honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change permissions on config files (#20966) 

This commit changes some default file permissions on configuration files.
This commit is contained in:
Tanguy Leroux 2016-10-24 09:42:03 +02:00 committed by GitHub
parent 268d5ba97a
commit 127b4a8efc
10 changed files with 130 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java
View File

@ -142,29 +142,31 @@ class InstallPluginCommand extends SettingCommand {
private final OptionSpec<Void> batchOption; private final OptionSpec<Void> batchOption;
private final OptionSpec<String> arguments; private final OptionSpec<String> arguments;
static final Set<PosixFilePermission> BIN_DIR_PERMS;
static final Set<PosixFilePermission> DIR_AND_EXECUTABLE_PERMS; static final Set<PosixFilePermission> BIN_FILES_PERMS;
static final Set<PosixFilePermission> FILE_PERMS; static final Set<PosixFilePermission> CONFIG_DIR_PERMS;
static final Set<PosixFilePermission> CONFIG_FILES_PERMS;
static final Set<PosixFilePermission> PLUGIN_DIR_PERMS;
static final Set<PosixFilePermission> PLUGIN_FILES_PERMS;
static { static {
Set<PosixFilePermission> dirAndExecutablePerms = new HashSet<>(7); // Bin directory get chmod 755
// Directories and executables get chmod 755 BIN_DIR_PERMS = Collections.unmodifiableSet(PosixFilePermissions.fromString("rwxr-xr-x"));
dirAndExecutablePerms.add(PosixFilePermission.OWNER_EXECUTE);
dirAndExecutablePerms.add(PosixFilePermission.OWNER_READ);
dirAndExecutablePerms.add(PosixFilePermission.OWNER_WRITE);
dirAndExecutablePerms.add(PosixFilePermission.GROUP_EXECUTE);
dirAndExecutablePerms.add(PosixFilePermission.GROUP_READ);
dirAndExecutablePerms.add(PosixFilePermission.OTHERS_READ);
dirAndExecutablePerms.add(PosixFilePermission.OTHERS_EXECUTE);
DIR_AND_EXECUTABLE_PERMS = Collections.unmodifiableSet(dirAndExecutablePerms);
Set<PosixFilePermission> filePerms = new HashSet<>(4); // Bin files also get chmod 755
// Files get chmod 644 BIN_FILES_PERMS = BIN_DIR_PERMS;
filePerms.add(PosixFilePermission.OWNER_READ);
filePerms.add(PosixFilePermission.OWNER_WRITE); // Config directory get chmod 750
filePerms.add(PosixFilePermission.GROUP_READ); CONFIG_DIR_PERMS = Collections.unmodifiableSet(PosixFilePermissions.fromString("rwxr-x---"));
filePerms.add(PosixFilePermission.OTHERS_READ);
FILE_PERMS = Collections.unmodifiableSet(filePerms); // Config files get chmod 660
CONFIG_FILES_PERMS = Collections.unmodifiableSet(PosixFilePermissions.fromString("rw-rw----"));
// Plugin directory get chmod 755
PLUGIN_DIR_PERMS = BIN_DIR_PERMS;
// Plugins files get chmod 644
PLUGIN_FILES_PERMS = Collections.unmodifiableSet(PosixFilePermissions.fromString("rw-r--r--"));
} }
InstallPluginCommand() { InstallPluginCommand() {
@ -387,7 +389,7 @@ class InstallPluginCommand extends SettingCommand {
private Path stagingDirectory(Path pluginsDir) throws IOException { private Path stagingDirectory(Path pluginsDir) throws IOException {
try { try {
return Files.createTempDirectory(pluginsDir, ".installing-", PosixFilePermissions.asFileAttribute(DIR_AND_EXECUTABLE_PERMS)); return Files.createTempDirectory(pluginsDir, ".installing-", PosixFilePermissions.asFileAttribute(PLUGIN_DIR_PERMS));
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
