openstack/devstack
Code Issues Proposed changes

Merge "Basic check for homedir permissions"

Browse Source
This commit is contained in:
Jenkins 2013-05-13 00:09:24 +00:00 committed by Gerrit Code Review
commit a20fb6d383
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
functions
View File

@ -1415,6 +1415,35 @@ function get_pip_command() {
fi fi
} }
# Path permissions sanity check
# check_path_perm_sanity path
function check_path_perm_sanity() {
# Ensure no element of the path has 0700 permissions, which is very
# likely to cause issues for daemons. Inspired by default 0700
# homedir permissions on RHEL and common practice of making DEST in
# the stack user's homedir.
local real_path=$(readlink -f $1)
local rebuilt_path=""
for i in $(echo ${real_path} | tr "/" " "); do
rebuilt_path=$rebuilt_path"/"$i
if [[ $(stat -c '%a' ${rebuilt_path}) = 700 ]]; then
echo "*** DEST path element"
echo "*** ${rebuilt_path}"
echo "*** appears to have 0700 permissions."
echo "*** This is very likely to cause fatal issues for devstack daemons."
if [[ -n "$SKIP_PATH_SANITY" ]]; then
return
else
echo "*** Set SKIP_PATH_SANITY to skip this check"
die $LINENO "Invalid path permissions"
fi
fi
done
}
# Restore xtrace # Restore xtrace
$XTRACE $XTRACE

3
stack.sh
View File

@ -208,6 +208,9 @@ fi
sudo mkdir -p $DEST sudo mkdir -p $DEST
sudo chown -R $STACK_USER $DEST sudo chown -R $STACK_USER $DEST
# a basic test for $DEST path permissions (fatal on error unless skipped)
check_path_perm_sanity ${DEST}
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
# Internet access. ``stack.sh`` must have been previously run with Internet # Internet access. ``stack.sh`` must have been previously run with Internet
# access to install prerequisites and fetch repositories. # access to install prerequisites and fetch repositories.