Class: Inspec::Resources::UnixFilePermissions
Instance Attribute Summary
#inspec
Instance Method Summary
collapse
#initialize
Instance Method Details
#check_file_permission_by_mask(file, access_type, usergroup, specific_user) ⇒ Object
212
213
214
215
216
217
218
|
# File 'lib/resources/file.rb', line 212
def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
usergroup = usergroup_for(usergroup, specific_user)
flag = permission_flag(access_type)
mask = file.unix_mode_mask(usergroup, flag)
raise 'Invalid usergroup/owner provided' if mask.nil?
(file.mode & mask) != 0
end
|
#check_file_permission_by_user(access_type, user, path) ⇒ Object
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
# File 'lib/resources/file.rb', line 220
def check_file_permission_by_user(access_type, user, path)
flag = permission_flag(access_type)
if inspec.os.linux?
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
elsif inspec.os.bsd? || inspec.os.solaris?
perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
elsif inspec.os.aix?
perm_cmd = "su #{user} -c test -#{flag} #{path}"
elsif inspec.os.hpux?
perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
else
return skip_resource 'The `file` resource does not support `by_user` on your OS.'
end
cmd = inspec.command(perm_cmd)
cmd.exit_status == 0 ? true : false
end
|
#permission_flag(access_type) ⇒ Object
189
190
191
192
193
194
195
196
197
198
199
200
|
# File 'lib/resources/file.rb', line 189
def permission_flag(access_type)
case access_type
when 'read'
'r'
when 'write'
'w'
when 'execute'
'x'
else
raise 'Invalid access_type provided'
end
end
|
#usergroup_for(usergroup, specific_user) ⇒ Object
202
203
204
205
206
207
208
209
210
|
# File 'lib/resources/file.rb', line 202
def usergroup_for(usergroup, specific_user)
if usergroup == 'others'
'other'
elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
'all'
else
usergroup
end
end
|