// Jimfs throws an IAE where it should throw an UOE // Jimfs throws an IAE where it should throw an UOE
// remove when google/jimfs#30 is integrated into Jimfs // remove when google/jimfs#30 is integrated into Jimfs
@ -494,9 +496,9 @@ class InstallPluginCommand extends SettingCommand {
try (DirectoryStream<Path> stream = Files.newDirectoryStream(destination)) { try (DirectoryStream<Path> stream = Files.newDirectoryStream(destination)) {
for (Path pluginFile : stream) { for (Path pluginFile : stream) {
if (Files.isDirectory(pluginFile)) { if (Files.isDirectory(pluginFile)) {
setFileAttributes(pluginFile, DIR_AND_EXECUTABLE_PERMS); setFileAttributes(pluginFile, PLUGIN_DIR_PERMS);
} else { } else {
setFileAttributes(pluginFile, FILE_PERMS); setFileAttributes(pluginFile, PLUGIN_FILES_PERMS);
} }
} }
} }
@ -518,7 +520,7 @@ class InstallPluginCommand extends SettingCommand {
throw new UserException(ExitCodes.IO_ERROR, "bin in plugin " + info.getName() + " is not a directory"); throw new UserException(ExitCodes.IO_ERROR, "bin in plugin " + info.getName() + " is not a directory");
} }
Files.createDirectory(destBinDir); Files.createDirectory(destBinDir);
setFileAttributes(destBinDir, DIR_AND_EXECUTABLE_PERMS); setFileAttributes(destBinDir, BIN_DIR_PERMS);
try (DirectoryStream<Path> stream = Files.newDirectoryStream(tmpBinDir)) { try (DirectoryStream<Path> stream = Files.newDirectoryStream(tmpBinDir)) {
for (Path srcFile : stream) { for (Path srcFile : stream) {
@ -530,7 +532,7 @@ class InstallPluginCommand extends SettingCommand {
Path destFile = destBinDir.resolve(tmpBinDir.relativize(srcFile)); Path destFile = destBinDir.resolve(tmpBinDir.relativize(srcFile));
Files.copy(srcFile, destFile); Files.copy(srcFile, destFile);
setFileAttributes(destFile, DIR_AND_EXECUTABLE_PERMS); setFileAttributes(destFile, BIN_FILES_PERMS);
} }
} }
IOUtils.rm(tmpBinDir); // clean up what we just copied IOUtils.rm(tmpBinDir); // clean up what we just copied
@ -546,7 +548,7 @@ class InstallPluginCommand extends SettingCommand {
} }
Files.createDirectories(destConfigDir); Files.createDirectories(destConfigDir);
setFileAttributes(destConfigDir, DIR_AND_EXECUTABLE_PERMS); setFileAttributes(destConfigDir, CONFIG_DIR_PERMS);
final PosixFileAttributeView destConfigDirAttributesView = final PosixFileAttributeView destConfigDirAttributesView =
Files.getFileAttributeView(destConfigDir.getParent(), PosixFileAttributeView.class); Files.getFileAttributeView(destConfigDir.getParent(), PosixFileAttributeView.class);
final PosixFileAttributes destConfigDirAttributes = final PosixFileAttributes destConfigDirAttributes =
@ -564,7 +566,7 @@ class InstallPluginCommand extends SettingCommand {
Path destFile = destConfigDir.resolve(tmpConfigDir.relativize(srcFile)); Path destFile = destConfigDir.resolve(tmpConfigDir.relativize(srcFile));
if (Files.exists(destFile) == false) { if (Files.exists(destFile) == false) {
Files.copy(srcFile, destFile); Files.copy(srcFile, destFile);
setFileAttributes(destFile, FILE_PERMS); setFileAttributes(destFile, CONFIG_FILES_PERMS);
if (destConfigDirAttributes != null) { if (destConfigDirAttributes != null) {
setOwnerGroup(destFile, destConfigDirAttributes); setOwnerGroup(destFile, destConfigDirAttributes);
} }

