Merge pull request #100 from fly-apps/fix-lock-perms

davissp14 · web-flow · commit f815b66a963c · 2023-02-15T13:54:12.000-06:00
Fix lock file perms
diff --git a/internal/flypg/readonly.go b/internal/flypg/readonly.go
@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"github.com/fly-apps/postgres-flex/internal/flypg/admin"
+	"github.com/fly-apps/postgres-flex/internal/utils"
 )
 
 const (
@@ -101,6 +102,15 @@ func writeReadOnlyLock() error {
 		return err
 	}
 
+	pgUID, pgGID, err := utils.SystemUserIDs("postgres")
+	if err != nil {
+		return err
+	}
+
+	if err := os.Chown(readOnlyLockFile, pgUID, pgGID); err != nil {
+		return fmt.Errorf("failed to set readonly.lock owner: %s", err)
+	}
+
 	return nil
 }
 
diff --git a/internal/flypg/zombie.go b/internal/flypg/zombie.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/fly-apps/postgres-flex/internal/utils"
 	"github.com/jackc/pgx/v5"
 )
 
@@ -21,32 +22,43 @@ var (
 	ErrZombieDiagnosisUndecided = errors.New("unable to confirm we are the true primary")
 )
 
+const zombieLockFile = "/data/zombie.lock"
+
 func ZombieLockExists() bool {
-	_, err := os.Stat("/data/zombie.lock")
+	_, err := os.Stat(zombieLockFile)
 	if os.IsNotExist(err) {
 		return false
 	}
 	return true
 }
 
 func writeZombieLock(hostname string) error {
-	if err := os.WriteFile("/data/zombie.lock", []byte(hostname), 0644); err != nil {
+	if err := os.WriteFile(zombieLockFile, []byte(hostname), 0644); err != nil {
 		return err
 	}
 
+	pgUID, pgGID, err := utils.SystemUserIDs("postgres")
+	if err != nil {
+		return err
+	}
+
+	if err := os.Chown(zombieLockFile, pgUID, pgGID); err != nil {
+		return fmt.Errorf("failed to set zombie.lock owner: %s", err)
+	}
+
 	return nil
 }
 
 func RemoveZombieLock() error {
-	if err := os.Remove("/data/zombie.lock"); err != nil {
+	if err := os.Remove(zombieLockFile); err != nil {
 		return err
 	}
 
 	return nil
 }
 
 func ReadZombieLock() (string, error) {
-	body, err := os.ReadFile("/data/zombie.lock")
+	body, err := os.ReadFile(zombieLockFile)
 	if err != nil {
 		return "", err
 	}
diff --git a/internal/utils/shell.go b/internal/utils/shell.go
@@ -8,22 +8,31 @@ import (
 )
 
 func RunCommand(cmdStr string) error {
-	pgUser, err := user.Lookup("postgres")
+	pgUID, pgGID, err := SystemUserIDs("postgres")
 	if err != nil {
 		return err
 	}
+
+	cmd := exec.Command("sh", "-c", cmdStr)
+	cmd.SysProcAttr = &syscall.SysProcAttr{}
+	cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(pgUID), Gid: uint32(pgGID)}
+	_, err = cmd.Output()
+	return err
+}
+
+func SystemUserIDs(usr string) (int, int, error) {
+	pgUser, err := user.Lookup(usr)
+	if err != nil {
+		return 0, 0, err
+	}
 	pgUID, err := strconv.Atoi(pgUser.Uid)
 	if err != nil {
-		return err
+		return 0, 0, err
 	}
 	pgGID, err := strconv.Atoi(pgUser.Gid)
 	if err != nil {
-		return err
+		return 0, 0, err
 	}
 
