From 05a66805cce74cd3b70fdf26825aff2baaea61b6 Mon Sep 17 00:00:00 2001
From: Gaius <gaius.qi@gmail.com>
Date: Wed, 9 Aug 2023 13:52:26 +0800
Subject: [PATCH] fix: directories created via os.MkdirAll are not checked for
permissions (#2613)
Signed-off-by: Gaius <gaius.qi@gmail.com>
---
client/config/dfcache.go | 2 +-
client/config/dfget.go | 2 +-
client/config/dfget_test.go | 6 +++---
client/config/peerhost_test.go | 2 +-
client/config/testdata/config/daemon.yaml | 2 +-
client/daemon/peer/peertask_manager_test.go | 2 +-
.../daemon/peer/peertask_stream_backsource_partial_test.go | 2 +-
client/daemon/peer/peertask_stream_resume_test.go | 2 +-
client/daemon/peer/piece_manager_test.go | 2 +-
client/daemon/peer/traffic_shaper_test.go | 2 +-
client/daemon/rpcserver/rpcserver.go | 2 +-
client/daemon/storage/const.go | 2 +-
cmd/dependency/doc_cmd.go | 2 +-
internal/dflog/loginit.go | 2 +-
pkg/cache/cache.go | 3 ++-
pkg/dfpath/dfpath.go | 6 +++---
pkg/dfpath/dfpath_darwin.go | 6 +++---
pkg/dfpath/dfpath_linux.go | 6 +++---
trainer/storage/storage_test.go | 2 +-
19 files changed, 28 insertions(+), 27 deletions(-)
diff --git a/client/config/dfcache.go b/client/config/dfcache.go
index a4f92c863e3..2e30722c84a 100644
--- a/client/config/dfcache.go
+++ b/client/config/dfcache.go
@@ -212,7 +212,7 @@ func (cfg *CacheOption) checkOutput() error {
}
outputDir, _ := path.Split(cfg.Output)
- if err := MkdirAll(outputDir, 0777, os.Getuid(), os.Getgid()); err != nil {
+ if err := MkdirAll(outputDir, 0700, os.Getuid(), os.Getgid()); err != nil {
return err
}
diff --git a/client/config/dfget.go b/client/config/dfget.go
index 094a13f778e..67ab0becadd 100644
--- a/client/config/dfget.go
+++ b/client/config/dfget.go
@@ -231,7 +231,7 @@ func (cfg *ClientOption) checkOutput() error {
return fmt.Errorf("path[%s] is not absolute path", cfg.Output)
}
outputDir, _ := path.Split(cfg.Output)
- if err := MkdirAll(outputDir, 0777, os.Getuid(), os.Getgid()); err != nil {
+ if err := MkdirAll(outputDir, 0700, os.Getuid(), os.Getgid()); err != nil {
return err
}
diff --git a/client/config/dfget_test.go b/client/config/dfget_test.go
index cba2ca0ee54..34885e5aaa6 100644
--- a/client/config/dfget_test.go
+++ b/client/config/dfget_test.go
@@ -27,7 +27,7 @@ import (
func TestMkdirAllRoot(t *testing.T) {
assert := testifyassert.New(t)
- err := MkdirAll("/", 0777, os.Getuid(), os.Getgid())
+ err := MkdirAll("/", 0700, os.Getuid(), os.Getgid())
assert.Nil(err, "mkdir should not return error")
}
@@ -114,13 +114,13 @@ func TestMkdirAll(t *testing.T) {
if !ok {
return
}
- assert.Nil(os.MkdirAll(tc.parent, 0777))
+ assert.Nil(os.MkdirAll(tc.parent, 0700))
defer func() {
// remove parent directory
assert.Nil(os.RemoveAll(tc.parent))
}()
- err := MkdirAll(tc.dir, 0777, tc.uid, tc.gid)
+ err := MkdirAll(tc.dir, 0700, tc.uid, tc.gid)
assert.Nil(err, "mkdir should not return error")
// check new directories' permission
diff --git a/client/config/peerhost_test.go b/client/config/peerhost_test.go
index e184438e181..0a1a78ca5e7 100644
--- a/client/config/peerhost_test.go
+++ b/client/config/peerhost_test.go