31
distribution/build.gradle
View File

@ -200,6 +200,8 @@ configure(subprojects.findAll { ['zip', 'tar', 'integ-test-zip'].contains(it.nam
into("elasticsearch-${version}") { into("elasticsearch-${version}") {
with libFiles with libFiles
into('config') { into('config') {
dirMode 0750
fileMode 0660
with configFiles with configFiles
} }
into('bin') { into('bin') {
@ -242,6 +244,12 @@ configure(subprojects.findAll { ['zip', 'tar', 'integ-test-zip'].contains(it.nam
* 3. ospackage really wants to suck up some of the debian control scripts * 3. ospackage really wants to suck up some of the debian control scripts
* directly from the filesystem. It doesn't want to process them through * directly from the filesystem. It doesn't want to process them through
* MavenFilteringHack or any other copy-style action. * MavenFilteringHack or any other copy-style action.
*
* The following commands are useful when it comes to check the user/group
* and files permissions set within the RPM and DEB packages:
*
* rpm -qlp --dump path/to/elasticsearch.rpm
* dpkg -c path/to/elasticsearch.deb
*/ */
configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) { configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
integTest.enabled = Os.isFamily(Os.FAMILY_WINDOWS) == false integTest.enabled = Os.isFamily(Os.FAMILY_WINDOWS) == false
@ -276,8 +284,6 @@ configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
dependsOn createEtc, createEtcScripts dependsOn createEtc, createEtcScripts
with configFiles with configFiles
into "${packagingFiles}/etc/elasticsearch" into "${packagingFiles}/etc/elasticsearch"
fileMode 0640
dirMode 0750
/* Explicitly declare the output files so this task doesn't consider itself /* Explicitly declare the output files so this task doesn't consider itself
up to date when the directory is created, which it would by default. And up to date when the directory is created, which it would by default. And
that'll happen when createEtc runs. */ that'll happen when createEtc runs. */
@ -365,7 +371,8 @@ configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
configurationFile '/etc/elasticsearch/jvm.options' configurationFile '/etc/elasticsearch/jvm.options'
configurationFile '/etc/elasticsearch/log4j2.properties' configurationFile '/etc/elasticsearch/log4j2.properties'
into('/etc/elasticsearch') { into('/etc/elasticsearch') {
fileMode 0750 dirMode 0750
fileMode 0660
permissionGroup 'elasticsearch' permissionGroup 'elasticsearch'
includeEmptyDirs true includeEmptyDirs true
createDirectoryEntry true createDirectoryEntry true
@ -387,35 +394,35 @@ configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
} }
configurationFile '/etc/init.d/elasticsearch' configurationFile '/etc/init.d/elasticsearch'
into('/etc/init.d') { into('/etc/init.d') {
fileMode 0755 fileMode 0750
fileType CONFIG | NOREPLACE fileType CONFIG | NOREPLACE
from "${packagingFiles}/init.d/elasticsearch" from "${packagingFiles}/init.d/elasticsearch"
} }
configurationFile project.expansions['path.env'] configurationFile project.expansions['path.env']
into(new File(project.expansions['path.env']).getParent()) { into(new File(project.expansions['path.env']).getParent()) {
fileMode 0644
dirMode 0755
fileType CONFIG | NOREPLACE fileType CONFIG | NOREPLACE
fileMode 0660
from "${project.packagingFiles}/env/elasticsearch" from "${project.packagingFiles}/env/elasticsearch"
} }
/** /**
* Suck up all the empty directories that we need to install into the path. * Suck up all the empty directories that we need to install into the path.
*/ */
Closure suckUpEmptyDirectories = { path, u, g -> Closure suckUpEmptyDirectories = { path, u, g, mode ->
into(path) { into(path) {
fileMode 0755
from "${packagingFiles}/${path}" from "${packagingFiles}/${path}"
includeEmptyDirs true includeEmptyDirs true
createDirectoryEntry true createDirectoryEntry true
user u user u
permissionGroup g permissionGroup g
dirMode mode
fileMode mode
} }
} }
suckUpEmptyDirectories('/var/run', 'elasticsearch', 'elasticsearch') suckUpEmptyDirectories('/var/run', 'elasticsearch', 'elasticsearch', 0755)
suckUpEmptyDirectories('/var/log', 'elasticsearch', 'elasticsearch') suckUpEmptyDirectories('/var/log', 'elasticsearch', 'elasticsearch', 0750)
suckUpEmptyDirectories('/var/lib', 'elasticsearch', 'elasticsearch') suckUpEmptyDirectories('/var/lib', 'elasticsearch', 'elasticsearch', 0750)
suckUpEmptyDirectories('/usr/share/elasticsearch', 'root', 'root') suckUpEmptyDirectories('/usr/share/elasticsearch', 'root', 'root', 0755)
} }
} }

2
distribution/src/main/packaging/scripts/postinst
View File

@ -103,7 +103,7 @@ chmod 0750 /etc/elasticsearch
chmod 0750 /etc/elasticsearch/scripts chmod 0750 /etc/elasticsearch/scripts
if [ -f /etc/sysconfig/elasticsearch ]; then if [ -f /etc/sysconfig/elasticsearch ]; then
chmod 0644 /etc/sysconfig/elasticsearch chmod 0660 /etc/sysconfig/elasticsearch
fi fi
${scripts.footer} ${scripts.footer}

