Module: Chef::FileAccessControl::Unix
- Included in:
- Chef::FileAccessControl
- Defined in:
- lib/chef/file_access_control/unix.rb
Defined Under Namespace
Modules: ClassMethods
Constant Summary collapse
- UINT =
(1 << 32)
- UID_MAX =
(1 << 32) - 10
Class Method Summary collapse
Instance Method Summary collapse
- #current_gid ⇒ Object
- #current_mode ⇒ Object
- #current_uid ⇒ Object
- #define_resource_requirements ⇒ Object
- #describe_changes ⇒ Object
- #gid_from_resource(resource) ⇒ Object
- #manage_symlink_attrs? ⇒ Boolean
- #mode_from_resource(res) ⇒ Object
- #mode_to_s(mode) ⇒ Object
-
#requires_changes? ⇒ Boolean
TODO factor this up.
- #set_all ⇒ Object
- #set_all! ⇒ Object
- #set_group ⇒ Object
- #set_group! ⇒ Object
- #set_mode ⇒ Object
- #set_mode! ⇒ Object
- #set_owner ⇒ Object
- #set_owner! ⇒ Object
- #should_update_group? ⇒ Boolean
- #should_update_mode? ⇒ Boolean
- #should_update_owner? ⇒ Boolean
- #stat ⇒ Object
- #target_gid ⇒ Object
- #target_mode ⇒ Object
- #target_uid ⇒ Object
Class Method Details
.included(base) ⇒ Object
36 37 38 39 |
# File 'lib/chef/file_access_control/unix.rb', line 36 def self.included(base) # When this file is mixed in, make sure we also add the class methods base.send :extend, ClassMethods end |
Instance Method Details
#current_gid ⇒ Object
115 116 117 |
# File 'lib/chef/file_access_control/unix.rb', line 115 def current_gid gid_from_resource(current_resource) end |
#current_mode ⇒ Object
185 186 187 |
# File 'lib/chef/file_access_control/unix.rb', line 185 def current_mode mode_from_resource(current_resource) end |
#current_uid ⇒ Object
75 76 77 |
# File 'lib/chef/file_access_control/unix.rb', line 75 def current_uid uid_from_resource(current_resource) end |
#define_resource_requirements ⇒ Object
58 59 60 61 |
# File 'lib/chef/file_access_control/unix.rb', line 58 def define_resource_requirements uid_from_resource(resource) gid_from_resource(resource) end |
#describe_changes ⇒ Object
63 64 65 66 67 68 69 |
# File 'lib/chef/file_access_control/unix.rb', line 63 def describe_changes changes = [] changes << "change mode from '#{mode_to_s(current_mode)}' to '#{mode_to_s(target_mode)}'" if should_update_mode? changes << "change owner from '#{current_resource.owner}' to '#{resource.owner}'" if should_update_owner? changes << "change group from '#{current_resource.group}' to '#{resource.group}'" if should_update_group? changes end |
#gid_from_resource(resource) ⇒ Object
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/chef/file_access_control/unix.rb', line 119 def gid_from_resource(resource) return nil if resource.nil? || resource.group.nil? if resource.group.is_a?(String) diminished_radix_complement( TargetIO::Etc.getgrnam(resource.group).gid ) elsif resource.group.is_a?(Integer) resource.group else Chef::Log.error("The `group` parameter of the #{@resource} resource is set to an invalid value (#{resource.owner.inspect})") raise ArgumentError, "cannot resolve #{resource.group.inspect} to gid, group must be a string or integer" end rescue ArgumentError provider.requirements.assert(:create, :create_if_missing, :touch) do |a| a.assertion { false } a.(Chef::Exceptions::GroupIDNotFound, "cannot determine group id for '#{resource.group}', does the group exist on this system?") a.whyrun("Assuming group #{resource.group} would have been created") end nil end |
#manage_symlink_attrs? ⇒ Boolean
231 232 233 |
# File 'lib/chef/file_access_control/unix.rb', line 231 def manage_symlink_attrs? @provider.manage_symlink_access? end |
#mode_from_resource(res) ⇒ Object
171 172 173 174 175 |
# File 'lib/chef/file_access_control/unix.rb', line 171 def mode_from_resource(res) return nil if res.nil? || res.mode.nil? (res.mode.respond_to?(:oct) ? res.mode.oct : res.mode.to_i) & 007777 end |
#mode_to_s(mode) ⇒ Object
181 182 183 |
# File 'lib/chef/file_access_control/unix.rb', line 181 def mode_to_s(mode) mode.nil? ? "" : "0#{mode.to_s(8)}" end |
#requires_changes? ⇒ Boolean
TODO factor this up
54 55 56 |
# File 'lib/chef/file_access_control/unix.rb', line 54 def requires_changes? should_update_mode? || should_update_owner? || should_update_group? end |
#set_all ⇒ Object
47 48 49 50 51 |
# File 'lib/chef/file_access_control/unix.rb', line 47 def set_all set_owner set_group set_mode end |
#set_all! ⇒ Object
41 42 43 44 45 |
# File 'lib/chef/file_access_control/unix.rb', line 41 def set_all! set_owner! set_group! set_mode! end |
#set_group ⇒ Object
167 168 169 |
# File 'lib/chef/file_access_control/unix.rb', line 167 def set_group set_group! if should_update_group? end |
#set_group! ⇒ Object
