Actually set file permissions for servers when booting the daemon

This commit is contained in:
Dane Everitt 2020-07-31 21:55:30 -07:00
parent 03ef52c0db
commit 881cb84605
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
2 changed files with 11 additions and 49 deletions

View File

@ -146,13 +146,6 @@ func rootCmdRun(*cobra.Command, []string) {
}).Info("configured system user successfully") }).Info("configured system user successfully")
} }
log.Info("beginning file permission setting on server data directories")
if err := c.EnsureFilePermissions(); err != nil {
log.WithField("error", err).Error("failed to properly chown data directories")
} else {
log.Info("finished ensuring file permissions")
}
if err := server.LoadDirectory(); err != nil { if err := server.LoadDirectory(); err != nil {
log.WithField("error", err).Fatal("failed to load server configurations") log.WithField("error", err).Fatal("failed to load server configurations")
return return
@ -172,6 +165,10 @@ func rootCmdRun(*cobra.Command, []string) {
log.WithField("server", s.Id()).Info("loaded configuration for server") log.WithField("server", s.Id()).Info("loaded configuration for server")
} }
if !c.System.SetPermissionsOnBoot {
log.Warn("server file permission checking is currently disabled on boot!")
}
// Create a new WaitGroup that limits us to 4 servers being bootstrapped at a time // Create a new WaitGroup that limits us to 4 servers being bootstrapped at a time
// on Wings. This allows us to ensure the environment exists, write configurations, // on Wings. This allows us to ensure the environment exists, write configurations,
// and reboot processes without causing a slow-down due to sequential booting. // and reboot processes without causing a slow-down due to sequential booting.
@ -183,8 +180,14 @@ func rootCmdRun(*cobra.Command, []string) {
go func(s *server.Server) { go func(s *server.Server) {
defer wg.Done() defer wg.Done()
s.Log().Info("ensuring server environment exists") if c.System.SetPermissionsOnBoot {
s.Log().Info("chowning server data directory")
if err := s.Filesystem.Chown("/"); err != nil {
s.Log().WithField("error", err).Warn("error during server data directory chown")
}
}
s.Log().Info("ensuring server environment exists")
// Create a server environment if none exists currently. This allows us to recover from Docker // Create a server environment if none exists currently. This allows us to recover from Docker
// being reinstalled on the host system for example. // being reinstalled on the host system for example.
if err := s.Environment.Create(); err != nil { if err := s.Environment.Create(); err != nil {

View File

@ -2,10 +2,8 @@ package config
import ( import (
"fmt" "fmt"
"github.com/apex/log"
"github.com/cobaugh/osrelease" "github.com/cobaugh/osrelease"
"github.com/creasty/defaults" "github.com/creasty/defaults"
"github.com/gammazero/workerpool"
"github.com/gbrlsnchs/jwt/v3" "github.com/gbrlsnchs/jwt/v3"
"github.com/pkg/errors" "github.com/pkg/errors"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
@ -13,9 +11,6 @@ import (
"os" "os"
"os/exec" "os/exec"
"os/user" "os/user"
"path"
"regexp"
"runtime"
"strconv" "strconv"
"strings" "strings"
"sync" "sync"
@ -288,42 +283,6 @@ func (c *Configuration) setSystemUser(u *user.User) error {
return c.WriteToDisk() return c.WriteToDisk()
} }
var uuid4Regex = regexp.MustCompile("^[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89ab][a-f0-9]{3}-[a-f0-9]{12}$")
// Ensures that the configured data directory has the correct permissions assigned to
// all of the files and folders within.
func (c *Configuration) EnsureFilePermissions() error {
// Don't run this unless it is configured to be run. On large system this can often slow
// things down dramatically during the boot process.
if !c.System.SetPermissionsOnBoot {
return nil
}
files, err := ioutil.ReadDir(c.System.Data)
if err != nil {
return errors.WithStack(err)
}
pool := workerpool.New(runtime.NumCPU())
for _, file := range files {
f := file
if !f.IsDir() || !uuid4Regex.MatchString(f.Name()) {
continue
}
pool.Submit(func() {
if err := os.Chown(path.Join(c.System.Data, f.Name()), c.System.User.Uid, c.System.User.Gid); err != nil {
log.WithField("error", err).WithField("directory", f.Name()).Warn("failed to chown server directory")
}
})
}
pool.StopWait()
return nil
}
// Writes the configuration to the disk as a blocking operation by obtaining an exclusive // Writes the configuration to the disk as a blocking operation by obtaining an exclusive
// lock on the file. This prevents something else from writing at the exact same time and // lock on the file. This prevents something else from writing at the exact same time and
// leading to bad data conditions. // leading to bad data conditions.