honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix plugins permissions

This commit is contained in:
Jason Tedor 2016-03-17 15:35:21 -04:00
parent dacb96ba61
commit 9f73152940
3 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java
View File

@ -46,7 +46,9 @@ import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.StandardCopyOption; import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.PosixFileAttributeView; import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFileAttributes;
import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
@ -239,7 +241,15 @@ class InstallPluginCommand extends Command {
private Path unzip(Path zip, Path pluginsDir) throws IOException, UserError { private Path unzip(Path zip, Path pluginsDir) throws IOException, UserError {
// unzip plugin to a staging temp dir // unzip plugin to a staging temp dir
Path target = Files.createTempDirectory(pluginsDir, ".installing-"); Set<PosixFilePermission> perms = new HashSet<>();
perms.add(PosixFilePermission.OWNER_EXECUTE);
perms.add(PosixFilePermission.OWNER_READ);
perms.add(PosixFilePermission.OWNER_WRITE);
perms.add(PosixFilePermission.GROUP_READ);
perms.add(PosixFilePermission.GROUP_EXECUTE);
perms.add(PosixFilePermission.OTHERS_READ);
perms.add(PosixFilePermission.OTHERS_EXECUTE);
Path target = Files.createTempDirectory(pluginsDir, ".installing-", PosixFilePermissions.asFileAttribute(perms));
Files.createDirectories(target); Files.createDirectories(target);
boolean hasEsDir = false; boolean hasEsDir = false;
@ -428,6 +438,10 @@ class InstallPluginCommand extends Command {
// create the plugin's config dir "if necessary" // create the plugin's config dir "if necessary"
Files.createDirectories(destConfigDir); Files.createDirectories(destConfigDir);
final PosixFileAttributes destConfigDirAttributes =
Files.getFileAttributeView(destConfigDir.getParent(), PosixFileAttributeView.class).readAttributes();
setOwnerGroup(destConfigDir, destConfigDirAttributes);
try (DirectoryStream<Path> stream = Files.newDirectoryStream(tmpConfigDir)) { try (DirectoryStream<Path> stream = Files.newDirectoryStream(tmpConfigDir)) {
for (Path srcFile : stream) { for (Path srcFile : stream) {
if (Files.isDirectory(srcFile)) { if (Files.isDirectory(srcFile)) {
@ -437,9 +451,17 @@ class InstallPluginCommand extends Command {
Path destFile = destConfigDir.resolve(tmpConfigDir.relativize(srcFile)); Path destFile = destConfigDir.resolve(tmpConfigDir.relativize(srcFile));
if (Files.exists(destFile) == false) { if (Files.exists(destFile) == false) {
Files.copy(srcFile, destFile); Files.copy(srcFile, destFile);
setOwnerGroup(destFile, destConfigDirAttributes);
} }
} }
} }
IOUtils.rm(tmpConfigDir); // clean up what we just copied IOUtils.rm(tmpConfigDir); // clean up what we just copied
} }
private static void setOwnerGroup(Path path, PosixFileAttributes attributes) throws IOException {
PosixFileAttributeView fileAttributeView = Files.getFileAttributeView(path, PosixFileAttributeView.class);
fileAttributeView.setOwner(attributes.owner());
fileAttributeView.setGroup(attributes.group());
}
} }

16
distribution/build.gradle
View File

@ -337,21 +337,19 @@ configure(subprojects.findAll { ['deb', 'rpm'].contains(it.name) }) {
/** /**
* Suck up all the empty directories that we need to install into the path. * Suck up all the empty directories that we need to install into the path.
*/ */
Closure suckUpEmptyDirectories = { path -> Closure suckUpEmptyDirectories = { path, u, g ->
into(path) { into(path) {
from "${packagingFiles}/${path}" from "${packagingFiles}/${path}"
includeEmptyDirs true includeEmptyDirs true
createDirectoryEntry true createDirectoryEntry true
/* All of these empty directories have this ownership. We're just user u
lucky! */ permissionGroup g
user 'elasticsearch'
permissionGroup 'elasticsearch'
} }
} }
suckUpEmptyDirectories('/var/run') suckUpEmptyDirectories('/var/run', 'elasticsearch', 'elasticsearch')
suckUpEmptyDirectories('/var/log') suckUpEmptyDirectories('/var/log', 'elasticsearch', 'elasticsearch')
suckUpEmptyDirectories('/var/lib') suckUpEmptyDirectories('/var/lib', 'elasticsearch', 'elasticsearch')
suckUpEmptyDirectories('/usr/share/elasticsearch') suckUpEmptyDirectories('/usr/share/elasticsearch', 'root', 'root')
} }
} }

2
qa/vagrant/src/test/resources/packaging/scripts/os_package.bash
View File

@ -82,7 +82,7 @@ verify_package_installation() {
assert_file "$ESSCRIPTS" d root elasticsearch 750 assert_file "$ESSCRIPTS" d root elasticsearch 750
assert_file "$ESDATA" d elasticsearch elasticsearch 755 assert_file "$ESDATA" d elasticsearch elasticsearch 755
assert_file "$ESLOG" d elasticsearch elasticsearch 755 assert_file "$ESLOG" d elasticsearch elasticsearch 755
assert_file "$ESPLUGINS" d elasticsearch elasticsearch 755 assert_file "$ESPLUGINS" d root root 755
assert_file "$ESMODULES" d root root 755 assert_file "$ESMODULES" d root root 755
assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755 assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755
assert_file "$ESHOME/NOTICE.txt" f root root 644 assert_file "$ESHOME/NOTICE.txt" f root root 644