From 0488edda8a34b0be6693cafdf506cfc8185a2a83 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Thu, 11 Apr 2013 12:04:36 +1000
Subject: [PATCH] Basic check for homedir permissions

Several guides suggest using data directories under your homedir,
rather than the default /opt area.  This is fine, but on RHEL6 and
similar distros homedirs are very restrictive 0700 permissions which
doesn't allow things like httpd to pass through to serve up files.

Even though stack.sh is taking over the host, changing permissions
automatically is not a nice idea.  So we just warn when it looks like
this is happening.

Change-Id: I9cd70e7fe90638a2a5c3b8fd94756afacac7c7be
---
 functions | 29 +++++++++++++++++++++++++++++
 stack.sh  |  3 +++
 2 files changed, 32 insertions(+)

diff --git a/functions b/functions
index 02c2b3a9c3..fdb532f713 100644
--- a/functions
+++ b/functions
@@ -1411,6 +1411,35 @@ function get_pip_command() {
     fi
 }
 
+# Path permissions sanity check
+# check_path_perm_sanity path
+function check_path_perm_sanity() {
+    # Ensure no element of the path has 0700 permissions, which is very
+    # likely to cause issues for daemons.  Inspired by default 0700
+    # homedir permissions on RHEL and common practice of making DEST in
+    # the stack user's homedir.
+
+    local real_path=$(readlink -f $1)
+    local rebuilt_path=""
+    for i in $(echo ${real_path} | tr "/" " "); do
+        rebuilt_path=$rebuilt_path"/"$i
+
+        if [[ $(stat -c '%a' ${rebuilt_path}) = 700 ]]; then
+            echo "*** DEST path element"
+            echo "***    ${rebuilt_path}"
+            echo "*** appears to have 0700 permissions."
+            echo "*** This is very likely to cause fatal issues for devstack daemons."
+
+            if [[ -n "$SKIP_PATH_SANITY" ]]; then
+                return
+            else
+                echo "*** Set SKIP_PATH_SANITY to skip this check"
+                die $LINENO "Invalid path permissions"
+            fi
+        fi
+    done
+}
+
 # Restore xtrace
 $XTRACE
 
diff --git a/stack.sh b/stack.sh
index 32a7d747ba..56ced5f67f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -199,6 +199,9 @@ fi
 sudo mkdir -p $DEST
 sudo chown -R $STACK_USER $DEST
 
+# a basic test for $DEST path permissions (fatal on error unless skipped)
+check_path_perm_sanity ${DEST}
+
 # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
 # Internet access. ``stack.sh`` must have been previously run with Internet
 # access to install prerequisites and fetch repositories.