Checking of config file permissions

master
xSmurf 10 years ago
parent fe2776b1ad
commit 74d85b79a4

@ -2,7 +2,11 @@ package oz
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path"
"syscall"
)
type Config struct {
@ -36,8 +40,15 @@ func NewDefaultConfig() *Config {
}
}
func LoadConfig(path string) (*Config, error) {
bs, err := ioutil.ReadFile(path)
func LoadConfig(cpath string) (*Config, error) {
if _, err := os.Stat(cpath); os.IsNotExist(err) {
return nil,err
}
if err := checkConfigPermissions(cpath); err != nil {
return nil, err
}
bs, err := ioutil.ReadFile(cpath)
if err != nil {
return nil, err
}
@ -47,3 +58,27 @@ func LoadConfig(path string) (*Config, error) {
}
return c, nil
}
func checkConfigPermissions(fpath string) error {
pd := path.Dir(fpath)
for _, fp := range []string{pd, fpath} {
if err := checkPathRootPermissions(fp); err != nil {
return fmt.Errorf("file (%s) is %s", fp, err)
}
}
return nil
}
func checkPathRootPermissions(fpath string) error {
fstat, err := os.Stat(fpath)
if err != nil {
return err
}
if (fstat.Mode().Perm() & syscall.S_IWOTH) != 0 {
return fmt.Errorf("writable by everyone!", fpath)
}
if (fstat.Mode().Perm() & syscall.S_IWGRP) != 0 && fstat.Sys().(*syscall.Stat_t).Gid != 0 {
return fmt.Errorf("writable by someone else than root!", err)
}
return nil
}

@ -51,8 +51,13 @@ func initialize() *daemonState {
var config *oz.Config
config, err := oz.LoadConfig(oz.DefaultConfigPath)
if err != nil {
d.log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath)
config = oz.NewDefaultConfig()
if os.IsNotExist(err) {
d.log.Info("Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath)
config = oz.NewDefaultConfig()
} else {
d.log.Error("Could not load configuration: %s", oz.DefaultConfigPath, err)
os.Exit(1)
}
}
d.log.Info("Oz Global Config: %+v", config)
d.config = config

@ -79,8 +79,13 @@ func parseArgs() *initState {
var config *oz.Config
config, err := oz.LoadConfig(oz.DefaultConfigPath)
if err != nil {
log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath)
config = oz.NewDefaultConfig()
if os.IsNotExist(err) {
log.Info("Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath)
config = oz.NewDefaultConfig()
} else {
log.Error("Could not load configuration: %s", oz.DefaultConfigPath, err)
os.Exit(1)
}
}
p, err := loadProfile(config.ProfileDir, pname)

Loading…
Cancel
Save