Set permissions on generated ring files

The use of NamedTemporaryFile creates rings with permissions 0600; however most installs probably generate the rings as root but the swift-proxy runs as user swift. Set the permissions on the generated ring to 0644 prior to rename so that the swift user can read the rings. Change-Id: Ia511931f471c5c9840012c3a75b89c1f35b1b245 Closes-Bug: #1302700
2014-04-05 09:38:12 +01:00 · 2014-04-05 09:38:12 +01:00 · b9b5fef89a
parent 48a2848785
commit b9b5fef89a
2 changed files with 11 additions and 0 deletions
--- a/swift/common/ring/ring.py
+++ b/swift/common/ring/ring.py
@ -120,6 +120,7 @@ class RingData(object):
        tempf.flush()
        os.fsync(tempf.fileno())
        tempf.close()
+        os.chmod(tempf.name, 0o644)
        os.rename(tempf.name, filename)

    def to_dict(self):
--- a/test/unit/common/ring/test_ring.py
+++ b/test/unit/common/ring/test_ring.py
@ -18,6 +18,7 @@ import cPickle as pickle
 import os
 import sys
 import unittest
+import stat
 from contextlib import closing
 from gzip import GzipFile
 from tempfile import mkdtemp
@ -98,6 +99,15 @@ class TestRingData(unittest.TestCase):
            with open(ring_fname2) as ring2:
                self.assertEqual(ring1.read(), ring2.read())

+    def test_permissions(self):
+        ring_fname = os.path.join(self.testdir, 'stat.ring.gz')
+        rd = ring.RingData(
+            [array.array('H', [0, 1, 0, 1]), array.array('H', [0, 1, 0, 1])],
+            [{'id': 0, 'zone': 0}, {'id': 1, 'zone': 1}], 30)
+        rd.save(ring_fname)
+        self.assertEqual(oct(stat.S_IMODE(os.stat(ring_fname).st_mode)),
+                         '0644')
+

 class TestRing(unittest.TestCase):