module Chef::FileAccessControl::Unix
Constants
- UID_MAX
- UINT
Public Class Methods
included(base)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 36 def self.included(base) # When this file is mixed in, make sure we also add the class methods base.send :extend, ClassMethods end
Public Instance Methods
current_gid()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 115 def current_gid gid_from_resource(current_resource) end
current_mode()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 185 def current_mode mode_from_resource(current_resource) end
current_uid()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 75 def current_uid uid_from_resource(current_resource) end
define_resource_requirements()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 58 def define_resource_requirements uid_from_resource(resource) gid_from_resource(resource) end
describe_changes()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 63 def describe_changes changes = [] changes << "change mode from '#{mode_to_s(current_mode)}' to '#{mode_to_s(target_mode)}'" if should_update_mode? changes << "change owner from '#{current_resource.owner}' to '#{resource.owner}'" if should_update_owner? changes << "change group from '#{current_resource.group}' to '#{resource.group}'" if should_update_group? changes end
gid_from_resource(resource)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 119 def gid_from_resource(resource) return nil if resource.nil? || resource.group.nil? if resource.group.is_a?(String) diminished_radix_complement( Etc.getgrnam(resource.group).gid ) elsif resource.group.is_a?(Integer) resource.group else Chef::Log.error("The `group` parameter of the #{@resource} resource is set to an invalid value (#{resource.owner.inspect})") raise ArgumentError, "cannot resolve #{resource.group.inspect} to gid, group must be a string or integer" end rescue ArgumentError provider.requirements.assert(:create, :create_if_missing, :touch) do |a| a.assertion { false } a.failure_message(Chef::Exceptions::GroupIDNotFound, "cannot determine group id for '#{resource.group}', does the group exist on this system?") a.whyrun("Assuming group #{resource.group} would have been created") end nil end
manage_symlink_attrs?()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 231 def manage_symlink_attrs? @provider.manage_symlink_access? end
mode_from_resource(res)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 171 def mode_from_resource(res) return nil if res.nil? || res.mode.nil? (res.mode.respond_to?(:oct) ? res.mode.oct : res.mode.to_i) & 007777 end
mode_to_s(mode)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 181 def mode_to_s(mode) mode.nil? ? "" : "0#{mode.to_s(8)}" end
requires_changes?()
click to toggle source
TODO factor this up
# File lib/chef/file_access_control/unix.rb, line 54 def requires_changes? should_update_mode? || should_update_owner? || should_update_group? end
set_all()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 47 def set_all set_owner set_group set_mode end
set_all!()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 41 def set_all! set_owner! set_group! set_mode! end
set_group()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 167 def set_group set_group! if should_update_group? end
set_group!()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 159 def set_group! unless target_gid.nil? chown(nil, target_gid, file) Chef::Log.info("#{log_string} group changed to #{target_gid}") modified end end
set_mode()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 219 def set_mode set_mode! if should_update_mode? end
set_mode!()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 211 def set_mode! unless target_mode.nil? chmod(target_mode, file) Chef::Log.info("#{log_string} mode changed to #{target_mode.to_s(8)}") modified end end
set_owner()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 107 def set_owner set_owner! if should_update_owner? end
set_owner!()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 99 def set_owner! unless target_uid.nil? chown(target_uid, nil, file) Chef::Log.info("#{log_string} owner changed to #{target_uid}") modified end end
should_update_group?()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 139 def should_update_group? if target_gid.nil? # the user has not specified a permission on the new resource, so we never manage it with FAC Chef::Log.trace("Found target_gid == nil, so no group was specified on resource, not managing group") false elsif current_gid.nil? # the user has specified a permission, and we are creating a file, so always enforce permissions Chef::Log.trace("Found current_gid == nil, so we are creating a new file, updating group") true elsif target_gid != current_gid # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.trace("Found target_gid != current_gid, updating group") true else Chef::Log.trace("Found target_gid == current_gid, not updating group") # the user has specified a permission, but it matches the file, so behave idempotently false end end
should_update_mode?()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 189 def should_update_mode? if target_mode.nil? # the user has not specified a permission on the new resource, so we never manage it with FAC Chef::Log.trace("Found target_mode == nil, so no mode was specified on resource, not managing mode") false elsif current_mode.nil? # the user has specified a permission, and we are creating a file, so always enforce permissions Chef::Log.trace("Found current_mode == nil, so we are creating a new file, updating mode") true elsif target_mode != current_mode # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.trace("Found target_mode != current_mode, updating mode") true elsif suid_bit_set? && (should_update_group? || should_update_owner?) true else Chef::Log.trace("Found target_mode == current_mode, not updating mode") # the user has specified a permission, but it matches the file, so behave idempotently false end end
should_update_owner?()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 79 def should_update_owner? if target_uid.nil? # the user has not specified a permission on the new resource, so we never manage it with FAC Chef::Log.trace("Found target_uid == nil, so no owner was specified on resource, not managing owner") false elsif current_uid.nil? # the user has specified a permission, and we are creating a file, so always enforce permissions Chef::Log.trace("Found current_uid == nil, so we are creating a new file, updating owner") true elsif target_uid != current_uid # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.trace("Found target_uid != current_uid, updating owner") true else Chef::Log.trace("Found target_uid == current_uid, not updating owner") # the user has specified a permission, but it matches the file, so behave idempotently false end end
stat()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 223 def stat if manage_symlink_attrs? @stat ||= File.lstat(file) else @stat ||= File.stat(file) end end
target_gid()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 111 def target_gid gid_from_resource(resource) end
target_mode()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 177 def target_mode mode_from_resource(resource) end
target_uid()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 71 def target_uid uid_from_resource(resource) end
Private Instance Methods
chmod(mode, file)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 237 def chmod(mode, file) if manage_symlink_attrs? begin File.lchmod(mode, file) rescue NotImplementedError Chef::Log.warn("#{file} mode not changed: File.lchmod is unimplemented on this OS and Ruby version") end else File.chmod(mode, file) end end
chown(uid, gid, file)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 249 def chown(uid, gid, file) if manage_symlink_attrs? File.lchown(uid, gid, file) else File.chown(uid, gid, file) end end
diminished_radix_complement(int)
click to toggle source
Workaround the fact that Ruby's Etc module doesn't believe in negative uids, so negative uids show up as the diminished radix complement of a uint. For example, a uid of -2 is reported as 4294967294
# File lib/chef/file_access_control/unix.rb, line 260 def diminished_radix_complement(int) if int > UID_MAX int - UINT else int end end
suid_bit_set?()
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 288 def suid_bit_set? target_mode & 04000 > 0 end
uid_from_resource(resource)
click to toggle source
# File lib/chef/file_access_control/unix.rb, line 268 def uid_from_resource(resource) return nil if resource.nil? || resource.owner.nil? if resource.owner.is_a?(String) diminished_radix_complement( Etc.getpwnam(resource.owner).uid ) elsif resource.owner.is_a?(Integer) resource.owner else Chef::Log.error("The `owner` parameter of the #{@resource} resource is set to an invalid value (#{resource.owner.inspect})") raise ArgumentError, "cannot resolve #{resource.owner.inspect} to uid, owner must be a string or integer" end rescue ArgumentError provider.requirements.assert(:create, :create_if_missing, :touch) do |a| a.assertion { false } a.failure_message(Chef::Exceptions::UserIDNotFound, "cannot determine user id for '#{resource.owner}', does the user exist on this system?") a.whyrun("Assuming user #{resource.owner} would have been created") end nil end