|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
From 755b27e59818d3d123dfc4300e528d92f8b5d904 Mon Sep 17 00:00:00 2001
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
From: James Page <james.page@ubuntu.com>
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
Date: Sat, 5 Apr 2014 09:38:12 +0100
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
Subject: [PATCH] Set permissions on generated ring files
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
The use of NamedTemporaryFile creates rings with permissions 0600;
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
however most installs probably generate the rings as root but the
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
swift-proxy runs as user swift.
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
Set the permissions on the generated ring to 0644 prior to rename so
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
that the swift user can read the rings.
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
Change-Id: Ia511931f471c5c9840012c3a75b89c1f35b1b245
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
Closes-Bug: #1302700
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
---
|
|
Pete Zaitcev |
8bb9a30 |
swift/common/ring/ring.py | 1 +
|
|
Pete Zaitcev |
8bb9a30 |
test/unit/common/ring/test_ring.py | 10 ++++++++++
|
|
Pete Zaitcev |
8bb9a30 |
2 files changed, 11 insertions(+)
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
diff --git a/swift/common/ring/ring.py b/swift/common/ring/ring.py
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
index 5b31528..a1f9024 100644
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
--- a/swift/common/ring/ring.py
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+++ b/swift/common/ring/ring.py
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
@@ -120,6 +120,7 @@ class RingData(object):
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
tempf.flush()
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
os.fsync(tempf.fileno())
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
tempf.close()
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ os.chmod(tempf.name, 0o644)
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
os.rename(tempf.name, filename)
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
def to_dict(self):
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
diff --git a/test/unit/common/ring/test_ring.py b/test/unit/common/ring/test_ring.py
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
index 04eb1b7..1892d19 100644
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
--- a/test/unit/common/ring/test_ring.py
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+++ b/test/unit/common/ring/test_ring.py
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
@@ -18,6 +18,7 @@ import cPickle as pickle
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
import os
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
import sys
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
import unittest
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+import stat
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
from contextlib import closing
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
from gzip import GzipFile
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
from tempfile import mkdtemp
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
@@ -98,6 +99,15 @@ class TestRingData(unittest.TestCase):
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
with open(ring_fname2) as ring2:
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
self.assertEqual(ring1.read(), ring2.read())
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ def test_permissions(self):
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ ring_fname = os.path.join(self.testdir, 'stat.ring.gz')
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ rd = ring.RingData(
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ [array.array('H', [0, 1, 0, 1]), array.array('H', [0, 1, 0, 1])],
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ [{'id': 0, 'zone': 0}, {'id': 1, 'zone': 1}], 30)
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ rd.save(ring_fname)
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ self.assertEqual(oct(stat.S_IMODE(os.stat(ring_fname).st_mode)),
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+ '0644')
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
+
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
class TestRing(unittest.TestCase):
|
|
![](https://seccdn.libravatar.org/avatar/8f0815ca40ce4faab9f9e18de0af6e5086763783708152871f0dbd160c6a89e1?s=16&d=retro) |
2faabce |
|