Basic check for homedir permissions

Several guides suggest using data directories under your homedir,
rather than the default /opt area.  This is fine, but on RHEL6 and
similar distros homedirs are very restrictive 0700 permissions which
doesn't allow things like httpd to pass through to serve up files.

Even though stack.sh is taking over the host, changing permissions
automatically is not a nice idea.  So we just warn when it looks like
this is happening.

Change-Id: I9cd70e7fe90638a2a5c3b8fd94756afacac7c7be
This commit is contained in:
Ian Wienand 2013-04-11 12:04:36 +10:00
parent 8bb53e5104
commit 0488edda8a
2 changed files with 32 additions and 0 deletions

View File

@ -1411,6 +1411,35 @@ function get_pip_command() {
fi fi
} }
# Path permissions sanity check
# check_path_perm_sanity path
function check_path_perm_sanity() {
# Ensure no element of the path has 0700 permissions, which is very
# likely to cause issues for daemons. Inspired by default 0700
# homedir permissions on RHEL and common practice of making DEST in
# the stack user's homedir.
local real_path=$(readlink -f $1)
local rebuilt_path=""
for i in $(echo ${real_path} | tr "/" " "); do
rebuilt_path=$rebuilt_path"/"$i
if [[ $(stat -c '%a' ${rebuilt_path}) = 700 ]]; then
echo "*** DEST path element"
echo "*** ${rebuilt_path}"
echo "*** appears to have 0700 permissions."
echo "*** This is very likely to cause fatal issues for devstack daemons."
if [[ -n "$SKIP_PATH_SANITY" ]]; then
return
else
echo "*** Set SKIP_PATH_SANITY to skip this check"
die $LINENO "Invalid path permissions"
fi
fi
done
}
# Restore xtrace # Restore xtrace
$XTRACE $XTRACE

View File

@ -199,6 +199,9 @@ fi
sudo mkdir -p $DEST sudo mkdir -p $DEST
sudo chown -R $STACK_USER $DEST sudo chown -R $STACK_USER $DEST
# a basic test for $DEST path permissions (fatal on error unless skipped)
check_path_perm_sanity ${DEST}
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
# Internet access. ``stack.sh`` must have been previously run with Internet # Internet access. ``stack.sh`` must have been previously run with Internet
# access to install prerequisites and fetch repositories. # access to install prerequisites and fetch repositories.