From 46a831419b4b0ba458283ba705abfcc100f41242 Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Fri, 15 Nov 2019 17:45:14 +0300 Subject: [PATCH] Ability to forcefully override umask --- doc/cfg.texi | 27 +++++++++++++++++++++++++++ doc/news.ru.texi | 4 ++++ doc/news.texi | 3 +++ src/cfg.go | 27 ++++++++++++++++++++------- src/cmd/nncp-bundle/main.go | 2 ++ src/cmd/nncp-call/main.go | 1 + src/cmd/nncp-caller/main.go | 1 + src/cmd/nncp-cfgnew/main.go | 4 ++++ src/cmd/nncp-check/main.go | 1 + src/cmd/nncp-daemon/main.go | 1 + src/cmd/nncp-exec/main.go | 1 + src/cmd/nncp-file/main.go | 1 + src/cmd/nncp-freq/main.go | 1 + src/cmd/nncp-reass/main.go | 2 ++ src/cmd/nncp-rm/main.go | 1 + src/cmd/nncp-stat/main.go | 1 + src/cmd/nncp-toss/main.go | 2 ++ src/cmd/nncp-xfer/main.go | 1 + src/ctx.go | 8 ++++++++ 19 files changed, 82 insertions(+), 7 deletions(-) diff --git a/doc/cfg.texi b/doc/cfg.texi index 46e3f5e..0aca8f9 100644 --- a/doc/cfg.texi +++ b/doc/cfg.texi @@ -7,6 +7,8 @@ Example @url{https://hjson.org/, Hjson} configuration file: { spool: /var/spool/nncp log: /var/spool/nncp/log + umask: "022" + notify: { file: { from: nncp@localhost @@ -17,6 +19,7 @@ Example @url{https://hjson.org/, Hjson} configuration file: to: user+freq@example.com } } + self: { id: TIJQL...2NGIA exchpub: CYVGQ...PSEWQ @@ -26,6 +29,7 @@ Example @url{https://hjson.org/, Hjson} configuration file: noiseprv: D62XU...NKYPA noisepub: KIBKK...ESM7Q } + neigh: { self: { id: TIJQL...2NGIA @@ -78,6 +82,10 @@ Example @url{https://hjson.org/, Hjson} configuration file: directory. @strong{log} field contains an absolute path to @ref{Log, log} file. +Non-empty optional @strong{umask} will force all invoked commands to +override their umask to specified octal mask. Useful for using with +@ref{Shared spool, shared spool directories}. + @anchor{CfgNotify} @strong{notify} section contains notification settings for successfully tossed file and freq packets. Corresponding @strong{from} and @@ -191,3 +199,22 @@ List of @ref{Call, call configuration}s. Can be omitted if @ref{nncp-caller} won't be used to call that node. @end table + +@menu +* Shared spool directory: Shared spool. +@end menu + +@node Shared spool +@section Shared spool directory + +If you want to share single spool directory with multiple grouped Unix +users, then you can @command{setgid} it and assure that umask is group +friendly. For convenience you can set @option{umask} globally for +invoked NNCP commands in the configuration file. For example: + +@verbatim +$ chgrp nncp /usr/local/etc/nncp.hjson /var/spool/nncp +$ chmod g+r /usr/local/etc/nncp.hjson +$ chmod g+rwxs /var/spool/nncp +$ echo 'umask: "007"' >> /usr/local/etc/nncp.hjson +@end verbatim diff --git a/doc/news.ru.texi b/doc/news.ru.texi index 2b09a72..828a3cd 100644 --- a/doc/news.ru.texi +++ b/doc/news.ru.texi @@ -29,6 +29,10 @@ pipe вызов сторонней команды. Дубликаты имён файлов имеют суффикс @file{.CTR}, вместо @file{CTR}, чтобы избежать возможных коллизий с @file{.nncp.chunkCTR}. +@item +Возможность переопределить umask процесса через опцию конфигурационного +файла. + @item По умолчанию файлы и директории создаются с 666/777 правами доступа, позволяя управлять ими @command{umask}-ом. diff --git a/doc/news.texi b/doc/news.texi index 5cc2e6f..b57c5ea 100644 --- a/doc/news.texi +++ b/doc/news.texi @@ -31,6 +31,9 @@ behaviour. Duplicate filenames have @file{.CTR} suffix, instead of @file{CTR}, to avoid possible collisions with @file{.nncp.chunkCTR}. +@item +Ability to override process umask through configuration file option. + @item Files and directories are created with 666/777 permissions by default, allowing control with @command{umask}. diff --git a/src/cfg.go b/src/cfg.go index deebd19..a4450e0 100644 --- a/src/cfg.go +++ b/src/cfg.go @@ -24,6 +24,7 @@ import ( "log" "os" "path" + "strconv" "github.com/gorhill/cronexpr" "github.com/hjson/hjson-go" @@ -97,8 +98,10 @@ type NotifyJSON struct { } type CfgJSON struct { - Spool string `json:"spool"` - Log string `json:"log"` + Spool string `json:"spool"` + Log string `json:"log"` + Umask string `json:"umask",omitempty` + Notify *NotifyJSON `json:"notify,omitempty"` Self *NodeOurJSON `json:"self"` @@ -397,12 +400,22 @@ func CfgParse(data []byte) (*Ctx, error) { if !path.IsAbs(logPath) { return nil, errors.New("Log path must be absolute") } + var umaskForce *int + if cfgJSON.Umask != "" { + r, err := strconv.ParseUint(cfgJSON.Umask, 8, 16) + if err != nil { + return nil, err + } + rInt := int(r) + umaskForce = &rInt + } ctx := Ctx{ - Spool: spoolPath, - LogPath: logPath, - Self: self, - Neigh: make(map[NodeId]*Node, len(cfgJSON.Neigh)), - Alias: make(map[string]*NodeId), + Spool: spoolPath, + LogPath: logPath, + UmaskForce: umaskForce, + Self: self, + Neigh: make(map[NodeId]*Node, len(cfgJSON.Neigh)), + Alias: make(map[string]*NodeId), } if cfgJSON.Notify != nil { if cfgJSON.Notify.File != nil { diff --git a/src/cmd/nncp-bundle/main.go b/src/cmd/nncp-bundle/main.go index c8f87d8..4f5bca1 100644 --- a/src/cmd/nncp-bundle/main.go +++ b/src/cmd/nncp-bundle/main.go @@ -102,6 +102,8 @@ func main() { nodeIds[*node.Id] = struct{}{} } + ctx.Umask() + sds := nncp.SDS{} if *doTx { sds["xx"] = string(nncp.TTx) diff --git a/src/cmd/nncp-call/main.go b/src/cmd/nncp-call/main.go index 07deec1..dde658f 100644 --- a/src/cmd/nncp-call/main.go +++ b/src/cmd/nncp-call/main.go @@ -139,6 +139,7 @@ func main() { } } + ctx.Umask() if !ctx.CallNode( node, addrs, diff --git a/src/cmd/nncp-caller/main.go b/src/cmd/nncp-caller/main.go index 3f9ddca..e97ea85 100644 --- a/src/cmd/nncp-caller/main.go +++ b/src/cmd/nncp-caller/main.go @@ -66,6 +66,7 @@ func main() { if ctx.Self == nil { log.Fatalln("Config lacks private keys") } + ctx.Umask() var nodes []*nncp.Node if flag.NArg() > 0 { diff --git a/src/cmd/nncp-cfgnew/main.go b/src/cmd/nncp-cfgnew/main.go index a9bea4f..c7bb14e 100644 --- a/src/cmd/nncp-cfgnew/main.go +++ b/src/cmd/nncp-cfgnew/main.go @@ -68,6 +68,7 @@ func main() { noiseprv: %s noisepub: %s } + neigh: { self: { id: %s @@ -99,6 +100,8 @@ func main() { spool: %s # Path to log file log: %s + # Enforce specified umask usage + # umask: "022" # Enable notification email sending # notify: { @@ -122,6 +125,7 @@ func main() { noiseprv: %s noisepub: %s } + neigh: { self: { # You should give public keys below to your neighbours diff --git a/src/cmd/nncp-check/main.go b/src/cmd/nncp-check/main.go index bf48638..186357e 100644 --- a/src/cmd/nncp-check/main.go +++ b/src/cmd/nncp-check/main.go @@ -60,6 +60,7 @@ func main() { if err != nil { log.Fatalln("Error during initialization:", err) } + ctx.Umask() var nodeOnly *nncp.Node if *nodeRaw != "" { diff --git a/src/cmd/nncp-daemon/main.go b/src/cmd/nncp-daemon/main.go index 0f7e460..897dc06 100644 --- a/src/cmd/nncp-daemon/main.go +++ b/src/cmd/nncp-daemon/main.go @@ -124,6 +124,7 @@ func main() { if ctx.Self == nil { log.Fatalln("Config lacks private keys") } + ctx.Umask() if *inetd { os.Stderr.Close() diff --git a/src/cmd/nncp-exec/main.go b/src/cmd/nncp-exec/main.go index 39de8ab..54394e8 100644 --- a/src/cmd/nncp-exec/main.go +++ b/src/cmd/nncp-exec/main.go @@ -86,6 +86,7 @@ func main() { } nncp.ViaOverride(*viaOverride, ctx, node) + ctx.Umask() if err = ctx.TxExec( node, diff --git a/src/cmd/nncp-file/main.go b/src/cmd/nncp-file/main.go index 2e79333..f3572ca 100644 --- a/src/cmd/nncp-file/main.go +++ b/src/cmd/nncp-file/main.go @@ -93,6 +93,7 @@ func main() { } nncp.ViaOverride(*viaOverride, ctx, node) + ctx.Umask() var minSize int64 if *argMinSize < 0 { diff --git a/src/cmd/nncp-freq/main.go b/src/cmd/nncp-freq/main.go index 08adaf9..4332ff1 100644 --- a/src/cmd/nncp-freq/main.go +++ b/src/cmd/nncp-freq/main.go @@ -93,6 +93,7 @@ func main() { } nncp.ViaOverride(*viaOverride, ctx, node) + ctx.Umask() var dst string if flag.NArg() == 2 { diff --git a/src/cmd/nncp-reass/main.go b/src/cmd/nncp-reass/main.go index 7ca8db8..77a5f13 100644 --- a/src/cmd/nncp-reass/main.go +++ b/src/cmd/nncp-reass/main.go @@ -317,6 +317,8 @@ func main() { os.Exit(1) } + ctx.Umask() + if flag.NArg() > 0 { if process(ctx, flag.Arg(0), *keep, *dryRun, *stdout, *dumpMeta) { return diff --git a/src/cmd/nncp-rm/main.go b/src/cmd/nncp-rm/main.go index 74aa24c..765ed49 100644 --- a/src/cmd/nncp-rm/main.go +++ b/src/cmd/nncp-rm/main.go @@ -74,6 +74,7 @@ func main() { if err != nil { log.Fatalln("Error during initialization:", err) } + ctx.Umask() if *doTmp { err = filepath.Walk(filepath.Join(ctx.Spool, "tmp"), func(path string, info os.FileInfo, err error) error { diff --git a/src/cmd/nncp-stat/main.go b/src/cmd/nncp-stat/main.go index a173707..c03745a 100644 --- a/src/cmd/nncp-stat/main.go +++ b/src/cmd/nncp-stat/main.go @@ -77,6 +77,7 @@ func main() { } sort.Strings(nodeNames) + ctx.Umask() var node *nncp.Node for _, nodeName := range nodeNames { node = nodeNameToNode[nodeName] diff --git a/src/cmd/nncp-toss/main.go b/src/cmd/nncp-toss/main.go index 010d93e..3f31ff9 100644 --- a/src/cmd/nncp-toss/main.go +++ b/src/cmd/nncp-toss/main.go @@ -85,6 +85,8 @@ func main() { } } + ctx.Umask() + Cycle: isBad := false for nodeId, node := range ctx.Neigh { diff --git a/src/cmd/nncp-xfer/main.go b/src/cmd/nncp-xfer/main.go index db39008..fde1117 100644 --- a/src/cmd/nncp-xfer/main.go +++ b/src/cmd/nncp-xfer/main.go @@ -90,6 +90,7 @@ func main() { } } + ctx.Umask() selfPath := filepath.Join(flag.Arg(0), ctx.SelfId.String()) isBad := false var dir *os.File diff --git a/src/ctx.go b/src/ctx.go index 0030c70..3793bbb 100644 --- a/src/ctx.go +++ b/src/ctx.go @@ -25,6 +25,7 @@ import ( "path/filepath" "golang.org/x/sys/unix" + "syscall" ) type Ctx struct { @@ -35,6 +36,7 @@ type Ctx struct { Spool string LogPath string + UmaskForce *int Quiet bool Debug bool NotifyFile *FromToJSON @@ -113,3 +115,9 @@ func (ctx *Ctx) IsEnoughSpace(want int64) bool { } return int64(s.Bavail)*int64(s.Bsize) > want } + +func (ctx *Ctx) Umask() { + if ctx.UmaskForce != nil { + syscall.Umask(*ctx.UmaskForce) + } +} -- 2.44.0