openstack/swift
Code Issues Proposed changes

Set permissions on generated ring files

Browse Source 
The use of NamedTemporaryFile creates rings with permissions 0600;
however most installs probably generate the rings as root but the
swift-proxy runs as user swift.

Set the permissions on the generated ring to 0644 prior to rename so
that the swift user can read the rings.

Change-Id: Ia511931f471c5c9840012c3a75b89c1f35b1b245
Closes-Bug: #1302700
This commit is contained in:
James Page 2014-04-05 09:38:12 +01:00
parent 48a2848785
commit b9b5fef89a
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
swift/common/ring/ring.py
View File

@ -120,6 +120,7 @@ class RingData(object):
tempf.flush() tempf.flush()
os.fsync(tempf.fileno()) os.fsync(tempf.fileno())
tempf.close() tempf.close()
os.chmod(tempf.name, 0o644)
os.rename(tempf.name, filename) os.rename(tempf.name, filename)
def to_dict(self): def to_dict(self):

10
test/unit/common/ring/test_ring.py
View File

@ -18,6 +18,7 @@ import cPickle as pickle
import os import os
import sys import sys
import unittest import unittest
import stat
from contextlib import closing from contextlib import closing
from gzip import GzipFile from gzip import GzipFile
from tempfile import mkdtemp from tempfile import mkdtemp
@ -98,6 +99,15 @@ class TestRingData(unittest.TestCase):
with open(ring_fname2) as ring2: with open(ring_fname2) as ring2:
self.assertEqual(ring1.read(), ring2.read()) self.assertEqual(ring1.read(), ring2.read())
def test_permissions(self):
ring_fname = os.path.join(self.testdir, 'stat.ring.gz')
rd = ring.RingData(
[array.array('H', [0, 1, 0, 1]), array.array('H', [0, 1, 0, 1])],
[{'id': 0, 'zone': 0}, {'id': 1, 'zone': 1}], 30)
rd.save(ring_fname)
self.assertEqual(oct(stat.S_IMODE(os.stat(ring_fname).st_mode)),
'0644')
class TestRing(unittest.TestCase): class TestRing(unittest.TestCase):