util: use stat (not lstat) to check file permissions (#932)

For symlinks we should look at the permissions of the file itself rather than the permissions of the symlink.
2017-03-14 13:16:17 -07:00
parent 7f600c59ca
commit 33efe97f44
1 changed files with 3 additions and 1 deletions
--- a/dcos/util.py
+++ b/dcos/util.py
@@ -182,8 +182,10 @@ def enforce_file_permissions(path):
    if sys.platform == 'win32':
        return
    else:
-        permissions = oct(stat.S_IMODE(os.lstat(path).st_mode))
+        permissions = oct(stat.S_IMODE(os.stat(path).st_mode))
        if permissions not in ['0o600', '0600', '0o400', '0400']:
+            if os.path.realpath(path) != path:
+                path = '%s (pointed to by %s)' % (os.path.realpath(path), path)
            msg = (
                "Permissions '{}' for configuration file '{}' are too open. "
                "File must only be accessible by owner. "