@@ -249,7 +249,7 @@ func TestPeerHostOption_Load(t *testing.T) {
},
Metrics: ":8000",
WorkHome: "/tmp/dragonfly/dfdaemon/",
- WorkHomeMode: 0755,
+ WorkHomeMode: 0700,
CacheDir: "/var/cache/dragonfly/",
CacheDirMode: 0700,
LogDir: "/var/log/dragonfly/",
diff --git a/client/config/testdata/config/daemon.yaml b/client/config/testdata/config/daemon.yaml
index 9ad880b7021..4537fc021c2 100644
--- a/client/config/testdata/config/daemon.yaml
+++ b/client/config/testdata/config/daemon.yaml
@@ -7,7 +7,7 @@ metrics: ":8000"
aliveTime: 0s
gcInterval: 1m0s
workHome: /tmp/dragonfly/dfdaemon/
-workHomeMode: 0755
+workHomeMode: 0700
cacheDir: /var/cache/dragonfly/
cacheDirMode: 0700
logDir: /var/log/dragonfly/
diff --git a/client/daemon/peer/peertask_manager_test.go b/client/daemon/peer/peertask_manager_test.go
index 783f4419c28..ad4825b8f9a 100644
--- a/client/daemon/peer/peertask_manager_test.go
+++ b/client/daemon/peer/peertask_manager_test.go
@@ -269,7 +269,7 @@ func setupPeerTaskManagerComponents(ctrl *gomock.Controller, opt componentsOptio
TaskExpireTime: util.Duration{
Duration: -1 * time.Second,
},
- }, func(request storage.CommonTaskRequest) {}, os.FileMode(0755))
+ }, func(request storage.CommonTaskRequest) {}, os.FileMode(0700))
return sched, storageManager
}
diff --git a/client/daemon/peer/peertask_stream_backsource_partial_test.go b/client/daemon/peer/peertask_stream_backsource_partial_test.go
index 817f82c7031..a62359e561a 100644
--- a/client/daemon/peer/peertask_stream_backsource_partial_test.go
+++ b/client/daemon/peer/peertask_stream_backsource_partial_test.go
@@ -225,7 +225,7 @@ func setupBackSourcePartialComponents(ctrl *gomock.Controller, testBytes []byte,
TaskExpireTime: util.Duration{
Duration: -1 * time.Second,
},
- }, func(request storage.CommonTaskRequest) {}, os.FileMode(0755))
+ }, func(request storage.CommonTaskRequest) {}, os.FileMode(0700))
return sched, storageManager
}
diff --git a/client/daemon/peer/peertask_stream_resume_test.go b/client/daemon/peer/peertask_stream_resume_test.go
index 4d613dfc342..ebd99ab0048 100644
--- a/client/daemon/peer/peertask_stream_resume_test.go
+++ b/client/daemon/peer/peertask_stream_resume_test.go
@@ -91,7 +91,7 @@ func setupResumeStreamTaskComponents(ctrl *gomock.Controller, opt componentsOpti
Duration: -1 * time.Second,
},
}, func(request storage.CommonTaskRequest) {},
- os.FileMode(0755))
+ os.FileMode(0700))
return sched, storageManager
}
diff --git a/client/daemon/peer/piece_manager_test.go b/client/daemon/peer/piece_manager_test.go
index 79cf7996ecb..8cf36356fc9 100644
--- a/client/daemon/peer/piece_manager_test.go
+++ b/client/daemon/peer/piece_manager_test.go
@@ -75,7 +75,7 @@ func TestPieceManager_DownloadSource(t *testing.T) {
TaskExpireTime: clientutil.Duration{
Duration: -1 * time.Second,
},
- }, func(request storage.CommonTaskRequest) {}, os.FileMode(0755))
+ }, func(request storage.CommonTaskRequest) {}, os.FileMode(0700))
hash := md5.New()
hash.Write(testBytes)
diff --git a/client/daemon/peer/traffic_shaper_test.go b/client/daemon/peer/traffic_shaper_test.go
index 1c2985f6628..d90512e33cc 100644
--- a/client/daemon/peer/traffic_shaper_test.go
