From 881cb84605e57d00b8701edc2b85f658b0be7167 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Fri, 31 Jul 2020 21:55:30 -0700 Subject: [PATCH] Actually set file permissions for servers when booting the daemon --- cmd/root.go | 19 +++++++++++-------- config/config.go | 41 ----------------------------------------- 2 files changed, 11 insertions(+), 49 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index ffbf96f..8e008af 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -146,13 +146,6 @@ func rootCmdRun(*cobra.Command, []string) { }).Info("configured system user successfully") } - log.Info("beginning file permission setting on server data directories") - if err := c.EnsureFilePermissions(); err != nil { - log.WithField("error", err).Error("failed to properly chown data directories") - } else { - log.Info("finished ensuring file permissions") - } - if err := server.LoadDirectory(); err != nil { log.WithField("error", err).Fatal("failed to load server configurations") return @@ -172,6 +165,10 @@ func rootCmdRun(*cobra.Command, []string) { log.WithField("server", s.Id()).Info("loaded configuration for server") } + if !c.System.SetPermissionsOnBoot { + log.Warn("server file permission checking is currently disabled on boot!") + } + // Create a new WaitGroup that limits us to 4 servers being bootstrapped at a time // on Wings. This allows us to ensure the environment exists, write configurations, // and reboot processes without causing a slow-down due to sequential booting. @@ -183,8 +180,14 @@ func rootCmdRun(*cobra.Command, []string) { go func(s *server.Server) { defer wg.Done() - s.Log().Info("ensuring server environment exists") + if c.System.SetPermissionsOnBoot { + s.Log().Info("chowning server data directory") + if err := s.Filesystem.Chown("/"); err != nil { + s.Log().WithField("error", err).Warn("error during server data directory chown") + } + } + s.Log().Info("ensuring server environment exists") // Create a server environment if none exists currently. This allows us to recover from Docker // being reinstalled on the host system for example. if err := s.Environment.Create(); err != nil { diff --git a/config/config.go b/config/config.go index 1275bc1..5aa22d5 100644 --- a/config/config.go +++ b/config/config.go @@ -2,10 +2,8 @@ package config import ( "fmt" - "github.com/apex/log" "github.com/cobaugh/osrelease" "github.com/creasty/defaults" - "github.com/gammazero/workerpool" "github.com/gbrlsnchs/jwt/v3" "github.com/pkg/errors" "gopkg.in/yaml.v2" @@ -13,9 +11,6 @@ import ( "os" "os/exec" "os/user" - "path" - "regexp" - "runtime" "strconv" "strings" "sync" @@ -288,42 +283,6 @@ func (c *Configuration) setSystemUser(u *user.User) error { return c.WriteToDisk() } -var uuid4Regex = regexp.MustCompile("^[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}$") - -// Ensures that the configured data directory has the correct permissions assigned to -// all of the files and folders within. -func (c *Configuration) EnsureFilePermissions() error { - // Don't run this unless it is configured to be run. On large system this can often slow - // things down dramatically during the boot process. - if !c.System.SetPermissionsOnBoot { - return nil - } - - files, err := ioutil.ReadDir(c.System.Data) - if err != nil { - return errors.WithStack(err) - } - - pool := workerpool.New(runtime.NumCPU()) - - for _, file := range files { - f := file - if !f.IsDir() || !uuid4Regex.MatchString(f.Name()) { - continue - } - - pool.Submit(func() { - if err := os.Chown(path.Join(c.System.Data, f.Name()), c.System.User.Uid, c.System.User.Gid); err != nil { - log.WithField("error", err).WithField("directory", f.Name()).Warn("failed to chown server directory") - } - }) - } - - pool.StopWait() - - return nil -} - // Writes the configuration to the disk as a blocking operation by obtaining an exclusive // lock on the file. This prevents something else from writing at the exact same time and // leading to bad data conditions.