2
distribution/src/main/resources/bin/elasticsearch
View File

@ -47,7 +47,7 @@
if echo '${project.name}' | grep project.name > /dev/null ; then if echo '${project.name}' | grep project.name > /dev/null ; then
cat >&2 << EOF cat >&2 << EOF
Error: You must build the project with Maven or download a pre-built package Error: You must build the project with Gradle or download a pre-built package
before you can run Elasticsearch. See 'Building from Source' in README.textile before you can run Elasticsearch. See 'Building from Source' in README.textile
or visit https://www.elastic.co/download to get a pre-built package. or visit https://www.elastic.co/download to get a pre-built package.
EOF EOF

27
qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java
View File

@ -54,9 +54,11 @@ import java.nio.file.Path;
import java.nio.file.SimpleFileVisitor; import java.nio.file.SimpleFileVisitor;
import java.nio.file.StandardCopyOption; import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.BasicFileAttributes; import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.GroupPrincipal;
import java.nio.file.attribute.PosixFileAttributeView; import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFileAttributes; import java.nio.file.attribute.PosixFileAttributes;
import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.UserPrincipal;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
@ -253,7 +255,7 @@ public class InstallPluginCommandTests extends ESTestCase {
assertFalse("not a dir", Files.isDirectory(file)); assertFalse("not a dir", Files.isDirectory(file));
if (isPosix) { if (isPosix) {
PosixFileAttributes attributes = Files.readAttributes(file, PosixFileAttributes.class); PosixFileAttributes attributes = Files.readAttributes(file, PosixFileAttributes.class);
assertEquals(InstallPluginCommand.DIR_AND_EXECUTABLE_PERMS, attributes.permissions()); assertEquals(InstallPluginCommand.BIN_FILES_PERMS, attributes.permissions());
} }
} }
} }
@ -263,18 +265,33 @@ public class InstallPluginCommandTests extends ESTestCase {
assertTrue("config dir exists", Files.exists(configDir)); assertTrue("config dir exists", Files.exists(configDir));
assertTrue("config is a dir", Files.isDirectory(configDir)); assertTrue("config is a dir", Files.isDirectory(configDir));
UserPrincipal user = null;
GroupPrincipal group = null;
if (isPosix) { if (isPosix) {
Path configRoot = env.configFile();
PosixFileAttributes configAttributes = PosixFileAttributes configAttributes =
Files.getFileAttributeView(configRoot, PosixFileAttributeView.class).readAttributes(); Files.getFileAttributeView(env.configFile(), PosixFileAttributeView.class).readAttributes();
user = configAttributes.owner();
group = configAttributes.group();
PosixFileAttributes attributes = Files.getFileAttributeView(configDir, PosixFileAttributeView.class).readAttributes(); PosixFileAttributes attributes = Files.getFileAttributeView(configDir, PosixFileAttributeView.class).readAttributes();
assertThat(attributes.owner(), equalTo(configAttributes.owner())); assertThat(attributes.owner(), equalTo(user));
assertThat(attributes.group(), equalTo(configAttributes.group())); assertThat(attributes.group(), equalTo(group));
} }
try (DirectoryStream<Path> stream = Files.newDirectoryStream(configDir)) { try (DirectoryStream<Path> stream = Files.newDirectoryStream(configDir)) {
for (Path file : stream) { for (Path file : stream) {
assertFalse("not a dir", Files.isDirectory(file)); assertFalse("not a dir", Files.isDirectory(file));
if (isPosix) {
PosixFileAttributes attributes = Files.readAttributes(file, PosixFileAttributes.class);
if (user != null) {
assertThat(attributes.owner(), equalTo(user));
}
if (group != null) {
assertThat(attributes.group(), equalTo(group));
}
}
} }
} }
} }

5
qa/vagrant/src/test/resources/packaging/scripts/30_deb_package.bats
View File

@ -94,6 +94,11 @@ setup() {
run_elasticsearch_tests run_elasticsearch_tests
} }
@test "[DEB] verify package installation after start" {
# Checks that the startup scripts didn't change the permissions
verify_package_installation
}
################################## ##################################
# Uninstall DEB package # Uninstall DEB package
################################## ##################################

