diff options
author | Todd Gamblin <tgamblin@llnl.gov> | 2022-12-30 01:24:35 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-30 10:24:35 +0100 |
commit | 06312ddf1827c03e8d0b5f883eb622c547822d9d (patch) | |
tree | 122a17923bc709f54aa82cdb72aea5fa9adc75ad | |
parent | 3a0db729c7fc0def2ac58c7c487cd43d5578ba78 (diff) | |
download | spack-06312ddf1827c03e8d0b5f883eb622c547822d9d.tar.gz spack-06312ddf1827c03e8d0b5f883eb622c547822d9d.tar.bz2 spack-06312ddf1827c03e8d0b5f883eb622c547822d9d.tar.xz spack-06312ddf1827c03e8d0b5f883eb622c547822d9d.zip |
bugfix: setgid tests fail when primary group is unknown (#34729)
On systems with remote groups, the primary user group may be remote and may not exist on
the local system (i.e., it might just be a number). On the CLI, it looks like this:
```console
> touch foo
> l foo
-rw-r--r-- 1 gamblin2 57095 0 Dec 29 22:24 foo
> chmod 2000 foo
chmod: changing permissions of 'foo': Operation not permitted
```
Here, the local machine doesn't know about per-user groups, so they appear as gids in
`ls` output. `57095` is also `gamblin2`'s uid, but the local machine doesn't know that
`gamblin2` is in the `57095` group.
Unfortunately, it seems that Python's `os.chmod()` just fails silently, setting
permissions to `0o0000` instead of `0o2000`. We can avoid this by ensuring that the file
has a group the user is known to be a member of.
- [x] Add `ensure_known_group()` in the permissions tests.
- [x] Call `ensure_known_group()` on tempfile in `test_chmod_real_entries_ignores_suid_sgid`.
-rw-r--r-- | lib/spack/spack/test/permissions.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/spack/spack/test/permissions.py b/lib/spack/spack/test/permissions.py index 06814695de..0297bb2d8e 100644 --- a/lib/spack/spack/test/permissions.py +++ b/lib/spack/spack/test/permissions.py @@ -16,6 +16,18 @@ from spack.util.file_permissions import InvalidPermissionsError, set_permissions pytestmark = pytest.mark.skipif(sys.platform == "win32", reason="chmod unsupported on Windows") +def ensure_known_group(path): + """Ensure that the group of a file is one that's actually in our group list. + + On systems with remote groups, the primary user group may be remote and may not + exist on the local system (i.e., it might just be a number). Trying to use chmod to + setgid can fail silently in situations like this. + """ + uid = os.getuid() + gid = fs.group_ids(uid)[0] + os.chown(path, uid, gid) + + def test_chmod_real_entries_ignores_suid_sgid(tmpdir): path = str(tmpdir.join("file").ensure()) mode = stat.S_ISUID | stat.S_ISGID | stat.S_ISVTX @@ -50,6 +62,8 @@ def test_chmod_rejects_world_writable_suid(tmpdir): def test_chmod_rejects_world_writable_sgid(tmpdir): path = str(tmpdir.join("file").ensure()) + ensure_known_group(path) + mode = stat.S_ISGID fs.chmod_x(path, mode) |