StealthOS/subiquity
StealthOS
/
subiquity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

util: ensure log file is root owned 

(cherry picked from commit a2b63dae13)
This commit is contained in:
Dan Bungert 2023-10-04 14:02:06 -06:00
parent f84a68577f
commit c208ccfcab
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
subiquitycore/file_util.py
View File

@ -44,7 +44,7 @@ def set_log_perms(target, *, group_write=False, mode=None, group=_DEF_GROUP):
if group_write: if group_write:
mode |= 0o020 mode |= 0o020
os.chmod(target, mode) os.chmod(target, mode)
os.chown(target, -1, grp.getgrnam(group).gr_gid) os.chown(target, 0, grp.getgrnam(group).gr_gid)
@contextlib.contextmanager @contextlib.contextmanager

20
subiquitycore/tests/test_file_util.py
View File

@ -64,52 +64,52 @@ class TestLogPerms(SubiTestCase):
Path(target).touch() Path(target).touch()
set_log_perms(target) set_log_perms(target)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_defaults_dir(self): def test_defaults_dir(self):
target = self.tmp_dir() target = self.tmp_dir()
set_log_perms(target) set_log_perms(target)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_group_write_file(self): def test_group_write_file(self):
target = self.tmp_path("file") target = self.tmp_path("file")
Path(target).touch() Path(target).touch()
set_log_perms(target, group_write=True) set_log_perms(target, group_write=True)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o020) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o020)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_group_write_dir(self): def test_group_write_dir(self):
target = self.tmp_dir() target = self.tmp_dir()
set_log_perms(target, group_write=True) set_log_perms(target, group_write=True)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o130) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o130)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_nogroup_write_file(self): def test_nogroup_write_file(self):
target = self.tmp_path("file") target = self.tmp_path("file")
Path(target).touch() Path(target).touch()
set_log_perms(target, group_write=False) set_log_perms(target, group_write=False)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_nogroup_write_dir(self): def test_nogroup_write_dir(self):
target = self.tmp_dir() target = self.tmp_dir()
set_log_perms(target, group_write=False) set_log_perms(target, group_write=False)
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_mode_file(self): def test_mode_file(self):
target = self.tmp_path("file") target = self.tmp_path("file")
Path(target).touch() Path(target).touch()
set_log_perms(target, mode=0o510) set_log_perms(target, mode=0o510)
self.chmod.assert_called_once_with(target, 0o510) self.chmod.assert_called_once_with(target, 0o510)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_mode_dir(self): def test_mode_dir(self):
target = self.tmp_dir() target = self.tmp_dir()
set_log_perms(target, mode=0o510) set_log_perms(target, mode=0o510)
self.chmod.assert_called_once_with(target, 0o510) self.chmod.assert_called_once_with(target, 0o510)
self.chown.assert_called_once_with(target, -1, self.mock_gid) self.chown.assert_called_once_with(target, 0, self.mock_gid)
def test_group_file(self): def test_group_file(self):
self.getgrnam.return_value = Mock(gr_gid=11) self.getgrnam.return_value = Mock(gr_gid=11)
@ -117,11 +117,11 @@ class TestLogPerms(SubiTestCase):
Path(target).touch() Path(target).touch()
set_log_perms(target, group="group1") set_log_perms(target, group="group1")
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE)
self.chown.assert_called_once_with(target, -1, 11) self.chown.assert_called_once_with(target, 0, 11)
def test_group_dir(self): def test_group_dir(self):
self.getgrnam.return_value = Mock(gr_gid=11) self.getgrnam.return_value = Mock(gr_gid=11)
target = self.tmp_dir() target = self.tmp_dir()
set_log_perms(target, group="group1") set_log_perms(target, group="group1")
self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110) self.chmod.assert_called_once_with(target, _DEF_PERMS_FILE | 0o110)
self.chown.assert_called_once_with(target, -1, 11) self.chown.assert_called_once_with(target, 0, 11)