9
qa/vagrant/src/test/resources/packaging/scripts/40_rpm_package.bats
View File

@ -89,6 +89,11 @@ setup() {
run_elasticsearch_tests run_elasticsearch_tests
} }
@test "[RPM] verify package installation after start" {
# Checks that the startup scripts didn't change the permissions
verify_package_installation
}
@test "[RPM] remove package" { @test "[RPM] remove package" {
# User installed scripts aren't removed so we'll just get them ourselves # User installed scripts aren't removed so we'll just get them ourselves
rm -rf $ESSCRIPTS rm -rf $ESSCRIPTS
@ -145,6 +150,10 @@ setup() {
rpm -qe 'elasticsearch' rpm -qe 'elasticsearch'
} }
@test "[RPM] verify package reinstallation" {
verify_package_installation
}
@test "[RPM] reremove package" { @test "[RPM] reremove package" {
echo "# ping" >> "/etc/elasticsearch/elasticsearch.yml" echo "# ping" >> "/etc/elasticsearch/elasticsearch.yml"
echo "# ping" >> "/etc/elasticsearch/jvm.options" echo "# ping" >> "/etc/elasticsearch/jvm.options"

27
qa/vagrant/src/test/resources/packaging/scripts/os_package.bash
View File

@ -80,13 +80,17 @@ verify_package_installation() {
assert_file "$ESHOME" d root root 755 assert_file "$ESHOME" d root root 755
assert_file "$ESHOME/bin" d root root 755 assert_file "$ESHOME/bin" d root root 755
assert_file "$ESHOME/bin/elasticsearch" f root root 755
assert_file "$ESHOME/bin/elasticsearch-plugin" f root root 755
assert_file "$ESHOME/bin/elasticsearch-translog" f root root 755
assert_file "$ESHOME/lib" d root root 755 assert_file "$ESHOME/lib" d root root 755
assert_file "$ESCONFIG" d root elasticsearch 750 assert_file "$ESCONFIG" d root elasticsearch 750
assert_file "$ESCONFIG/elasticsearch.yml" f root elasticsearch 750 assert_file "$ESCONFIG/elasticsearch.yml" f root elasticsearch 660
assert_file "$ESCONFIG/log4j2.properties" f root elasticsearch 750 assert_file "$ESCONFIG/jvm.options" f root elasticsearch 660
assert_file "$ESCONFIG/log4j2.properties" f root elasticsearch 660
assert_file "$ESSCRIPTS" d root elasticsearch 750 assert_file "$ESSCRIPTS" d root elasticsearch 750
assert_file "$ESDATA" d elasticsearch elasticsearch 755 assert_file "$ESDATA" d elasticsearch elasticsearch 750
assert_file "$ESLOG" d elasticsearch elasticsearch 755 assert_file "$ESLOG" d elasticsearch elasticsearch 750
assert_file "$ESPLUGINS" d root root 755 assert_file "$ESPLUGINS" d root root 755
assert_file "$ESMODULES" d root root 755 assert_file "$ESMODULES" d root root 755
assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755 assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755
@ -95,7 +99,7 @@ verify_package_installation() {
if is_dpkg; then if is_dpkg; then
# Env file # Env file
assert_file "/etc/default/elasticsearch" f root root 644 assert_file "/etc/default/elasticsearch" f root root 660
# Doc files # Doc files
assert_file "/usr/share/doc/elasticsearch" d root root 755 assert_file "/usr/share/doc/elasticsearch" d root root 755
@ -104,7 +108,7 @@ verify_package_installation() {
if is_rpm; then if is_rpm; then
# Env file # Env file
assert_file "/etc/sysconfig/elasticsearch" f root root 644 assert_file "/etc/sysconfig/elasticsearch" f root root 660
# License file # License file
assert_file "/usr/share/elasticsearch/LICENSE.txt" f root root 644 assert_file "/usr/share/elasticsearch/LICENSE.txt" f root root 644
fi fi
@ -114,4 +118,15 @@ verify_package_installation() {
assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root root 644 assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root root 644
assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root root 644 assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root root 644
fi fi
if is_sysvinit; then
assert_file "/etc/init.d/elasticsearch" f root root 750
fi
run sudo -E -u vagrant LANG="en_US.UTF-8" cat "$ESCONFIG/elasticsearch.yml"
[ $status = 1 ]
[[ "$output" == *"Permission denied"* ]] || {
echo "Expected permission denied but found $output:"
false
}
} }