+++ b/client/daemon/peer/traffic_shaper_test.go
@@ -231,7 +231,7 @@ func trafficShaperSetupPeerTaskManagerComponents(ctrl *gomock.Controller, opt tr
TaskExpireTime: util.Duration{
Duration: -1 * time.Second,
},
- }, func(request storage.CommonTaskRequest) {}, os.FileMode(0755))
+ }, func(request storage.CommonTaskRequest) {}, os.FileMode(0700))
return sched, storageManager
}
diff --git a/client/daemon/rpcserver/rpcserver.go b/client/daemon/rpcserver/rpcserver.go
index 5f2d9e164db..5e58a023708 100644
--- a/client/daemon/rpcserver/rpcserver.go
+++ b/client/daemon/rpcserver/rpcserver.go
@@ -1082,7 +1082,7 @@ func checkOutput(output string) error {
return fmt.Errorf("path[%s] is not absolute path", output)
}
outputDir, _ := path.Split(output)
- if err := config.MkdirAll(outputDir, 0777, os.Getuid(), os.Getgid()); err != nil {
+ if err := config.MkdirAll(outputDir, 0700, os.Getuid(), os.Getgid()); err != nil {
return err
}
diff --git a/client/daemon/storage/const.go b/client/daemon/storage/const.go
index 874219acddb..a834aa3c7e7 100644
--- a/client/daemon/storage/const.go
+++ b/client/daemon/storage/const.go
@@ -26,7 +26,7 @@ const (
taskMetadata = "metadata"
defaultFileMode = os.FileMode(0644)
- defaultDirectoryMode = os.FileMode(0755) // used unless overridden in config
+ defaultDirectoryMode = os.FileMode(0700) // used unless overridden in config
)
var (
diff --git a/cmd/dependency/doc_cmd.go b/cmd/dependency/doc_cmd.go
index 569b38c17da..70cc05745a1 100644
--- a/cmd/dependency/doc_cmd.go
+++ b/cmd/dependency/doc_cmd.go
@@ -59,7 +59,7 @@ func (g *genDocCommand) bindFlags() {
}
func (g *genDocCommand) runDoc() error {
- _ = os.MkdirAll(g.path, fs.FileMode(0755))
+ _ = os.MkdirAll(g.path, fs.FileMode(0700))
file, err := os.Stat(g.path)
if err != nil {
return err
diff --git a/internal/dflog/loginit.go b/internal/dflog/loginit.go
index 7881a8dd911..7105f7c377f 100644
--- a/internal/dflog/loginit.go
+++ b/internal/dflog/loginit.go
@@ -205,7 +205,7 @@ func createConsoleLogger(verbose bool) error {
func createFileLogger(verbose bool, meta []logInitMeta, logDir string) error {
levels = nil
// create parent dir first
- _ = os.MkdirAll(logDir, fs.FileMode(0755))
+ _ = os.MkdirAll(logDir, fs.FileMode(0700))
for _, m := range meta {
log, level, err := CreateLogger(path.Join(logDir, m.fileName), false, false, verbose)
diff --git a/pkg/cache/cache.go b/pkg/cache/cache.go
index b69182498b7..bbbb4fb61b5 100644
--- a/pkg/cache/cache.go
+++ b/pkg/cache/cache.go
@@ -20,6 +20,7 @@ import (
"encoding/gob"
"fmt"
"io"
+ "io/fs"
"os"
"path/filepath"
"runtime"
@@ -290,7 +291,7 @@ func (c *cache) Save(w io.Writer) (err error) {
// documentation for NewFrom().)
func (c *cache) SaveFile(fname string) error {
dir := filepath.Dir(fname)
- if err := os.MkdirAll(dir, os.ModePerm); err != nil {
+ if err := os.MkdirAll(dir, fs.FileMode(0700)); err != nil {
return err
}
diff --git a/pkg/dfpath/dfpath.go b/pkg/dfpath/dfpath.go
index 24380d9a47d..b3ab4f11d20 100644
--- a/pkg/dfpath/dfpath.go
+++ b/pkg/dfpath/dfpath.go
@@ -160,17 +160,17 @@ func New(options ...Option) (Dfpath, error) {
}
// Create log directory.
