From 274c855f009d1b90f92dc3f7f5d9b9c9783f8e18 Mon Sep 17 00:00:00 2001 From: Alex Dadgar Date: Tue, 4 Apr 2017 10:48:29 -0700 Subject: [PATCH] Add sticky bit to temp directory Fixes an issue where the Ruby runtime expects the sticky bit to be set on the temp directory. The sticky bit is commonly set on the temp directory since it is usually shared by many users. This change brings ours in line with that assumption. --- client/allocdir/alloc_dir.go | 6 +++--- client/allocdir/fs_unix.go | 4 ++-- client/allocdir/fs_windows.go | 2 +- client/allocdir/task_dir.go | 12 ++++++------ 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/client/allocdir/alloc_dir.go b/client/allocdir/alloc_dir.go index bec1d279ac2..bbdb6431798 100644 --- a/client/allocdir/alloc_dir.go +++ b/client/allocdir/alloc_dir.go @@ -40,7 +40,7 @@ var ( TaskSecrets = "secrets" // TaskDirs is the set of directories created in each tasks directory. - TaskDirs = []string{"tmp"} + TaskDirs = map[string]os.FileMode{"tmp": os.ModeSticky | 0777} ) type AllocDir struct { @@ -250,7 +250,7 @@ func (d *AllocDir) Build() error { } // Make the shared directory have non-root permissions. - if err := dropDirPermissions(d.SharedDir); err != nil { + if err := dropDirPermissions(d.SharedDir, os.ModePerm); err != nil { return err } @@ -260,7 +260,7 @@ func (d *AllocDir) Build() error { if err := os.MkdirAll(p, 0777); err != nil { return err } - if err := dropDirPermissions(p); err != nil { + if err := dropDirPermissions(p, os.ModePerm); err != nil { return err } } diff --git a/client/allocdir/fs_unix.go b/client/allocdir/fs_unix.go index bb245953716..648fce1adb6 100644 --- a/client/allocdir/fs_unix.go +++ b/client/allocdir/fs_unix.go @@ -28,8 +28,8 @@ var ( // dropDirPermissions gives full access to a directory to all users and sets // the owner to nobody. -func dropDirPermissions(path string) error { - if err := os.Chmod(path, 0777); err != nil { +func dropDirPermissions(path string, desired os.FileMode) error { + if err := os.Chmod(path, desired|0777); err != nil { return fmt.Errorf("Chmod(%v) failed: %v", path, err) } diff --git a/client/allocdir/fs_windows.go b/client/allocdir/fs_windows.go index 2984c5a22ad..de0fcec898c 100644 --- a/client/allocdir/fs_windows.go +++ b/client/allocdir/fs_windows.go @@ -51,7 +51,7 @@ func removeSecretDir(dir string) error { } // The windows version does nothing currently. -func dropDirPermissions(path string) error { +func dropDirPermissions(path string, desired os.FileMode) error { return nil } diff --git a/client/allocdir/task_dir.go b/client/allocdir/task_dir.go index 7e7a479c95e..4f2817e625c 100644 --- a/client/allocdir/task_dir.go +++ b/client/allocdir/task_dir.go @@ -66,7 +66,7 @@ func (t *TaskDir) Build(chrootCreated bool, chroot map[string]string, fsi cstruc } // Make the task directory have non-root permissions. - if err := dropDirPermissions(t.Dir); err != nil { + if err := dropDirPermissions(t.Dir, os.ModePerm); err != nil { return err } @@ -75,18 +75,18 @@ func (t *TaskDir) Build(chrootCreated bool, chroot map[string]string, fsi cstruc return err } - if err := dropDirPermissions(t.LocalDir); err != nil { + if err := dropDirPermissions(t.LocalDir, os.ModePerm); err != nil { return err } // Create the directories that should be in every task. - for _, dir := range TaskDirs { + for dir, perms := range TaskDirs { absdir := filepath.Join(t.Dir, dir) - if err := os.MkdirAll(absdir, 0777); err != nil { + if err := os.MkdirAll(absdir, perms); err != nil { return err } - if err := dropDirPermissions(absdir); err != nil { + if err := dropDirPermissions(absdir, perms); err != nil { return err } } @@ -110,7 +110,7 @@ func (t *TaskDir) Build(chrootCreated bool, chroot map[string]string, fsi cstruc return err } - if err := dropDirPermissions(t.SecretsDir); err != nil { + if err := dropDirPermissions(t.SecretsDir, os.ModePerm); err != nil { return err }