Module: Chef::FileAccessControl::Unix

Included in:
Chef::FileAccessControl
Defined in:
lib/chef/file_access_control/unix.rb

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

UINT =
(1 << 32)
UID_MAX =
(1 << 32) - 10

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object



36
37
38
39
# File 'lib/chef/file_access_control/unix.rb', line 36

def self.included(base)
  # When this file is mixed in, make sure we also add the class methods
  base.send :extend, ClassMethods
end

Instance Method Details

#current_gidObject



115
116
117
# File 'lib/chef/file_access_control/unix.rb', line 115

def current_gid
  gid_from_resource(current_resource)
end

#current_modeObject



185
186
187
# File 'lib/chef/file_access_control/unix.rb', line 185

def current_mode
  mode_from_resource(current_resource)
end

#current_uidObject



75
76
77
# File 'lib/chef/file_access_control/unix.rb', line 75

def current_uid
  uid_from_resource(current_resource)
end

#define_resource_requirementsObject



58
59
60
61
# File 'lib/chef/file_access_control/unix.rb', line 58

def define_resource_requirements
  uid_from_resource(resource)
  gid_from_resource(resource)
end

#describe_changesObject



63
64
65
66
67
68
69
# File 'lib/chef/file_access_control/unix.rb', line 63

def describe_changes
  changes = []
  changes << "change mode from '#{mode_to_s(current_mode)}' to '#{mode_to_s(target_mode)}'" if should_update_mode?
  changes << "change owner from '#{current_resource.owner}' to '#{resource.owner}'" if should_update_owner?
  changes << "change group from '#{current_resource.group}' to '#{resource.group}'" if should_update_group?
  changes
end

#gid_from_resource(resource) ⇒ Object



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'lib/chef/file_access_control/unix.rb', line 119

def gid_from_resource(resource)
  return nil if resource.nil? || resource.group.nil?

  if resource.group.is_a?(String)
    diminished_radix_complement( TargetIO::Etc.getgrnam(resource.group).gid )
  elsif resource.group.is_a?(Integer)
    resource.group
  else
    Chef::Log.error("The `group` parameter of the #{@resource} resource is set to an invalid value (#{resource.owner.inspect})")
    raise ArgumentError, "cannot resolve #{resource.group.inspect} to gid, group must be a string or integer"
  end
rescue ArgumentError
  provider.requirements.assert(:create, :create_if_missing, :touch) do |a|
    a.assertion { false }
    a.failure_message(Chef::Exceptions::GroupIDNotFound, "cannot determine group id for '#{resource.group}', does the group exist on this system?")
    a.whyrun("Assuming group #{resource.group} would have been created")
  end
  nil
end

Returns:

  • (Boolean)


231
232
233
# File 'lib/chef/file_access_control/unix.rb', line 231

def manage_symlink_attrs?
  @provider.manage_symlink_access?
end

#mode_from_resource(res) ⇒ Object



171
172
173
174
175
# File 'lib/chef/file_access_control/unix.rb', line 171

def mode_from_resource(res)
  return nil if res.nil? || res.mode.nil?

  (res.mode.respond_to?(:oct) ? res.mode.oct : res.mode.to_i) & 007777
end

#mode_to_s(mode) ⇒ Object



181
182
183
# File 'lib/chef/file_access_control/unix.rb', line 181

def mode_to_s(mode)
  mode.nil? ? "" : "0#{mode.to_s(8)}"
end

#requires_changes?Boolean

TODO factor this up

Returns:

  • (Boolean)


54
55
56
# File 'lib/chef/file_access_control/unix.rb', line 54

def requires_changes?
  should_update_mode? || should_update_owner? || should_update_group?
end

#set_allObject



47
48
49
50
51
# File 'lib/chef/file_access_control/unix.rb', line 47

def set_all
  set_owner
  set_group
  set_mode
end

#set_all!Object



41
42
43
44
45
# File 'lib/chef/file_access_control/unix.rb', line 41

def set_all!
  set_owner!
  set_group!
  set_mode!
end

#set_groupObject



167
168
169
# File 'lib/chef/file_access_control/unix.rb', line 167

def set_group
  set_group! if should_update_group?
end

#set_group!Object



159
160
161
162
163
164
165
# File 'lib/chef/file_access_control/unix.rb', line 159

def set_group!
  unless target_gid.nil?
    chown(nil, target_gid, file)
    Chef::Log.info("#{log_string} group changed to #{target_gid}")
    modified
  end
end

