Fix plugins permissions

2016-03-17 15:35:21 -04:00 · 2016-03-17 15:35:21 -04:00 · 9f73152940
parent dacb96ba61
commit 9f73152940
3 changed files with 31 additions and 11 deletions
--- a/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java
+++ b/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java
@ -46,7 +46,9 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.nio.file.attribute.PosixFileAttributeView;
+import java.nio.file.attribute.PosixFileAttributes;
 import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
@ -239,7 +241,15 @@ class InstallPluginCommand extends Command {

    private Path unzip(Path zip, Path pluginsDir) throws IOException, UserError {
        // unzip plugin to a staging temp dir
-        Path target = Files.createTempDirectory(pluginsDir, ".installing-");
+        Set<PosixFilePermission> perms = new HashSet<>();
+        perms.add(PosixFilePermission.OWNER_EXECUTE);
+        perms.add(PosixFilePermission.OWNER_READ);
+        perms.add(PosixFilePermission.OWNER_WRITE);
+        perms.add(PosixFilePermission.GROUP_READ);
+        perms.add(PosixFilePermission.GROUP_EXECUTE);
+        perms.add(PosixFilePermission.OTHERS_READ);
+        perms.add(PosixFilePermission.OTHERS_EXECUTE);
+        Path target = Files.createTempDirectory(pluginsDir, ".installing-", PosixFilePermissions.asFileAttribute(perms));
        Files.createDirectories(target);

        boolean hasEsDir = false;
@ -428,6 +438,10 @@ class InstallPluginCommand extends Command {
        // create the plugin's config dir "if necessary"
        Files.createDirectories(destConfigDir);

+        final PosixFileAttributes destConfigDirAttributes =
+                Files.getFileAttributeView(destConfigDir.getParent(), PosixFileAttributeView.class).readAttributes();
+        setOwnerGroup(destConfigDir, destConfigDirAttributes);
+
        try (DirectoryStream<Path> stream  = Files.newDirectoryStream(tmpConfigDir)) {
            for (Path srcFile : stream) {
                if (Files.isDirectory(srcFile)) {
@ -437,9 +451,17 @@ class InstallPluginCommand extends Command {
                Path destFile = destConfigDir.resolve(tmpConfigDir.relativize(srcFile));
                if (Files.exists(destFile) == false) {
                    Files.copy(srcFile, destFile);
+                    setOwnerGroup(destFile, destConfigDirAttributes);
                }
            }
        }
        IOUtils.rm(tmpConfigDir); // clean up what we just copied
    }
+
+    private static void setOwnerGroup(Path path, PosixFileAttributes attributes) throws IOException {
+        PosixFileAttributeView fileAttributeView = Files.getFileAttributeView(path, PosixFileAttributeView.class);
+        fileAttributeView.setOwner(attributes.owner());
+        fileAttributeView.setGroup(attributes.group());
+    }
+
 }
--- a/distribution/build.gradle
+++ b/distribution/build.gradle
@ -337,21 +337,19 @@ configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
    /**
     * Suck up all the empty directories that we need to install into the path.
     */
-    Closure suckUpEmptyDirectories = { path ->
+    Closure suckUpEmptyDirectories = { path, u, g ->
      into(path) {
        from "${packagingFiles}/${path}"
        includeEmptyDirs true
        createDirectoryEntry true
-        /* All of these empty directories have this ownership. We're just
-          lucky! */
-        user 'elasticsearch'
-        permissionGroup 'elasticsearch'
+        user u
+        permissionGroup g
      }
    }
-    suckUpEmptyDirectories('/var/run')
-    suckUpEmptyDirectories('/var/log')
-    suckUpEmptyDirectories('/var/lib')
-    suckUpEmptyDirectories('/usr/share/elasticsearch')
+    suckUpEmptyDirectories('/var/run', 'elasticsearch', 'elasticsearch')
+    suckUpEmptyDirectories('/var/log', 'elasticsearch', 'elasticsearch')
+    suckUpEmptyDirectories('/var/lib', 'elasticsearch', 'elasticsearch')
+    suckUpEmptyDirectories('/usr/share/elasticsearch', 'root', 'root')
  }
 }

--- a/qa/vagrant/src/test/resources/packaging/scripts/os_package.bash
+++ b/qa/vagrant/src/test/resources/packaging/scripts/os_package.bash
@ -82,7 +82,7 @@ verify_package_installation() {
    assert_file "$ESSCRIPTS" d root elasticsearch 750
    assert_file "$ESDATA" d elasticsearch elasticsearch 755
    assert_file "$ESLOG" d elasticsearch elasticsearch 755
-    assert_file "$ESPLUGINS" d elasticsearch elasticsearch 755
+    assert_file "$ESPLUGINS" d root root 755
    assert_file "$ESMODULES" d root root 755
    assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755
    assert_file "$ESHOME/NOTICE.txt" f root root 644