmod.assert_called_once_with(target, 0o510)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_mode_dir(self):
target = self.tmp_dir()
set_log_perms(target, mode=0o510)
self.chmod.assert_called_once_with(target, 0o510)
self.chown.assert_called_once_with(target, -1, self.mock_gid)
self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_group_file(self):
self.getgrnam.return_value = Mock(gr_gid=11)
@ -117,11 +117,11 @@ class TestLogPerms(SubiTestCase):
Path(target).touch()
set_log_perms(target, group="group1")
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
self.chown.assert_called_once_with(target, -1, 11)
self.chown.assert_called_once_with(target, 0, 11)
def test_group_dir(self):
self.getgrnam.return_value = Mock(gr_gid=11)
target = self.tmp_dir()
set_log_perms(target, group="group1")
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
self.chown.assert_called_once_with(target, -1, 11)
self.chown.assert_called_once_with(target, 0, 11)