- if err := os.MkdirAll(d.logDir, fs.FileMode(0755)); err != nil {
+ if err := os.MkdirAll(d.logDir, fs.FileMode(0700)); err != nil {
cache.err = multierror.Append(cache.err, err)
}
// Create plugin directory.
- if err := os.MkdirAll(d.pluginDir, fs.FileMode(0755)); err != nil {
+ if err := os.MkdirAll(d.pluginDir, fs.FileMode(0700)); err != nil {
cache.err = multierror.Append(cache.err, err)
}
// Create unix socket directory.
- if err := os.MkdirAll(path.Dir(d.daemonSockPath), fs.FileMode(0755)); err != nil {
+ if err := os.MkdirAll(path.Dir(d.daemonSockPath), fs.FileMode(0700)); err != nil {
cache.err = multierror.Append(cache.err, err)
}
diff --git a/pkg/dfpath/dfpath_darwin.go b/pkg/dfpath/dfpath_darwin.go
index ff1549fa707..f5faa2b0041 100644
--- a/pkg/dfpath/dfpath_darwin.go
+++ b/pkg/dfpath/dfpath_darwin.go
@@ -26,12 +26,12 @@ import (
)
var DefaultWorkHome = filepath.Join(user.HomeDir(), ".dragonfly")
-var DefaultWorkHomeMode = os.FileMode(0755)
+var DefaultWorkHomeMode = os.FileMode(0700)
var DefaultCacheDir = filepath.Join(DefaultWorkHome, "cache")
-var DefaultCacheDirMode = os.FileMode(0755)
+var DefaultCacheDirMode = os.FileMode(0700)
var DefaultConfigDir = filepath.Join(DefaultWorkHome, "config")
var DefaultLogDir = filepath.Join(DefaultWorkHome, "logs")
var DefaultDataDir = filepath.Join(DefaultWorkHome, "data")
-var DefaultDataDirMode = os.FileMode(0755)
+var DefaultDataDirMode = os.FileMode(0700)
var DefaultPluginDir = filepath.Join(DefaultWorkHome, "plugins")
var DefaultDownloadUnixSocketPath = filepath.Join(DefaultWorkHome, "dfdaemon.sock")
diff --git a/pkg/dfpath/dfpath_linux.go b/pkg/dfpath/dfpath_linux.go
index 11a5935dc17..f85bfa6621b 100644
--- a/pkg/dfpath/dfpath_linux.go
+++ b/pkg/dfpath/dfpath_linux.go
@@ -21,12 +21,12 @@ package dfpath
import "os"
var DefaultWorkHome = "/usr/local/dragonfly"
-var DefaultWorkHomeMode = os.FileMode(0755)
+var DefaultWorkHomeMode = os.FileMode(0700)
var DefaultCacheDir = "/var/cache/dragonfly"
-var DefaultCacheDirMode = os.FileMode(0755)
+var DefaultCacheDirMode = os.FileMode(0700)
var DefaultConfigDir = "/etc/dragonfly"
var DefaultLogDir = "/var/log/dragonfly"
var DefaultDataDir = "/var/lib/dragonfly"
-var DefaultDataDirMode = os.FileMode(0755)
+var DefaultDataDirMode = os.FileMode(0700)
var DefaultPluginDir = "/usr/local/dragonfly/plugins"
var DefaultDownloadUnixSocketPath = "/var/run/dfdaemon.sock"
diff --git a/trainer/storage/storage_test.go b/trainer/storage/storage_test.go
index 3d798cb4cb5..2c298c87dd1 100644
--- a/trainer/storage/storage_test.go
+++ b/trainer/storage/storage_test.go
@@ -498,7 +498,7 @@ func TestStorage_Clear(t *testing.T) {
baseDir: os.TempDir(),
mock: func(t *testing.T, s Storage, baseDir string) {
s.(*storage).baseDir = filepath.Join(baseDir, "bae")
- if err := os.MkdirAll(s.(*storage).baseDir, os.ModePerm); err != nil {
+ if err := os.MkdirAll(s.(*storage).baseDir, fs.FileMode(0700)); err != nil {
t.Fatal(err)
}