12
qa/vagrant/src/test/resources/packaging/scripts/plugins.bash
View File

@ -83,7 +83,6 @@ install_jvm_example() {
#just make sure that everything is the same as the parent bin dir, which was properly set up during install #just make sure that everything is the same as the parent bin dir, which was properly set up during install
bin_user=$(find "$ESHOME/bin" -maxdepth 0 -printf "%u") bin_user=$(find "$ESHOME/bin" -maxdepth 0 -printf "%u")
bin_owner=$(find "$ESHOME/bin" -maxdepth 0 -printf "%g") bin_owner=$(find "$ESHOME/bin" -maxdepth 0 -printf "%g")
bin_privileges=$(find "$ESHOME/bin" -maxdepth 0 -printf "%m")
assert_file "$ESHOME/bin/jvm-example" d $bin_user $bin_owner 755 assert_file "$ESHOME/bin/jvm-example" d $bin_user $bin_owner 755
assert_file "$ESHOME/bin/jvm-example/test" f $bin_user $bin_owner 755 assert_file "$ESHOME/bin/jvm-example/test" f $bin_user $bin_owner 755
@ -92,8 +91,15 @@ install_jvm_example() {
config_user=$(find "$ESCONFIG" -maxdepth 0 -printf "%u") config_user=$(find "$ESCONFIG" -maxdepth 0 -printf "%u")
config_owner=$(find "$ESCONFIG" -maxdepth 0 -printf "%g") config_owner=$(find "$ESCONFIG" -maxdepth 0 -printf "%g")
# directories should user the user file-creation mask # directories should user the user file-creation mask
assert_file "$ESCONFIG/jvm-example" d $config_user $config_owner 755 assert_file "$ESCONFIG/jvm-example" d $config_user $config_owner 750
assert_file "$ESCONFIG/jvm-example/example.yaml" f $config_user $config_owner 644 assert_file "$ESCONFIG/jvm-example/example.yaml" f $config_user $config_owner 660
run sudo -E -u vagrant LANG="en_US.UTF-8" cat "$ESCONFIG/jvm-example/example.yaml"
[ $status = 1 ]
[[ "$output" == *"Permission denied"* ]] || {
echo "Expected permission denied but found $output:"
false
}
echo "Running jvm-example's bin script...." echo "Running jvm-example's bin script...."
"$ESHOME/bin/jvm-example/test" | grep test "$ESHOME/bin/jvm-example/test" | grep test

26
qa/vagrant/src/test/resources/packaging/scripts/tar.bash
View File

@ -79,16 +79,18 @@ export_elasticsearch_paths() {
# Checks that all directories & files are correctly installed # Checks that all directories & files are correctly installed
# after a archive (tar.gz/zip) install # after a archive (tar.gz/zip) install
verify_archive_installation() { verify_archive_installation() {
assert_file "$ESHOME" d assert_file "$ESHOME" d elasticsearch elasticsearch 755
assert_file "$ESHOME/bin" d assert_file "$ESHOME/bin" d elasticsearch elasticsearch 755
assert_file "$ESHOME/bin/elasticsearch" f assert_file "$ESHOME/bin/elasticsearch" f elasticsearch elasticsearch 755
assert_file "$ESHOME/bin/elasticsearch.in.sh" f assert_file "$ESHOME/bin/elasticsearch.in.sh" f elasticsearch elasticsearch 755
assert_file "$ESHOME/bin/elasticsearch-plugin" f assert_file "$ESHOME/bin/elasticsearch-plugin" f elasticsearch elasticsearch 755
assert_file "$ESCONFIG" d assert_file "$ESHOME/bin/elasticsearch-translog" f elasticsearch elasticsearch 755
assert_file "$ESCONFIG/elasticsearch.yml" f assert_file "$ESCONFIG" d elasticsearch elasticsearch 755
assert_file "$ESCONFIG/log4j2.properties" f assert_file "$ESCONFIG/elasticsearch.yml" f elasticsearch elasticsearch 660
assert_file "$ESHOME/lib" d assert_file "$ESCONFIG/jvm.options" f elasticsearch elasticsearch 660
assert_file "$ESHOME/NOTICE.txt" f assert_file "$ESCONFIG/log4j2.properties" f elasticsearch elasticsearch 660
assert_file "$ESHOME/LICENSE.txt" f assert_file "$ESHOME/lib" d elasticsearch elasticsearch 755
assert_file "$ESHOME/README.textile" f assert_file "$ESHOME/NOTICE.txt" f elasticsearch elasticsearch 644
assert_file "$ESHOME/LICENSE.txt" f elasticsearch elasticsearch 644
assert_file "$ESHOME/README.textile" f elasticsearch elasticsearch 644
} }