#set_modeObject



219
220
221
# File 'lib/chef/file_access_control/unix.rb', line 219

def set_mode
  set_mode! if should_update_mode?
end

#set_mode!Object



211
212
213
214
215
216
217
# File 'lib/chef/file_access_control/unix.rb', line 211

def set_mode!
  unless target_mode.nil?
    chmod(target_mode, file)
    Chef::Log.info("#{log_string} mode changed to #{target_mode.to_s(8)}")
    modified
  end
end

#set_ownerObject



107
108
109
# File 'lib/chef/file_access_control/unix.rb', line 107

def set_owner
  set_owner! if should_update_owner?
end

#set_owner!Object



99
100
101
102
103
104
105
# File 'lib/chef/file_access_control/unix.rb', line 99

def set_owner!
  unless target_uid.nil?
    chown(target_uid, nil, file)
    Chef::Log.info("#{log_string} owner changed to #{target_uid}")
    modified
  end
end

#should_update_group?Boolean

Returns:

  • (Boolean)


139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# File 'lib/chef/file_access_control/unix.rb', line 139

def should_update_group?
  if target_gid.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.trace("Found target_gid == nil, so no group was specified on resource, not managing group")
    false
  elsif current_gid.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.trace("Found current_gid == nil, so we are creating a new file, updating group")
    true
  elsif target_gid != current_gid
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.trace("Found target_gid != current_gid, updating group")
    true
  else
    Chef::Log.trace("Found target_gid == current_gid, not updating group")
    # the user has specified a permission, but it matches the file, so behave idempotently
    false
  end
end

#should_update_mode?Boolean

Returns:

  • (Boolean)


189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
# File 'lib/chef/file_access_control/unix.rb', line 189

def should_update_mode?
  if target_mode.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.trace("Found target_mode == nil, so no mode was specified on resource, not managing mode")
    false
  elsif current_mode.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.trace("Found current_mode == nil, so we are creating a new file, updating mode")
    true
  elsif target_mode != current_mode
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.trace("Found target_mode != current_mode, updating mode")
    true
  elsif suid_bit_set? && (should_update_group? || should_update_owner?)
    true
  else
    Chef::Log.trace("Found target_mode == current_mode, not updating mode")
    # the user has specified a permission, but it matches the file, so behave idempotently
    false
  end
end

#should_update_owner?Boolean

Returns:

  • (Boolean)


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/chef/file_access_control/unix.rb', line 79

def should_update_owner?
  if target_uid.nil?
    # the user has not specified a permission on the new resource, so we never manage it with FAC
    Chef::Log.trace("Found target_uid == nil, so no owner was specified on resource, not managing owner")
    false
  elsif current_uid.nil?
    # the user has specified a permission, and we are creating a file, so always enforce permissions
    Chef::Log.trace("Found current_uid == nil, so we are creating a new file, updating owner")
    true
  elsif target_uid != current_uid
    # the user has specified a permission, and it does not match the file, so fix the permission
    Chef::Log.trace("Found target_uid != current_uid, updating owner")
    true
  else
    Chef::Log.trace("Found target_uid == current_uid, not updating owner")
    # the user has specified a permission, but it matches the file, so behave idempotently
    false
  end
end

#statObject



223
224
225
226
227
228
229
# File 'lib/chef/file_access_control/unix.rb', line 223

def stat
  if manage_symlink_attrs?
    @stat ||= TargetIO::File.lstat(file)
  else
    @stat ||= TargetIO::File.stat(file)
  end
end

#target_gidObject



111
112
113
# File 'lib/chef/file_access_control/unix.rb', line 111

def target_gid
  gid_from_resource(resource)
end

#target_modeObject



177
178
179
# File 'lib/chef/file_access_control/unix.rb', line 177

def target_mode
  mode_from_resource(resource)
end

#target_uidObject



71
72
73
# File 'lib/chef/file_access_control/unix.rb', line 71

def target_uid
  uid_from_resource(resource)
end