159 160 161 162 163 164 165 |
# File 'lib/chef/file_access_control/unix.rb', line 159 def set_group! unless target_gid.nil? chown(nil, target_gid, file) Chef::Log.info("#{log_string} group changed to #{target_gid}") modified end end |
#set_mode ⇒ Object
219 220 221 |
# File 'lib/chef/file_access_control/unix.rb', line 219 def set_mode set_mode! if should_update_mode? end |
#set_mode! ⇒ Object
211 212 213 214 215 216 217 |
# File 'lib/chef/file_access_control/unix.rb', line 211 def set_mode! unless target_mode.nil? chmod(target_mode, file) Chef::Log.info("#{log_string} mode changed to #{target_mode.to_s(8)}") modified end end |
#set_owner ⇒ Object
107 108 109 |
# File 'lib/chef/file_access_control/unix.rb', line 107 def set_owner set_owner! if should_update_owner? end |
#set_owner! ⇒ Object
99 100 101 102 103 104 105 |
# File 'lib/chef/file_access_control/unix.rb', line 99 def set_owner! unless target_uid.nil? chown(target_uid, nil, file) Chef::Log.info("#{log_string} owner changed to #{target_uid}") modified end end |
#should_update_group? ⇒ Boolean
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/chef/file_access_control/unix.rb', line 139 def should_update_group? if target_gid.nil? # the user has not specified a permission on the new resource, so we never manage it with FAC Chef::Log.trace("Found target_gid == nil, so no group was specified on resource, not managing group") false elsif current_gid.nil? # the user has specified a permission, and we are creating a file, so always enforce permissions Chef::Log.trace("Found current_gid == nil, so we are creating a new file, updating group") true elsif target_gid != current_gid # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.trace("Found target_gid != current_gid, updating group") true else Chef::Log.trace("Found target_gid == current_gid, not updating group") # the user has specified a permission, but it matches the file, so behave idempotently false end end |
#should_update_mode? ⇒ Boolean
189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
# File 'lib/chef/file_access_control/unix.rb', line 189 def should_update_mode? if target_mode.nil? # the user has not specified a permission on the new resource, so we never manage it with FAC Chef::Log.trace("Found target_mode == nil, so no mode was specified on resource, not managing mode") false elsif current_mode.nil? # the user has specified a permission, and we are creating a file, so always enforce permissions Chef::Log.trace("Found current_mode == nil, so we are creating a new file, updating mode") true elsif target_mode != current_mode # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.trace("Found target_mode != current_mode, updating mode") true elsif suid_bit_set? && (should_update_group? || should_update_owner?) true else Chef::Log.trace("Found target_mode == current_mode, not updating mode") # the user has specified a permission, but it matches the file, so behave idempotently false end end |
#should_update_owner? ⇒ Boolean
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/chef/file_access_control/unix.rb', line 79 def should_update_owner? if target_uid.nil? # the user has not specified a permission on the new resource, so we never manage it with FAC Chef::Log.trace("Found target_uid == nil, so no owner was specified on resource, not managing owner") false elsif current_uid.nil? # the user has specified a permission, and we are creating a file, so always enforce permissions Chef::Log.trace("Found current_uid == nil, so we are creating a new file, updating owner") true elsif target_uid != current_uid # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.trace("Found target_uid != current_uid, updating owner") true else Chef::Log.trace("Found target_uid == current_uid, not updating owner") # the user has specified a permission, but it matches the file, so behave idempotently false end end |
#stat ⇒ Object
223 224 225 226 227 228 229 |
# File 'lib/chef/file_access_control/unix.rb', line 223 def stat if manage_symlink_attrs? @stat ||= TargetIO::File.lstat(file) else @stat ||= TargetIO::File.stat(file) end end |
#target_gid ⇒ Object
111 112 113 |
# File 'lib/chef/file_access_control/unix.rb', line 111 def target_gid gid_from_resource(resource) end |
#target_mode ⇒ Object
177 178 179 |
# File 'lib/chef/file_access_control/unix.rb', line 177 def target_mode mode_from_resource(resource) end |
#target_uid ⇒ Object
71 72 73 |
# File 'lib/chef/file_access_control/unix.rb', line 71 def target_uid uid_from_resource(resource) end |