Univention Bugzilla – Attachment 5810 Details for
Bug 34241
Regression: Writing of config files should be an atomic operation
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix atomic write to preserve old file permission
340xx_ucr-atomic.diff (text/plain), 9.65 KB, created by
Philipp Hahn
on 2014-03-04 12:56:50 CET
(
hide
)
Description:
Fix atomic write to preserve old file permission
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2014-03-04 12:56:50 CET
Size:
9.65 KB
patch
obsolete
>diff --git a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog >index 3257bac..d4d0f96 100644 >--- a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog >+++ b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/debian/changelog >@@ -1,3 +1,9 @@ >+univention-config-registry (9.0.6-5) unstable; urgency=low >+ >+ * Fix atomic write to preserve old file permission (Bug #340xx) >+ >+ -- Philipp Hahn <hahn@univention.de> Tue, 04 Mar 2014 10:52:50 +0100 >+ > univention-config-registry (9.0.6-4) unstable; urgency=low > > * Atomic write: Improve code and error handling (Bug #33842) >diff --git a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py >index f5d79b4..da144fa 100644 >--- a/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py >+++ b/branches/ucs-3.2/ucs-3.2-1/base/univention-config-registry/python/univention/config_registry/handler.py >@@ -213,9 +213,18 @@ class ConfigHandlerDiverting(ConfigHandler): > """Set file permissions.""" > if not to_file: > to_file = self.to_file >+ elif self.to_file != to_file: >+ try: >+ old_stat = os.stat(self.to_file) >+ os.chmod(to_file, old_stat.st_mode) >+ os.chown(to_file, old_stat.st_uid, old_stat.st_gid) >+ except EnvironmentError: >+ pass >+ > if self.user or self.group or self.mode: > if self.mode: > os.chmod(to_file, self.mode) >+ > if self.user and self.group: > os.chown(to_file, self.user, self.group) > elif self.user: >@@ -223,7 +232,7 @@ class ConfigHandlerDiverting(ConfigHandler): > elif self.group: > os.chown(to_file, 0, self.group) > elif stat: >- os.chmod(to_file, stat[0]) >+ os.chmod(to_file, stat.st_mode) > > def _call_silent(self, *cmd): > """Call command with stdin, stdout, and stderr redirected from/to >@@ -341,7 +350,7 @@ class ConfigHandlerMultifile(ConfigHandlerDiverting): > if os.path.exists(tmp_to_file): > os.unlink(tmp_to_file) > raise >- >+ > > if hasattr(self, 'postinst') and self.postinst: > run_module(self.postinst, 'postinst', ucr, changed) >diff --git a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog >index e3cd051..2654334 100644 >--- a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog >+++ b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/debian/changelog >@@ -1,3 +1,9 @@ >+ucs-test (4.0.161-39) unstable; urgency=low >+ >+ * 03ucr: Fix atomic commit tests to keep manual changes (Bug #340xx) >+ >+ -- Philipp Hahn <hahn@univention.de> Tue, 4 Mar 2014 12:17:22 +0100 >+ > ucs-test (4.0.161-38) unstable; urgency=low > > * 03ucr: Add atomic commit tests (Bug #33842) >diff --git a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions >index 4a6b2d2..6c74578 100755 >--- a/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions >+++ b/branches/ucs-3.2/ucs-3.2-1/test/ucs-test/tests/03_ucr/51file_permissions >@@ -15,11 +15,15 @@ > umask 0002 > > ID="ucs-test-33842" >-OWNER="nobody" >-GROUP="nogroup" >+OWNER_FORCE="nobody" >+OWNER_TEMPLATE="daemon" >+OWNER="root" >+GROUP_FORCE="nogroup" >+GROUP_TEMPLATE="daemon" >+GROUP="root" > MODE_FORCE=0400 > MODE_TEMPLATE=0660 >-MODE_UMASK=$(printf "%04o" $((0666 & ~$(umask)))) >+MODE=$(printf "%04o" $((0666 & ~$(umask)))) > > main () { > declare -i result=0 >@@ -44,6 +48,7 @@ create_templates () { > rm -f "$template" > touch "$template" > chmod "$MODE_TEMPLATE" "$template" >+ chown "${OWNER_TEMPLATE}:${GROUP_TEMPLATE}" "$template" > done > } > register_ucr () { >@@ -53,16 +58,16 @@ File: tmp/$ID-f0 > > Type: file > File: tmp/$ID-f1 >-User: $OWNER >+User: $OWNER_FORCE > > Type: file > File: tmp/$ID-f2 >-Group: $GROUP >+Group: $GROUP_FORCE > > Type: file > File: tmp/$ID-f3 >-User: $OWNER >-Group: $GROUP >+User: $OWNER_FORCE >+Group: $GROUP_FORCE > > Type: file > File: tmp/$ID-f4 >@@ -70,18 +75,18 @@ Mode: $MODE_FORCE > > Type: file > File: tmp/$ID-f5 >-User: $OWNER >+User: $OWNER_FORCE > Mode: $MODE_FORCE > > Type: file > File: tmp/$ID-f6 >-Group: $GROUP >+Group: $GROUP_FORCE > Mode: $MODE_FORCE > > Type: file > File: tmp/$ID-f7 >-User: $OWNER >-Group: $GROUP >+User: $OWNER_FORCE >+Group: $GROUP_FORCE > Mode: $MODE_FORCE > > Type: multifile >@@ -89,16 +94,16 @@ Multifile: tmp/$ID-m0 > > Type: multifile > Multifile: tmp/$ID-m1 >-User: $OWNER >+User: $OWNER_FORCE > > Type: multifile > Multifile: tmp/$ID-m2 >-Group: $GROUP >+Group: $GROUP_FORCE > > Type: multifile > Multifile: tmp/$ID-m3 >-User: $OWNER >-Group: $GROUP >+User: $OWNER_FORCE >+Group: $GROUP_FORCE > > Type: multifile > Multifile: tmp/$ID-m4 >@@ -106,18 +111,18 @@ Mode: $MODE_FORCE > > Type: multifile > Multifile: tmp/$ID-m5 >-User: $OWNER >+User: $OWNER_FORCE > Mode: $MODE_FORCE > > Type: multifile > Multifile: tmp/$ID-m6 >-Group: $GROUP >+Group: $GROUP_FORCE > Mode: $MODE_FORCE > > Type: multifile > Multifile: tmp/$ID-m7 >-User: $OWNER >-Group: $GROUP >+User: $OWNER_FORCE >+Group: $GROUP_FORCE > Mode: $MODE_FORCE > > Type: multifile >@@ -125,16 +130,16 @@ Multifile: tmp/$ID-d0 > > Type: multifile > Multifile: tmp/$ID-d1 >-User: $OWNER >+User: $OWNER_FORCE > > Type: multifile > Multifile: tmp/$ID-d2 >-Group: $GROUP >+Group: $GROUP_FORCE > > Type: multifile > Multifile: tmp/$ID-d3 >-User: $OWNER >-Group: $GROUP >+User: $OWNER_FORCE >+Group: $GROUP_FORCE > > Type: multifile > Multifile: tmp/$ID-d4 >@@ -142,18 +147,18 @@ Mode: $MODE_FORCE > > Type: multifile > Multifile: tmp/$ID-d5 >-User: $OWNER >+User: $OWNER_FORCE > Mode: $MODE_FORCE > > Type: multifile > Multifile: tmp/$ID-d6 >-Group: $GROUP >+Group: $GROUP_FORCE > Mode: $MODE_FORCE > > Type: multifile > Multifile: tmp/$ID-d7 >-User: $OWNER >-Group: $GROUP >+User: $OWNER_FORCE >+Group: $GROUP_FORCE > Mode: $MODE_FORCE > > Type: subfile >@@ -229,34 +234,34 @@ verify_all () { > verify_multi_file_template_with_dummy_file > } > verify_single_file_template () { >- verify "/tmp/$ID-f0" "$MODE_TEMPLATE" root root # default=template_file >- verify "/tmp/$ID-f1" "$MODE_UMASK" "$OWNER" root # owner >- verify "/tmp/$ID-f2" "$MODE_UMASK" root "$GROUP" # group >- verify "/tmp/$ID-f3" "$MODE_UMASK" "$OWNER" "$GROUP" # owner group >- verify "/tmp/$ID-f4" "$MODE_FORCE" root root # mode >- verify "/tmp/$ID-f5" "$MODE_FORCE" "$OWNER" root # mode owner >- verify "/tmp/$ID-f6" "$MODE_FORCE" root "$GROUP" # mode group >- verify "/tmp/$ID-f7" "$MODE_FORCE" "$OWNER" "$GROUP" # mode owner group >+ verify "/tmp/$ID-f0" "$MODE_TEMPLATE" "$OWNER" "$GROUP" # default=template_file >+ verify "/tmp/$ID-f1" "$MODE" "$OWNER_FORCE" root # owner >+ verify "/tmp/$ID-f2" "$MODE" root "$GROUP_FORCE" # group >+ verify "/tmp/$ID-f3" "$MODE" "$OWNER_FORCE" "$GROUP_FORCE" # owner group >+ verify "/tmp/$ID-f4" "$MODE_FORCE" "$OWNER" "$GROUP" # mode >+ verify "/tmp/$ID-f5" "$MODE_FORCE" "$OWNER_FORCE" root # mode owner >+ verify "/tmp/$ID-f6" "$MODE_FORCE" root "$GROUP_FORCE" # mode group >+ verify "/tmp/$ID-f7" "$MODE_FORCE" "$OWNER_FORCE" "$GROUP_FORCE" # mode owner group > } > verify_multi_file_template_without_dummy_file () { >- verify "/tmp/$ID-m0" "$MODE_UMASK" root root # default=umask >- verify "/tmp/$ID-m1" "$MODE_UMASK" "$OWNER" root # owner >- verify "/tmp/$ID-m2" "$MODE_UMASK" root "$GROUP" # group >- verify "/tmp/$ID-m3" "$MODE_UMASK" "$OWNER" "$GROUP" # owner group >- verify "/tmp/$ID-m4" "$MODE_FORCE" root root # mode >- verify "/tmp/$ID-m5" "$MODE_FORCE" "$OWNER" root # mode owner >- verify "/tmp/$ID-m6" "$MODE_FORCE" root "$GROUP" # mode group >- verify "/tmp/$ID-m7" "$MODE_FORCE" "$OWNER" "$GROUP" # mode owner group >+ verify "/tmp/$ID-m0" "$MODE" "$OWNER" "$GROUP" # default=umask >+ verify "/tmp/$ID-m1" "$MODE" "$OWNER_FORCE" root # owner >+ verify "/tmp/$ID-m2" "$MODE" root "$GROUP_FORCE" # group >+ verify "/tmp/$ID-m3" "$MODE" "$OWNER_FORCE" "$GROUP_FORCE" # owner group >+ verify "/tmp/$ID-m4" "$MODE_FORCE" "$OWNER" "$GROUP" # mode >+ verify "/tmp/$ID-m5" "$MODE_FORCE" "$OWNER_FORCE" root # mode owner >+ verify "/tmp/$ID-m6" "$MODE_FORCE" root "$GROUP_FORCE" # mode group >+ verify "/tmp/$ID-m7" "$MODE_FORCE" "$OWNER_FORCE" "$GROUP_FORCE" # mode owner group > } > verify_multi_file_template_with_dummy_file () { >- verify "/tmp/$ID-d0" "$MODE_TEMPLATE" root root # default=dummy_file >- verify "/tmp/$ID-d1" "$MODE_UMASK" "$OWNER" root # owner >- verify "/tmp/$ID-d2" "$MODE_UMASK" root "$GROUP" # group >- verify "/tmp/$ID-d3" "$MODE_UMASK" "$OWNER" "$GROUP" # owner group >- verify "/tmp/$ID-d4" "$MODE_FORCE" root root # mode >- verify "/tmp/$ID-d5" "$MODE_FORCE" "$OWNER" root # mode owner >- verify "/tmp/$ID-d6" "$MODE_FORCE" root "$GROUP" # mode group >- verify "/tmp/$ID-d7" "$MODE_FORCE" "$OWNER" "$GROUP" # mode owner group >+ verify "/tmp/$ID-d0" "$MODE_TEMPLATE" "$OWNER" "$GROUP" # default=dummy_file >+ verify "/tmp/$ID-d1" "$MODE" "$OWNER_FORCE" root # owner >+ verify "/tmp/$ID-d2" "$MODE" root "$GROUP_FORCE" # group >+ verify "/tmp/$ID-d3" "$MODE" "$OWNER_FORCE" "$GROUP_FORCE" # owner group >+ verify "/tmp/$ID-d4" "$MODE_FORCE" "$OWNER" "$GROUP" # mode >+ verify "/tmp/$ID-d5" "$MODE_FORCE" "$OWNER_FORCE" root # mode owner >+ verify "/tmp/$ID-d6" "$MODE_FORCE" root "$GROUP_FORCE" # mode group >+ verify "/tmp/$ID-d7" "$MODE_FORCE" "$OWNER_FORCE" "$GROUP_FORCE" # mode owner group > } > verify () { # $1=name $2=mode $3=owner $4=group > local filename="$1" mode="$2" owner="$3" group="$4" IFS=" " fail= >@@ -275,9 +280,12 @@ verify () { # $1=name $2=mode $3=owner $4=group > } > > re_commit () { >- MODE_UMASK=0664 >- chmod "$MODE_UMASK" "/tmp/$ID-"[smd][0-7] >- ucr commit "/tmp/$ID-"[smd][0-7] >+ OWNER="bin" >+ GROUP="bin" >+ MODE=0664 >+ chmod "$MODE" "/tmp/$ID-"[fmd][0-7] >+ chown "${OWNER}:${GROUP}" "/tmp/$ID-"[fmd][0-7] >+ ucr commit "/tmp/$ID-"[fmd][0-7] > } > > cleanup () {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5810">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 34241
: 5810