class Inspec::Resources::UnixFilePermissions

Public Instance Methods

check_file_permission_by_mask(file, access_type, usergroup, specific_user) click to toggle source
# File lib/inspec/resources/file.rb, line 218
def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
  usergroup = usergroup_for(usergroup, specific_user)
  flag = permission_flag(access_type)
  mask = file.unix_mode_mask(usergroup, flag)
  raise "Invalid usergroup/owner provided" if mask.nil?

  (file.mode & mask) != 0
end
check_file_permission_by_user(access_type, user, path) click to toggle source
# File lib/inspec/resources/file.rb, line 227
def check_file_permission_by_user(access_type, user, path)
  flag = permission_flag(access_type)
  if inspec.os.linux?
    perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
  elsif inspec.os.bsd? || inspec.os.solaris?
    perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
  elsif inspec.os.aix?
    perm_cmd = "su #{user} -c test -#{flag} #{path}"
  elsif inspec.os.hpux?
    perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
  else
    return skip_resource "The `file` resource does not support `by_user` on your OS."
  end

  cmd = inspec.command(perm_cmd)
  cmd.exit_status == 0 ? true : false
end
permission_flag(access_type) click to toggle source
# File lib/inspec/resources/file.rb, line 195
def permission_flag(access_type)
  case access_type
  when "read"
    "r"
  when "write"
    "w"
  when "execute"
    "x"
  else
    raise "Invalid access_type provided"
  end
end
usergroup_for(usergroup, specific_user) click to toggle source
# File lib/inspec/resources/file.rb, line 208
def usergroup_for(usergroup, specific_user)
  if usergroup == "others"
    "other"
  elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
    "all"
  else
    usergroup
  end
end