-	cmd := exec.Command("sh", "-c", cmdStr)
-	cmd.SysProcAttr = &syscall.SysProcAttr{}
-	cmd.SysProcAttr.Credential = &syscall.Credential{Uid: uint32(pgUID), Gid: uint32(pgGID)}
-	_, err = cmd.Output()
-	return err
+	return pgUID, pgGID, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ import (`
`8`	`8`	`"time"`
`9`	`9`
`10`	`10`	`"github.com/fly-apps/postgres-flex/internal/flypg/admin"`
	`11`	`+ "github.com/fly-apps/postgres-flex/internal/utils"`
`11`	`12`	`)`
`12`	`13`
`13`	`14`	`const (`
`@@ -101,6 +102,15 @@ func writeReadOnlyLock() error {`
`101`	`102`	`return err`
`102`	`103`	`}`
`103`	`104`
	`105`	`+ pgUID, pgGID, err := utils.SystemUserIDs("postgres")`
	`106`	`+ if err != nil {`
	`107`	`+ return err`
	`108`	`+ }`
	`109`	`+`
	`110`	`+ if err := os.Chown(readOnlyLockFile, pgUID, pgGID); err != nil {`
	`111`	`+ return fmt.Errorf("failed to set readonly.lock owner: %s", err)`
	`112`	`+ }`
	`113`	`+`
`104`	`114`	`return nil`
`105`	`115`	`}`
`106`	`116`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"fmt"`
`7`	`7`	`"os"`
`8`	`8`
	`9`	`+ "github.com/fly-apps/postgres-flex/internal/utils"`
`9`	`10`	`"github.com/jackc/pgx/v5"`
`10`	`11`	`)`
`11`	`12`
`@@ -21,32 +22,43 @@ var (`
`21`	`22`	`ErrZombieDiagnosisUndecided = errors.New("unable to confirm we are the true primary")`
`22`	`23`	`)`
`23`	`24`
	`25`	`+const zombieLockFile = "/data/zombie.lock"`
	`26`	`+`
`24`	`27`	`func ZombieLockExists() bool {`
`25`		`- _, err := os.Stat("/data/zombie.lock")`
	`28`	`+ _, err := os.Stat(zombieLockFile)`
`26`	`29`	`if os.IsNotExist(err) {`
`27`	`30`	`return false`
`28`	`31`	`}`
`29`	`32`	`return true`
`30`	`33`	`}`
`31`	`34`
`32`	`35`	`func writeZombieLock(hostname string) error {`
`33`		`- if err := os.WriteFile("/data/zombie.lock", []byte(hostname), 0644); err != nil {`
	`36`	`+ if err := os.WriteFile(zombieLockFile, []byte(hostname), 0644); err != nil {`
`34`	`37`	`return err`
`35`	`38`	`}`
`36`	`39`
	`40`	`+ pgUID, pgGID, err := utils.SystemUserIDs("postgres")`
	`41`	`+ if err != nil {`
	`42`	`+ return err`
	`43`	`+ }`
	`44`	`+`
	`45`	`+ if err := os.Chown(zombieLockFile, pgUID, pgGID); err != nil {`
	`46`	`+ return fmt.Errorf("failed to set zombie.lock owner: %s", err)`
	`47`	`+ }`
	`48`	`+`
`37`	`49`	`return nil`
`38`	`50`	`}`
`39`	`51`
`40`	`52`	`func RemoveZombieLock() error {`
`41`		`- if err := os.Remove("/data/zombie.lock"); err != nil {`
	`53`	`+ if err := os.Remove(zombieLockFile); err != nil {`
`42`	`54`	`return err`
`43`	`55`	`}`
`44`	`56`
`45`	`57`	`return nil`
`46`	`58`	`}`
`47`	`59`
`48`	`60`	`func ReadZombieLock() (string, error) {`
`49`		`- body, err := os.ReadFile("/data/zombie.lock")`
	`61`	`+ body, err := os.ReadFile(zombieLockFile)`
`50`	`62`	`if err != nil {`
`51`	`63`	`return "", err`
`52`	`64`	`}`