Skip to content

Commit a1d1768

Browse files
nearora-msftk8s-infra-cherrypick-robot
nearora-msft
authored and
k8s-infra-cherrypick-robot
committed
fix: only use the permission bits for chmod
1 parent a4ef626 commit a1d1768

File tree

2 files changed

+69
-15
lines changed

2 files changed

+69
-15
lines changed

pkg/azurefile/utils.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -244,9 +244,11 @@ func chmodIfPermissionMismatch(targetPath string, mode os.FileMode) error {
244244
return err
245245
}
246246
perm := info.Mode() & os.ModePerm
247-
if perm != mode {
248-
klog.V(2).Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), mode)
249-
if err := os.Chmod(targetPath, mode); err != nil {
247+
expectedPerms := mode & os.ModePerm
248+
if perm != expectedPerms {
249+
klog.V(2).Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), expectedPerms)
250+
// only change the permission mode bits, keep the other bits as is
251+
if err := os.Chmod(targetPath, (info.Mode()&^os.ModePerm)|os.FileMode(expectedPerms)); err != nil {
250252
return err
251253
}
252254
} else {

pkg/azurefile/utils_test.go

Lines changed: 64 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -440,11 +440,23 @@ func TestChmodIfPermissionMismatch(t *testing.T) {
440440
_ = makeDir(permissionMismatchPath, 0721)
441441
defer os.RemoveAll(permissionMismatchPath)
442442

443+
permissionMatchGidMismatchPath, _ := getWorkDirPath("permissionMatchGidMismatchPath")
444+
_ = makeDir(permissionMatchGidMismatchPath, 0755)
445+
_ = os.Chmod(permissionMatchGidMismatchPath, 0755|os.ModeSetgid) // Setgid bit is set
446+
defer os.RemoveAll(permissionMatchGidMismatchPath)
447+
448+
permissionMismatchGidMismatch, _ := getWorkDirPath("permissionMismatchGidMismatch")
449+
_ = makeDir(permissionMismatchGidMismatch, 0721)
450+
_ = os.Chmod(permissionMismatchGidMismatch, 0721|os.ModeSetgid) // Setgid bit is set
451+
defer os.RemoveAll(permissionMismatchGidMismatch)
452+
443453
tests := []struct {
444-
desc string
445-
path string
446-
mode os.FileMode
447-
expectedError error
454+
desc string
455+
path string
456+
mode os.FileMode
457+
expectedPerms os.FileMode
458+
expectedGidBit bool
459+
expectedError error
448460
}{
449461
{
450462
desc: "Invalid path",
@@ -453,16 +465,44 @@ func TestChmodIfPermissionMismatch(t *testing.T) {
453465
expectedError: fmt.Errorf("CreateFile invalid-path: The system cannot find the file specified"),
454466
},
455467
{
456-
desc: "permission matching path",
457-
path: permissionMatchingPath,
458-
mode: 0755,
459-
expectedError: nil,
468+
desc: "permission matching path",
469+
path: permissionMatchingPath,
470+
mode: 0755,
471+
expectedPerms: 0755,
472+
expectedGidBit: false,
473+
expectedError: nil,
460474
},
461475
{
462-
desc: "permission mismatch path",
463-
path: permissionMismatchPath,
464-
mode: 0755,
465-
expectedError: nil,
476+
desc: "permission mismatch path",
477+
path: permissionMismatchPath,
478+
mode: 0755,
479+
expectedPerms: 0755,
480+
expectedGidBit: false,
481+
expectedError: nil,
482+
},
483+
{
484+
desc: "only match the permission mode bits",
485+
path: permissionMatchGidMismatchPath,
486+
mode: 0755,
487+
expectedPerms: 0755,
488+
expectedGidBit: true,
489+
expectedError: nil,
490+
},
491+
{
492+
desc: "only change the permission mode bits when gid is set",
493+
path: permissionMismatchGidMismatch,
494+
mode: 0755,
495+
expectedPerms: 0755,
496+
expectedGidBit: true,
497+
expectedError: nil,
498+
},
499+
{
500+
desc: "only change the permission mode bits when gid is not set but mode bits have gid set",
501+
path: permissionMismatchPath,
502+
mode: 02755,
503+
expectedPerms: 0755,
504+
expectedGidBit: false,
505+
expectedError: nil,
466506
},
467507
}
468508

@@ -473,6 +513,18 @@ func TestChmodIfPermissionMismatch(t *testing.T) {
473513
t.Errorf("test[%s]: unexpected error: %v, expected error: %v", test.desc, err, test.expectedError)
474514
}
475515
}
516+
517+
if test.expectedError == nil {
518+
info, _ := os.Lstat(test.path)
519+
if test.expectedError == nil && (info.Mode()&os.ModePerm != test.expectedPerms) {
520+
t.Errorf("test[%s]: unexpected perms: %v, expected perms: %v, ", test.desc, info.Mode()&os.ModePerm, test.expectedPerms)
521+
}
522+
523+
if (info.Mode()&os.ModeSetgid != 0) != test.expectedGidBit {
524+
t.Errorf("test[%s]: unexpected gid bit: %v, expected gid bit: %v", test.desc, info.Mode()&os.ModeSetgid != 0, test.expectedGidBit)
525+
}
526+
}
527+
476528
}
477529
}
478530

0 commit comments

Comments
 (0)