Checking of config file permissions

10 years ago · 74d85b79a4
parent fe2776b1ad
commit 74d85b79a4
3 changed files with 51 additions and 6 deletions
--- a/config.go
+++ b/config.go
@ -2,7 +2,11 @@ package oz

 import (
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
+	"os"
+	"path"
+	"syscall"
 )

 type Config struct {
@ -36,8 +40,15 @@ func NewDefaultConfig() *Config {
 	}
 }

-func LoadConfig(path string) (*Config, error) {
-	bs, err := ioutil.ReadFile(path)
+func LoadConfig(cpath string) (*Config, error) {
+	if _, err := os.Stat(cpath); os.IsNotExist(err) {
+		return nil,err
+	}
+	if err := checkConfigPermissions(cpath); err != nil {
+		return nil, err
+	}
+	
+	bs, err := ioutil.ReadFile(cpath)
 	if err != nil {
 		return nil, err
 	}
@ -47,3 +58,27 @@ func LoadConfig(path string) (*Config, error) {
 	}
 	return c, nil
 }
+
+func checkConfigPermissions(fpath string) error {
+	pd := path.Dir(fpath)
+	for _, fp := range []string{pd, fpath} {
+		if err := checkPathRootPermissions(fp); err != nil {
+			return fmt.Errorf("file (%s) is %s", fp, err)
+		}
+	}
+	return nil
+}
+
+func checkPathRootPermissions(fpath string) error {
+	fstat, err := os.Stat(fpath)
+	if err != nil {
+		return err
+	}
+	if (fstat.Mode().Perm() & syscall.S_IWOTH) != 0 {
+		return fmt.Errorf("writable by everyone!", fpath)
+	}
+	if (fstat.Mode().Perm() & syscall.S_IWGRP) != 0 && fstat.Sys().(*syscall.Stat_t).Gid != 0 {
+		return fmt.Errorf("writable by someone else than root!", err)
+	}
+	return nil
+}
--- a/oz-daemon/daemon.go
+++ b/oz-daemon/daemon.go
@ -51,8 +51,13 @@ func initialize() *daemonState {
 	var config *oz.Config
 	config, err := oz.LoadConfig(oz.DefaultConfigPath)
 	if err != nil {
-		d.log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath)
+		if os.IsNotExist(err) {
+			d.log.Info("Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath)
 			config = oz.NewDefaultConfig()
+		} else {
+			d.log.Error("Could not load configuration: %s", oz.DefaultConfigPath, err)
+			os.Exit(1)
+		}
 	}
 	d.log.Info("Oz Global Config: %+v", config)
 	d.config = config
--- a/oz-init/init.go
+++ b/oz-init/init.go
@ -79,8 +79,13 @@ func parseArgs() *initState {
 	var config *oz.Config
 	config, err := oz.LoadConfig(oz.DefaultConfigPath)
 	if err != nil {
-		log.Info("Could not load config file (%s), using default config", oz.DefaultConfigPath)
+		if os.IsNotExist(err) {
+			log.Info("Configuration file (%s) is missing, using defaults.", oz.DefaultConfigPath)
 			config = oz.NewDefaultConfig()
+		} else {
+			log.Error("Could not load configuration: %s", oz.DefaultConfigPath, err)
+			os.Exit(1)
+		}
 	}

 	p, err := loadProfile(config.ProfileDir, pname)