Skip to content

Commit 53cb64c

Browse files
nearora-msftk8s-infra-cherrypick-robot
nearora-msft
authored and
k8s-infra-cherrypick-robot
committed
fix: only use the permission bits for chmod
1 parent bd3389a commit 53cb64c

File tree

2 files changed

+77
-15
lines changed

2 files changed

+77
-15
lines changed

pkg/blob/blob.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1092,9 +1092,11 @@ func chmodIfPermissionMismatch(targetPath string, mode os.FileMode) error {
10921092
return err
10931093
}
10941094
perm := info.Mode() & os.ModePerm
1095-
if perm != mode {
1096-
klog.V(2).Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), mode)
1097-
if err := os.Chmod(targetPath, mode); err != nil {
1095+
expectedPerms := mode & os.ModePerm
1096+
if perm != expectedPerms {
1097+
klog.V(2).Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), expectedPerms)
1098+
// only change the permission mode bits, keep the other bits as is
1099+
if err := os.Chmod(targetPath, (info.Mode()&^os.ModePerm)|os.FileMode(expectedPerms)); err != nil {
10981100
return err
10991101
}
11001102
} else {

pkg/blob/blob_test.go

Lines changed: 72 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1516,11 +1516,23 @@ func TestChmodIfPermissionMismatch(t *testing.T) {
15161516
_ = os.MkdirAll(permissionMismatchPath, os.FileMode(0721))
15171517
defer os.RemoveAll(permissionMismatchPath)
15181518

1519+
permissionMatchGidMismatchPath, _ := getWorkDirPath("permissionMatchGidMismatchPath")
1520+
_ = os.MkdirAll(permissionMatchGidMismatchPath, os.FileMode(0755))
1521+
_ = os.Chmod(permissionMatchGidMismatchPath, 0755|os.ModeSetgid) // Setgid bit is set
1522+
defer os.RemoveAll(permissionMatchGidMismatchPath)
1523+
1524+
permissionMismatchGidMismatch, _ := getWorkDirPath("permissionMismatchGidMismatch")
1525+
_ = os.MkdirAll(permissionMismatchGidMismatch, os.FileMode(0721))
1526+
_ = os.Chmod(permissionMismatchGidMismatch, 0721|os.ModeSetgid) // Setgid bit is set
1527+
defer os.RemoveAll(permissionMismatchGidMismatch)
1528+
15191529
tests := []struct {
1520-
desc string
1521-
path string
1522-
mode os.FileMode
1523-
expectedError error
1530+
desc string
1531+
path string
1532+
mode os.FileMode
1533+
expectedPerms os.FileMode
1534+
expectedGidBit bool
1535+
expectedError error
15241536
}{
15251537
{
15261538
desc: "Invalid path",
@@ -1529,16 +1541,52 @@ func TestChmodIfPermissionMismatch(t *testing.T) {
15291541
expectedError: fmt.Errorf("CreateFile invalid-path: The system cannot find the file specified"),
15301542
},
15311543
{
1532-
desc: "permission matching path",
1533-
path: permissionMatchingPath,
1534-
mode: 0755,
1535-
expectedError: nil,
1544+
desc: "permission matching path",
1545+
path: permissionMatchingPath,
1546+
mode: 0755,
1547+
expectedPerms: 0755,
1548+
expectedGidBit: false,
1549+
expectedError: nil,
15361550
},
15371551
{
1538-
desc: "permission mismatch path",
1539-
path: permissionMismatchPath,
1540-
mode: 0755,
1541-
expectedError: nil,
1552+
desc: "permission mismatch path",
1553+
path: permissionMismatchPath,
1554+
mode: 0755,
1555+
expectedPerms: 0755,
1556+
expectedGidBit: false,
1557+
expectedError: nil,
1558+
},
1559+
{
1560+
desc: "permission mismatch path",
1561+
path: permissionMismatchPath,
1562+
mode: 0755,
1563+
expectedPerms: 0755,
1564+
expectedGidBit: false,
1565+
expectedError: nil,
1566+
},
1567+
{
1568+
desc: "only match the permission mode bits",
1569+
path: permissionMatchGidMismatchPath,
1570+
mode: 0755,
1571+
expectedPerms: 0755,
1572+
expectedGidBit: true,
1573+
expectedError: nil,
1574+
},
1575+
{
1576+
desc: "only change the permission mode bits when gid is set",
1577+
path: permissionMismatchGidMismatch,
1578+
mode: 0755,
1579+
expectedPerms: 0755,
1580+
expectedGidBit: true,
1581+
expectedError: nil,
1582+
},
1583+
{
1584+
desc: "only change the permission mode bits when gid is not set but mode bits have gid set",
1585+
path: permissionMismatchPath,
1586+
mode: 02755,
1587+
expectedPerms: 0755,
1588+
expectedGidBit: false,
1589+
expectedError: nil,
15421590
},
15431591
}
15441592

@@ -1549,7 +1597,19 @@ func TestChmodIfPermissionMismatch(t *testing.T) {
15491597
t.Errorf("test[%s]: unexpected error: %v, expected error: %v", test.desc, err, test.expectedError)
15501598
}
15511599
}
1600+
1601+
if test.expectedError == nil {
1602+
info, _ := os.Lstat(test.path)
1603+
if test.expectedError == nil && (info.Mode()&os.ModePerm != test.expectedPerms) {
1604+
t.Errorf("test[%s]: unexpected perms: %v, expected perms: %v, ", test.desc, info.Mode()&os.ModePerm, test.expectedPerms)
1605+
}
1606+
1607+
if (info.Mode()&os.ModeSetgid != 0) != test.expectedGidBit {
1608+
t.Errorf("test[%s]: unexpected gid bit: %v, expected gid bit: %v", test.desc, info.Mode()&os.ModeSetgid != 0, test.expectedGidBit)
1609+
}
1610+
}
15521611
}
1612+
15531613
}
15541614

15551615
// getWorkDirPath returns the path to the current working directory

0 commit comments

Comments
 (0)