Module: Chef::FileAccessControl::Unix

Included in:
Chef::FileAccessControl
Defined in:
lib/chef/file_access_control/unix.rb

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

UINT = 
(1 << 32)
UID_MAX = 
(1 << 32) - 10

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



36
37
38
39
 
# File 'lib/chef/file_access_control/unix.rb', line 36

def self.included(base)
  # When this file is mixed in, make sure we also add the class methods
  base.send :extend, ClassMethods
end

Instance Method Details

#current_gidObject 



115
116
117
 
# File 'lib/chef/file_access_control/unix.rb', line 115

def current_gid
  gid_from_resource(current_resource)
end

#current_modeObject 



185
186
187
 
# File 'lib/chef/file_access_control/unix.rb', line 185

def current_mode
  mode_from_resource(current_resource)
end

#current_uidObject 



75
76
77
 
# File 'lib/chef/file_access_control/unix.rb', line 75

def current_uid
  uid_from_resource(current_resource)
end

#define_resource_requirementsObject 



58
59
60
61
 
# File 'lib/chef/file_access_control/unix.rb', line 58

def define_resource_requirements
  uid_from_resource(resource)
  gid_from_resource(resource)
end

#describe_changesObject 



63
64
65
66
67
68
69
 
# File 'lib/chef/file_access_control/unix.rb', line 63

def describe_changes
  changes = []
  changes << "change mode from '#{mode_to_s(current_mode)}' to '#{mode_to_s(target_mode)}'" if should_update_mode?
  changes << "change owner from '#{current_resource.owner}' to '#{resource.owner}'" if should_update_owner?
  changes << "change group from '#{current_resource.group}' to '#{resource.group}'" if should_update_group?
  changes
end

#gid_from_resource(resource) ⇒ Object 



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
# File 'lib/chef/file_access_control/unix.rb', line 119

def gid_from_resource(resource)
  return nil if resource.nil? || resource.group.nil?

  if resource.group.is_a?(String)
    diminished_radix_complement( TargetIO::Etc.getgrnam(resource.group).gid )
  elsif resource.group.is_a?(Integer)
    resource.group
  else
    Chef::Log.error("The `group` parameter of the #{@resource} resource is set to an invalid value (#{resource.owner.inspect})")
    raise ArgumentError, "cannot resolve #{resource.group.inspect} to gid, group must be a string or integer"
  end
rescue ArgumentError
  provider.requirements.assert(:create, :create_if_missing, :touch) do |a|
    a.assertion { false }
    a.failure_message(Chef::Exceptions::GroupIDNotFound, "cannot determine group id for '#{resource.group}', does the group exist on this system?")
    a.whyrun("Assuming group #{resource.group} would have been created")
  end
  nil
end

#manage_symlink_attrs?Boolean

Returns:

  • (Boolean) 


231
232
233
 
# File 'lib/chef/file_access_control/unix.rb', line 231

def manage_symlink_attrs?
  @provider.manage_symlink_access?
end

#mode_from_resource(res) ⇒ Object 



171
172
173
174
175
 
# File 'lib/chef/file_access_control/unix.rb', line 171

def mode_from_resource(res)
  return nil if res.nil? || res.mode.nil?

  (res.mode.respond_to?(:oct) ? res.mode.oct : res.mode.to_i) & 007777
end

#mode_to_s(mode) ⇒ Object 



181
182
183
 
# File 'lib/chef/file_access_control/unix.rb', line 181

def mode_to_s(mode)
  mode.nil? ? "" : "0#{mode.to_s(8)}"
end

#requires_changes?Boolean

TODO factor this up

Returns:

  • (Boolean) 


54
55
56
 
# File 'lib/chef/file_access_control/unix.rb', line 54

def requires_changes?
  should_update_mode? || should_update_owner? || should_update_group?
end

