Basic check for homedir permissions

Several guides suggest using data directories under your homedir, rather than the default /opt area. This is fine, but on RHEL6 and similar distros homedirs are very restrictive 0700 permissions which doesn't allow things like httpd to pass through to serve up files. Even though stack.sh is taking over the host, changing permissions automatically is not a nice idea. So we just warn when it looks like this is happening. Change-Id: I9cd70e7fe90638a2a5c3b8fd94756afacac7c7be
2013-04-11 12:04:36 +10:00 · 2013-04-11 12:04:36 +10:00 · 0488edda8a
commit 0488edda8a
parent 8bb53e5104
2 changed files with 32 additions and 0 deletions
--- a/29
+++ b/29
@ -1411,6 +1411,35 @@ function get_pip_command() {
    fi
 }

+# Path permissions sanity check
+# check_path_perm_sanity path
+function check_path_perm_sanity() {
+    # Ensure no element of the path has 0700 permissions, which is very
+    # likely to cause issues for daemons.  Inspired by default 0700
+    # homedir permissions on RHEL and common practice of making DEST in
+    # the stack user's homedir.
+
+    local real_path=$(readlink -f $1)
+    local rebuilt_path=""
+    for i in $(echo ${real_path} | tr "/" " "); do
+        rebuilt_path=$rebuilt_path"/"$i
+
+        if [[ $(stat -c '%a' ${rebuilt_path}) = 700 ]]; then
+            echo "*** DEST path element"
+            echo "***    ${rebuilt_path}"
+            echo "*** appears to have 0700 permissions."
+            echo "*** This is very likely to cause fatal issues for devstack daemons."
+
+            if [[ -n "$SKIP_PATH_SANITY" ]]; then
+                return
+            else
+                echo "*** Set SKIP_PATH_SANITY to skip this check"
+                die $LINENO "Invalid path permissions"
+            fi
+        fi
+    done
+}
+
 # Restore xtrace
 $XTRACE

--- a/stack.sh
+++ b/stack.sh
@ -199,6 +199,9 @@ fi
 sudo mkdir -p $DEST
 sudo chown -R $STACK_USER $DEST

+# a basic test for $DEST path permissions (fatal on error unless skipped)
+check_path_perm_sanity ${DEST}
+
 # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
 # Internet access. ``stack.sh`` must have been previously run with Internet
 # access to install prerequisites and fetch repositories.