コード例 #1
0
ファイル: Security.java プロジェクト: vroyer/elassandra
 /** returns dynamic Permissions to configured paths */
 static void addFilePermissions(Permissions policy, Environment environment) throws IOException {
   // read-only dirs
   addPath(policy, "path.home", environment.binFile(), "read,readlink");
   addPath(policy, "path.home", environment.libFile(), "read,readlink");
   addPath(policy, "path.plugins", environment.pluginsFile(), "read,readlink");
   addPath(policy, "path.conf", environment.configFile(), "read,readlink");
   addPath(policy, "path.scripts", environment.scriptsFile(), "read,readlink");
   // read-write dirs
   addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
   addPath(policy, "path.logs", environment.logsFile(), "read,readlink,write,delete");
   if (environment.sharedDataFile() != null) {
     addPath(
         policy, "path.shared_data", environment.sharedDataFile(), "read,readlink,write,delete");
   }
   for (Path path : environment.dataFiles()) {
     addPath(policy, "path.data", path, "read,readlink,write,delete");
   }
   for (Path path : environment.dataWithClusterFiles()) {
     addPath(policy, "path.data", path, "read,readlink,write,delete");
   }
   for (Path path : environment.repoFiles()) {
     addPath(policy, "path.repo", path, "read,readlink,write,delete");
   }
   if (environment.pidFile() != null) {
     // we just need permission to remove the file if its elsewhere.
     policy.add(new FilePermission(environment.pidFile().toString(), "delete"));
   }
 }
コード例 #2
0
 /** Adds access to all configurable paths. */
 static void addFilePermissions(Permissions policy, Environment environment) {
   // read-only dirs
   addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.binFile(), "read,readlink");
   addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.libFile(), "read,readlink");
   addPath(
       policy, Environment.PATH_HOME_SETTING.getKey(), environment.modulesFile(), "read,readlink");
   addPath(
       policy, Environment.PATH_HOME_SETTING.getKey(), environment.pluginsFile(), "read,readlink");
   addPath(
       policy, Environment.PATH_CONF_SETTING.getKey(), environment.configFile(), "read,readlink");
   addPath(
       policy,
       Environment.PATH_SCRIPTS_SETTING.getKey(),
       environment.scriptsFile(),
       "read,readlink");
   // read-write dirs
   addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
   addPath(
       policy,
       Environment.PATH_LOGS_SETTING.getKey(),
       environment.logsFile(),
       "read,readlink,write,delete");
   if (environment.sharedDataFile() != null) {
     addPath(
         policy,
         Environment.PATH_SHARED_DATA_SETTING.getKey(),
         environment.sharedDataFile(),
         "read,readlink,write,delete");
   }
   for (Path path : environment.dataFiles()) {
     addPath(policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
   }
   // TODO: this should be removed in ES 6.0! We will no longer support data paths with the cluster
   // as a folder
   assert Version.CURRENT.major < 6 : "cluster name is no longer used in data path";
   for (Path path : environment.dataWithClusterFiles()) {
     addPathIfExists(
         policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
   }
   for (Path path : environment.repoFiles()) {
     addPath(policy, Environment.PATH_REPO_SETTING.getKey(), path, "read,readlink,write,delete");
   }
   if (environment.pidFile() != null) {
     // we just need permission to remove the file if its elsewhere.
     policy.add(new FilePermission(environment.pidFile().toString(), "delete"));
   }
 }
コード例 #3
0
ファイル: PluginManager.java プロジェクト: vroyer/elassandra
 Path binDir(Environment env) {
   return env.binFile().resolve(name);
 }
コード例 #4
0
  void assertPlugin(String name, Path original, Environment env) throws IOException {
    Path got = env.pluginsFile().resolve(name);
    assertTrue("dir " + name + " exists", Files.exists(got));

    if (isPosix) {
      Set<PosixFilePermission> perms = Files.getPosixFilePermissions(got);
      assertThat(
          perms,
          containsInAnyOrder(
              PosixFilePermission.OWNER_READ,
              PosixFilePermission.OWNER_WRITE,
              PosixFilePermission.OWNER_EXECUTE,
              PosixFilePermission.GROUP_READ,
              PosixFilePermission.GROUP_EXECUTE,
              PosixFilePermission.OTHERS_READ,
              PosixFilePermission.OTHERS_EXECUTE));
    }

    assertTrue("jar was copied", Files.exists(got.resolve("plugin.jar")));
    assertFalse("bin was not copied", Files.exists(got.resolve("bin")));
    assertFalse("config was not copied", Files.exists(got.resolve("config")));
    if (Files.exists(original.resolve("bin"))) {
      Path binDir = env.binFile().resolve(name);
      assertTrue("bin dir exists", Files.exists(binDir));
      assertTrue("bin is a dir", Files.isDirectory(binDir));
      PosixFileAttributes binAttributes = null;
      if (isPosix) {
        binAttributes = Files.readAttributes(env.binFile(), PosixFileAttributes.class);
      }
      try (DirectoryStream<Path> stream = Files.newDirectoryStream(binDir)) {
        for (Path file : stream) {
          assertFalse("not a dir", Files.isDirectory(file));
          if (isPosix) {
            PosixFileAttributes attributes = Files.readAttributes(file, PosixFileAttributes.class);
            assertEquals(InstallPluginCommand.BIN_FILES_PERMS, attributes.permissions());
          }
        }
      }
    }
    if (Files.exists(original.resolve("config"))) {
      Path configDir = env.configFile().resolve(name);
      assertTrue("config dir exists", Files.exists(configDir));
      assertTrue("config is a dir", Files.isDirectory(configDir));

      UserPrincipal user = null;
      GroupPrincipal group = null;

      if (isPosix) {
        PosixFileAttributes configAttributes =
            Files.getFileAttributeView(env.configFile(), PosixFileAttributeView.class)
                .readAttributes();
        user = configAttributes.owner();
        group = configAttributes.group();

        PosixFileAttributes attributes =
            Files.getFileAttributeView(configDir, PosixFileAttributeView.class).readAttributes();
        assertThat(attributes.owner(), equalTo(user));
        assertThat(attributes.group(), equalTo(group));
      }

      try (DirectoryStream<Path> stream = Files.newDirectoryStream(configDir)) {
        for (Path file : stream) {
          assertFalse("not a dir", Files.isDirectory(file));

          if (isPosix) {
            PosixFileAttributes attributes = Files.readAttributes(file, PosixFileAttributes.class);
            if (user != null) {
              assertThat(attributes.owner(), equalTo(user));
            }
            if (group != null) {
              assertThat(attributes.group(), equalTo(group));
            }
          }
        }
      }
    }
    assertInstallCleaned(env);
  }