#set_allObject 



47
48
49
50
51
 
# File 'lib/chef/file_access_control/unix.rb', line 47

def set_all
  set_owner
  set_group
  set_mode
end

#set_all!Object 



41
42
43
44
45
 
# File 'lib/chef/file_access_control/unix.rb', line 41

def set_all!
  set_owner!
  set_group!
  set_mode!
end

#set_groupObject 



167
168
169
 
# File 'lib/chef/file_access_control/unix.rb', line 167

def set_group
  set_group! if should_update_group?
end

#set_group!Object 



159
160
161
162
163
164
165
 
# File 'lib/chef/file_access_control/unix.rb', line 159

def set_group!
  unless target_gid.nil?
    chown(nil, target_gid, file)
    Chef::Log.info("#{log_string} group changed to #{target_gid}")
    modified
  end
end

#set_modeObject 



219
220
221
 
# File 'lib/chef/file_access_control/unix.rb', line 219

def set_mode
  set_mode! if should_update_mode?
end

#set_mode!Object 



211
212
213
214
215
216
217
 
# File 'lib/chef/file_access_control/unix.rb', line 211

def set_mode!
  unless target_mode.nil?
    chmod(target_mode, file)
    Chef::Log.info("#{log_string} mode changed to #{target_mode.to_s(8)}")
    modified
  end
end

#set_ownerObject 



107
108
109
 
# File 'lib/chef/file_access_control/unix.rb', line 107

def set_owner
  set_owner! if should_update_owner?
end

#set_owner!Object 



99
100
101
102
103
104
105
 
# File 'lib/chef/file_access_control/unix.rb', line 99

def set_owner!
  unless target_uid.nil?
    chown(target_uid, nil, file)
    Chef::Log.info("#{log_string} owner changed to #{target_uid}")
    modified
  end
end

#should_update_group?Boolean

Returns:

  • (Boolean) 


139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/chef/file_access_control/unix.rb', line 139

def should_update_group?
  if target_gid.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.trace("Found target_gid == nil, so no group was specified on resource, not managing group")
    false
  elsif current_gid.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.trace("Found current_gid == nil, so we are creating a new file, updating group")
    true
  elsif target_gid != current_gid
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.trace("Found target_gid != current_gid, updating group")
    true
  else
    Chef::Log.trace("Found target_gid == current_gid, not updating group")
    # the user has specified a permission, but it matches the file, so behave idempotently
    false
  end
end

#should_update_mode?Boolean

Returns:

  • (Boolean) 


189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
 
# File 'lib/chef/file_access_control/unix.rb', line 189

def should_update_mode?
  if target_mode.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.trace("Found target_mode == nil, so no mode was specified on resource, not managing mode")
    false
  elsif current_mode.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.trace("Found current_mode == nil, so we are creating a new file, updating mode")
    true
  elsif target_mode != current_mode
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.trace("Found target_mode != current_mode, updating mode")
    true
  elsif suid_bit_set? && (should_update_group? || should_update_owner?)
    true
  else
    Chef::Log.trace("Found target_mode == current_mode, not updating mode")
    # the user has specified a permission, but it matches the file, so behave idempotently
    false
  end
end

#should_update_owner?Boolean

Returns:

  • (Boolean) 


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/chef/file_access_control/unix.rb', line 79

def should_update_owner?
  if target_uid.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.trace("Found target_uid == nil, so no owner was specified on resource, not managing owner")
    false
  elsif current_uid.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.trace("Found current_uid == nil, so we are creating a new file, updating owner")
    true
  elsif target_uid != current_uid
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.trace("Found target_uid != current_uid, updating owner")
    true
  else
    Chef::Log.trace("Found target_uid == current_uid, not updating owner")
    # the user has specified a permission, but it matches the file, so behave idempotently
    false
  end
end

#statObject 



223
224
225
226
227
228
229
 
# File 'lib/chef/file_access_control/unix.rb', line 223

def stat
  if manage_symlink_attrs?
    @stat ||= TargetIO::File.lstat(file)
  else
    @stat ||= TargetIO::File.stat(file)
  end
end

#target_gidObject 



111
112
113
 
# File 'lib/chef/file_access_control/unix.rb', line 111

def target_gid
  gid_from_resource(resource)
end

#target_modeObject 



177
178
179
 
# File 'lib/chef/file_access_control/unix.rb', line 177

def target_mode
  mode_from_resource(resource)
end

#target_uidObject 



71
72
73
 
# File 'lib/chef/file_access_control/unix.rb', line 71

def target_uid
  uid_from_resource(resource)
end