Actually set file permissions for servers when booting the daemon
This commit is contained in:
parent
03ef52c0db
commit
881cb84605
19
cmd/root.go
19
cmd/root.go
|
@ -146,13 +146,6 @@ func rootCmdRun(*cobra.Command, []string) {
|
||||||
}).Info("configured system user successfully")
|
}).Info("configured system user successfully")
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("beginning file permission setting on server data directories")
|
|
||||||
if err := c.EnsureFilePermissions(); err != nil {
|
|
||||||
log.WithField("error", err).Error("failed to properly chown data directories")
|
|
||||||
} else {
|
|
||||||
log.Info("finished ensuring file permissions")
|
|
||||||
}
|
|
||||||
|
|
||||||
if err := server.LoadDirectory(); err != nil {
|
if err := server.LoadDirectory(); err != nil {
|
||||||
log.WithField("error", err).Fatal("failed to load server configurations")
|
log.WithField("error", err).Fatal("failed to load server configurations")
|
||||||
return
|
return
|
||||||
|
@ -172,6 +165,10 @@ func rootCmdRun(*cobra.Command, []string) {
|
||||||
log.WithField("server", s.Id()).Info("loaded configuration for server")
|
log.WithField("server", s.Id()).Info("loaded configuration for server")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !c.System.SetPermissionsOnBoot {
|
||||||
|
log.Warn("server file permission checking is currently disabled on boot!")
|
||||||
|
}
|
||||||
|
|
||||||
// Create a new WaitGroup that limits us to 4 servers being bootstrapped at a time
|
// Create a new WaitGroup that limits us to 4 servers being bootstrapped at a time
|
||||||
// on Wings. This allows us to ensure the environment exists, write configurations,
|
// on Wings. This allows us to ensure the environment exists, write configurations,
|
||||||
// and reboot processes without causing a slow-down due to sequential booting.
|
// and reboot processes without causing a slow-down due to sequential booting.
|
||||||
|
@ -183,8 +180,14 @@ func rootCmdRun(*cobra.Command, []string) {
|
||||||
go func(s *server.Server) {
|
go func(s *server.Server) {
|
||||||
defer wg.Done()
|
defer wg.Done()
|
||||||
|
|
||||||
s.Log().Info("ensuring server environment exists")
|
if c.System.SetPermissionsOnBoot {
|
||||||
|
s.Log().Info("chowning server data directory")
|
||||||
|
if err := s.Filesystem.Chown("/"); err != nil {
|
||||||
|
s.Log().WithField("error", err).Warn("error during server data directory chown")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
s.Log().Info("ensuring server environment exists")
|
||||||
// Create a server environment if none exists currently. This allows us to recover from Docker
|
// Create a server environment if none exists currently. This allows us to recover from Docker
|
||||||
// being reinstalled on the host system for example.
|
// being reinstalled on the host system for example.
|
||||||
if err := s.Environment.Create(); err != nil {
|
if err := s.Environment.Create(); err != nil {
|
||||||
|
|
|
@ -2,10 +2,8 @@ package config
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/apex/log"
|
|
||||||
"github.com/cobaugh/osrelease"
|
"github.com/cobaugh/osrelease"
|
||||||
"github.com/creasty/defaults"
|
"github.com/creasty/defaults"
|
||||||
"github.com/gammazero/workerpool"
|
|
||||||
"github.com/gbrlsnchs/jwt/v3"
|
"github.com/gbrlsnchs/jwt/v3"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"gopkg.in/yaml.v2"
|
"gopkg.in/yaml.v2"
|
||||||
|
@ -13,9 +11,6 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"os/user"
|
"os/user"
|
||||||
"path"
|
|
||||||
"regexp"
|
|
||||||
"runtime"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
|
@ -288,42 +283,6 @@ func (c *Configuration) setSystemUser(u *user.User) error {
|
||||||
return c.WriteToDisk()
|
return c.WriteToDisk()
|
||||||
}
|
}
|
||||||
|
|
||||||
var uuid4Regex = regexp.MustCompile("^[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}$")
|
|
||||||
|
|
||||||
// Ensures that the configured data directory has the correct permissions assigned to
|
|
||||||
// all of the files and folders within.
|
|
||||||
func (c *Configuration) EnsureFilePermissions() error {
|
|
||||||
// Don't run this unless it is configured to be run. On large system this can often slow
|
|
||||||
// things down dramatically during the boot process.
|
|
||||||
if !c.System.SetPermissionsOnBoot {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
files, err := ioutil.ReadDir(c.System.Data)
|
|
||||||
if err != nil {
|
|
||||||
return errors.WithStack(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
pool := workerpool.New(runtime.NumCPU())
|
|
||||||
|
|
||||||
for _, file := range files {
|
|
||||||
f := file
|
|
||||||
if !f.IsDir() || !uuid4Regex.MatchString(f.Name()) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
pool.Submit(func() {
|
|
||||||
if err := os.Chown(path.Join(c.System.Data, f.Name()), c.System.User.Uid, c.System.User.Gid); err != nil {
|
|
||||||
log.WithField("error", err).WithField("directory", f.Name()).Warn("failed to chown server directory")
|
|
||||||
}
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
pool.StopWait()
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Writes the configuration to the disk as a blocking operation by obtaining an exclusive
|
// Writes the configuration to the disk as a blocking operation by obtaining an exclusive
|
||||||
// lock on the file. This prevents something else from writing at the exact same time and
|
// lock on the file. This prevents something else from writing at the exact same time and
|
||||||
// leading to bad data conditions.
|
// leading to bad data conditions.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user