From dfbe1089021f98848d022a34f7d7fa3c5bd3e16a Mon Sep 17 00:00:00 2001
From: Robert Muir <rmuir@apache.org>
Date: Thu, 9 Jul 2015 10:39:58 -0400
Subject: [PATCH] Fix pluginmanager permissions for bin/ scripts

Today it will remove all permissions and only set execute bit:

    ---x--x--x

Instead we should preserve existing permissions, and just add
read and execute to whatever is there.

Closes #12142
---
 .../org/elasticsearch/plugins/PluginManager.java  | 15 +++++++++++----
 .../elasticsearch/plugins/PluginManagerTests.java |  2 ++
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/org/elasticsearch/plugins/PluginManager.java b/core/src/main/java/org/elasticsearch/plugins/PluginManager.java
index 19649cfbb46..96d35685971 100644
--- a/core/src/main/java/org/elasticsearch/plugins/PluginManager.java
+++ b/core/src/main/java/org/elasticsearch/plugins/PluginManager.java
@@ -277,14 +277,21 @@ public class PluginManager {
                 throw new IOException("Could not move [" + binFile + "] to [" + toLocation + "]", e);
             }
             if (Files.getFileStore(toLocation).supportsFileAttributeView(PosixFileAttributeView.class)) {
-                final Set<PosixFilePermission> perms = new HashSet<>();
-                perms.add(PosixFilePermission.OWNER_EXECUTE);
-                perms.add(PosixFilePermission.GROUP_EXECUTE);
-                perms.add(PosixFilePermission.OTHERS_EXECUTE);
+                // add read and execute permissions to existing perms, so execution will work.
+                // read should generally be set already, but set it anyway: don't rely on umask...
+                final Set<PosixFilePermission> executePerms = new HashSet<>();
+                executePerms.add(PosixFilePermission.OWNER_READ);
+                executePerms.add(PosixFilePermission.GROUP_READ);
+                executePerms.add(PosixFilePermission.OTHERS_READ);
+                executePerms.add(PosixFilePermission.OWNER_EXECUTE);
+                executePerms.add(PosixFilePermission.GROUP_EXECUTE);
+                executePerms.add(PosixFilePermission.OTHERS_EXECUTE);
                 Files.walkFileTree(toLocation, new SimpleFileVisitor<Path>() {
                     @Override
                     public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
                         if (attrs.isRegularFile()) {
+                            Set<PosixFilePermission> perms = Files.getPosixFilePermissions(file);
+                            perms.addAll(executePerms);
                             Files.setPosixFilePermissions(file, perms);
                         }
                         return FileVisitResult.CONTINUE;
diff --git a/core/src/test/java/org/elasticsearch/plugins/PluginManagerTests.java b/core/src/test/java/org/elasticsearch/plugins/PluginManagerTests.java
index 62b768bb35b..3d771c70ce0 100644
--- a/core/src/test/java/org/elasticsearch/plugins/PluginManagerTests.java
+++ b/core/src/test/java/org/elasticsearch/plugins/PluginManagerTests.java
@@ -116,6 +116,8 @@ public class PluginManagerTests extends ElasticsearchIntegrationTest {
                 PosixFileAttributes attributes = view.readAttributes();
                 assertTrue("unexpected permissions: " + attributes.permissions(),
                            attributes.permissions().contains(PosixFilePermission.OWNER_EXECUTE));
+                assertTrue("unexpected permissions: " + attributes.permissions(),
+                        attributes.permissions().contains(PosixFilePermission.OWNER_READ));
             }
         } finally {
             // we need to clean up the copied dirs