Skip to content

Commit

Permalink
Fix modules yml files permission on Deb
Browse files Browse the repository at this point in the history
The fix in elastic#3645 had a bug (chmod executed on the wrong folder). This fixes the fix and also adds permissions checks to the tests.
  • Loading branch information
Tudor Golubenco committed Apr 3, 2017
1 parent 510e57c commit af3166f
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 6 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ https://github.com/elastic/beats/compare/v5.3.0...master[Check the HEAD diff]

*Filebeat*

- Fix modules default file permissions. {pull}3879[3879]

*Heartbeat*

*Metricbeat*
Expand Down
50 changes: 45 additions & 5 deletions dev-tools/package_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,15 @@ import (
)

const (
expectedConfigMode = os.FileMode(0600)
expectedConfigUID = 0
expectedConfigGID = 0
expectedConfigMode = os.FileMode(0600)
expectedManifestMode = os.FileMode(0644)
expectedConfigUID = 0
expectedConfigGID = 0
)

var (
configFilePattern = regexp.MustCompile(`.*beat\.yml`)
configFilePattern = regexp.MustCompile(`.*beat\.yml`)
manifestFilePattern = regexp.MustCompile(`manifest.yml`)
)

var (
Expand Down Expand Up @@ -73,6 +75,9 @@ func checkRPM(t *testing.T, file string) {
}

checkConfigPermissions(t, p)
checkConfigOwner(t, p)
checkManifestPermissions(t, p)
checkManifestOwner(t, p)
}

func checkDeb(t *testing.T, file string, buf *bytes.Buffer) {
Expand All @@ -84,6 +89,8 @@ func checkDeb(t *testing.T, file string, buf *bytes.Buffer) {

checkConfigPermissions(t, p)
checkConfigOwner(t, p)
checkManifestPermissions(t, p)
checkManifestOwner(t, p)
}

func checkTar(t *testing.T, file string) {
Expand All @@ -95,6 +102,7 @@ func checkTar(t *testing.T, file string) {

checkConfigPermissions(t, p)
checkConfigOwner(t, p)
checkManifestPermissions(t, p)
}

func checkZip(t *testing.T, file string) {
Expand All @@ -105,6 +113,7 @@ func checkZip(t *testing.T, file string) {
}

checkConfigPermissions(t, p)
checkManifestPermissions(t, p)
}

// Verify that the main configuration file is installed with a 0600 file mode.
Expand All @@ -115,7 +124,7 @@ func checkConfigPermissions(t *testing.T, p *packageFile) {
mode := entry.Mode.Perm()
if expectedConfigMode != mode {
t.Errorf("file %v has wrong permissions: expected=%v actual=%v",
entry.Mode, expectedConfigMode, mode)
entry.File, expectedConfigMode, mode)
}
return
}
Expand All @@ -141,6 +150,37 @@ func checkConfigOwner(t *testing.T, p *packageFile) {
})
}

// Verify that the modules manifest.yml files are installed with a 0644 file mode.
func checkManifestPermissions(t *testing.T, p *packageFile) {
t.Run(p.Name+" manifest file permissions", func(t *testing.T) {
for _, entry := range p.Contents {
if manifestFilePattern.MatchString(entry.File) {
mode := entry.Mode.Perm()
if expectedManifestMode != mode {
t.Errorf("file %v has wrong permissions: expected=%v actual=%v",
entry.File, expectedManifestMode, mode)
}
}
}
})
}

// Verify that the manifest owner is root
func checkManifestOwner(t *testing.T, p *packageFile) {
t.Run(p.Name+" manifest file owner", func(t *testing.T) {
for _, entry := range p.Contents {
if manifestFilePattern.MatchString(entry.File) {
if expectedConfigUID != entry.UID {
t.Errorf("file %v should be owned by user %v, owner=%v", entry.File, expectedConfigGID, entry.UID)
}
if expectedConfigGID != entry.GID {
t.Errorf("file %v should be owned by group %v, group=%v", entry.File, expectedConfigGID, entry.GID)
}
}
}
})
}

// Helpers

type packageFile struct {
Expand Down
2 changes: 1 addition & 1 deletion libbeat/scripts/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ install-home:
if [ -d _meta/module.generated ]; then \
install -d -m 755 ${HOME_PREFIX}/module; \
rsync -av _meta/module.generated/ ${HOME_PREFIX}/module/; \
chmod -R go-w _meta/module.generated; \
chmod -R go-w ${HOME_PREFIX}/module/; \
fi

# Prepares for packaging. Builds binaries and creates homedir data
Expand Down

0 comments on commit af3166f

Please sign in to comment.