Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add optional state file permissions #2238

Merged
merged 1 commit into from
May 7, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions History.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
* Increases maximum URI path length from 2048 to 8196 bytes (#2167)
* Force shutdown responses can be overridden by using the `lowlevel_error_handler` config (#2203)
* Faster phased restart and worker timeout (#2121)
* New configuration option to set state file permissions (#2238)

* Deprecations, Removals and Breaking API Changes
* `Puma.stats` now returns a Hash instead of a JSON string (#2086)
Expand Down
8 changes: 8 additions & 0 deletions lib/puma/dsl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -399,6 +399,14 @@ def state_path(path)
@options[:state] = path.to_s
end

# Use +permission+ to restrict permissions for the state file.
#
# @example
# state_permission 0600
def state_permission(permission)
@options[:state_permission] = permission
end

# How many worker processes to run. Typically this is set to
# the number of available cores.
#
Expand Down
3 changes: 2 additions & 1 deletion lib/puma/launcher.rb
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ def write_state
write_pid

path = @options[:state]
permission = @options[:state_permission]
return unless path

require 'puma/state_file'
Expand All @@ -111,7 +112,7 @@ def write_state
sf.control_url = @options[:control_url]
sf.control_auth_token = @options[:control_auth_token]

sf.save path
sf.save path, permission
end

# Delete the configured pidfile
Expand Down
7 changes: 5 additions & 2 deletions lib/puma/state_file.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,11 @@ def initialize
@options = {}
end

def save(path)
File.write path, YAML.dump(@options)
def save(path, permission = nil)
File.open(path, "w") do |file|
file.chmod(permission) if permission
file.write(YAML.dump(@options))
end
end

def load(path)
Expand Down
51 changes: 51 additions & 0 deletions test/test_launcher.rb
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,57 @@ def test_pid_file
File.unlink tmp_path
end

def test_state_permission_0640
tmp_file = Tempfile.new("puma-test")
tmp_path = tmp_file.path
tmp_file.close!
tmp_permission = 0640

conf = Puma::Configuration.new do |c|
c.state_path tmp_path
c.state_permission tmp_permission
end

launcher(conf).write_state

assert File.stat(tmp_path).mode.to_s(8)[-4..-1], tmp_permission
ensure
File.unlink tmp_path
sthirugn marked this conversation as resolved.
Show resolved Hide resolved
end

def test_state_permission_nil
tmp_file = Tempfile.new("puma-test")
tmp_path = tmp_file.path
tmp_file.close!
nateberkopec marked this conversation as resolved.
Show resolved Hide resolved

conf = Puma::Configuration.new do |c|
c.state_path tmp_path
c.state_permission nil
end

launcher(conf).write_state

assert File.exist?(tmp_path)
ensure
File.unlink tmp_path
end

def test_no_state_permission
tmp_file = Tempfile.new("puma-test")
tmp_path = tmp_file.path
tmp_file.close!
nateberkopec marked this conversation as resolved.
Show resolved Hide resolved

conf = Puma::Configuration.new do |c|
c.state_path tmp_path
end

launcher(conf).write_state

assert File.exist?(tmp_path)
ensure
File.unlink tmp_path
end

def test_puma_stats
conf = Puma::Configuration.new do |c|
c.app -> {[200, {}, ['']]}
Expand Down