Class: Inspec::Resources::UnixFilePermissions
Instance Attribute Summary
#inspec
Instance Method Summary
collapse
#initialize
Instance Method Details
#check_file_permission_by_mask(file, access_type, usergroup, specific_user) ⇒ Object
269
270
271
272
273
274
275
276
|
# File 'lib/inspec/resources/file.rb', line 269
def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
usergroup = usergroup_for(usergroup, specific_user)
flag = permission_flag(access_type)
mask = file.unix_mode_mask(usergroup, flag)
raise "Invalid usergroup/owner provided" if mask.nil?
(file.mode & mask) != 0
end
|
#check_file_permission_by_user(access_type, user, path) ⇒ Object
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
|
# File 'lib/inspec/resources/file.rb', line 278
def check_file_permission_by_user(access_type, user, path)
flag = permission_flag(access_type)
if inspec.os.linux?
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
elsif inspec.os.bsd? || inspec.os.solaris?
perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
elsif inspec.os.aix?
perm_cmd = "su #{user} -c test -#{flag} #{path}"
elsif inspec.os.hpux?
perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
else
return skip_resource "The `file` resource does not support `by_user` on your OS."
end
cmd = inspec.command(perm_cmd)
cmd.exit_status == 0 ? true : false
end
|
#permission_flag(access_type) ⇒ Object
246
247
248
249
250
251
252
253
254
255
256
257
|
# File 'lib/inspec/resources/file.rb', line 246
def permission_flag(access_type)
case access_type
when "read"
"r"
when "write"
"w"
when "execute"
"x"
else
raise "Invalid access_type provided"
end
end
|
#usergroup_for(usergroup, specific_user) ⇒ Object
259
260
261
262
263
264
265
266
267
|
# File 'lib/inspec/resources/file.rb', line 259
def usergroup_for(usergroup, specific_user)
if usergroup == "others"
"other"
elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
"all"
else
usergroup
end
end
|