Basic check for homedir permissions
Several guides suggest using data directories under your homedir, rather than the default /opt area. This is fine, but on RHEL6 and similar distros homedirs are very restrictive 0700 permissions which doesn't allow things like httpd to pass through to serve up files. Even though stack.sh is taking over the host, changing permissions automatically is not a nice idea. So we just warn when it looks like this is happening. Change-Id: I9cd70e7fe90638a2a5c3b8fd94756afacac7c7be
This commit is contained in:
parent
8bb53e5104
commit
0488edda8a
29
functions
29
functions
@ -1411,6 +1411,35 @@ function get_pip_command() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Path permissions sanity check
|
||||||
|
# check_path_perm_sanity path
|
||||||
|
function check_path_perm_sanity() {
|
||||||
|
# Ensure no element of the path has 0700 permissions, which is very
|
||||||
|
# likely to cause issues for daemons. Inspired by default 0700
|
||||||
|
# homedir permissions on RHEL and common practice of making DEST in
|
||||||
|
# the stack user's homedir.
|
||||||
|
|
||||||
|
local real_path=$(readlink -f $1)
|
||||||
|
local rebuilt_path=""
|
||||||
|
for i in $(echo ${real_path} | tr "/" " "); do
|
||||||
|
rebuilt_path=$rebuilt_path"/"$i
|
||||||
|
|
||||||
|
if [[ $(stat -c '%a' ${rebuilt_path}) = 700 ]]; then
|
||||||
|
echo "*** DEST path element"
|
||||||
|
echo "*** ${rebuilt_path}"
|
||||||
|
echo "*** appears to have 0700 permissions."
|
||||||
|
echo "*** This is very likely to cause fatal issues for devstack daemons."
|
||||||
|
|
||||||
|
if [[ -n "$SKIP_PATH_SANITY" ]]; then
|
||||||
|
return
|
||||||
|
else
|
||||||
|
echo "*** Set SKIP_PATH_SANITY to skip this check"
|
||||||
|
die $LINENO "Invalid path permissions"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
# Restore xtrace
|
# Restore xtrace
|
||||||
$XTRACE
|
$XTRACE
|
||||||
|
|
||||||
|
3
stack.sh
3
stack.sh
@ -199,6 +199,9 @@ fi
|
|||||||
sudo mkdir -p $DEST
|
sudo mkdir -p $DEST
|
||||||
sudo chown -R $STACK_USER $DEST
|
sudo chown -R $STACK_USER $DEST
|
||||||
|
|
||||||
|
# a basic test for $DEST path permissions (fatal on error unless skipped)
|
||||||
|
check_path_perm_sanity ${DEST}
|
||||||
|
|
||||||
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
|
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
|
||||||
# Internet access. ``stack.sh`` must have been previously run with Internet
|
# Internet access. ``stack.sh`` must have been previously run with Internet
|
||||||
# access to install prerequisites and fetch repositories.
|
# access to install prerequisites and fetch repositories.
|
||||||
|
Loading…
Reference in New Issue
Block a user