2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2021-06-17 17:04:21 +00:00
|
|
|
package diagnose
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"io/fs"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
FileIsSymlinkWarning = "raft storage backend file is a symlink"
|
|
|
|
FileTooPermissiveWarning = "too many permissions"
|
|
|
|
FilePermissionsMissingWarning = "owner or group needs read and write permissions"
|
|
|
|
)
|
|
|
|
|
|
|
|
func IsDir(info fs.FileInfo) bool {
|
|
|
|
if info.Mode().IsDir() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func HasDB(path string) bool {
|
|
|
|
dbPath := filepath.Join(path, DatabaseFilename)
|
|
|
|
if _, err := os.Stat(dbPath); os.IsNotExist(err) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// CheckFilePerms checks if the specified file does not have other permissions, and
|
|
|
|
// whether the specified file just has owner rw permissions.
|
|
|
|
func CheckFilePerms(info fs.FileInfo) (bool, []string) {
|
|
|
|
var errors []string
|
|
|
|
mode := info.Mode()
|
|
|
|
hasOnlyOwnerRW := false
|
|
|
|
hasOwnerRead := false
|
|
|
|
hasOwnerWrite := false
|
|
|
|
hasSomeRead := false
|
|
|
|
hasSomeWrite := false
|
|
|
|
|
|
|
|
// Check owner perms
|
2022-01-27 18:06:34 +00:00
|
|
|
if mode&0o400 != 0 {
|
2021-06-17 17:04:21 +00:00
|
|
|
hasSomeRead = true
|
|
|
|
hasOwnerRead = true
|
|
|
|
}
|
2022-01-27 18:06:34 +00:00
|
|
|
if mode&0o200 != 0 {
|
2021-06-17 17:04:21 +00:00
|
|
|
hasSomeWrite = true
|
|
|
|
hasOwnerWrite = true
|
|
|
|
}
|
|
|
|
|
|
|
|
if hasOwnerRead && hasOwnerWrite {
|
|
|
|
hasOnlyOwnerRW = true
|
|
|
|
}
|
|
|
|
|
|
|
|
// These are "other" perms.
|
|
|
|
// These don't count has "some read" or "some write" permissions because there should
|
|
|
|
// never be a case when these permissions are set.
|
2022-01-27 18:06:34 +00:00
|
|
|
if mode&0o007 != 0 {
|
2021-06-17 17:04:21 +00:00
|
|
|
hasOnlyOwnerRW = false
|
|
|
|
errors = append(errors, fmt.Sprintf(FileTooPermissiveWarning+": perms are %s", mode.String()))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check group permissions
|
2022-01-27 18:06:34 +00:00
|
|
|
if mode&0o040 != 0 {
|
2021-06-17 17:04:21 +00:00
|
|
|
hasOnlyOwnerRW = false
|
|
|
|
hasSomeRead = true
|
|
|
|
}
|
2022-01-27 18:06:34 +00:00
|
|
|
if mode&0o020 != 0 {
|
2021-06-17 17:04:21 +00:00
|
|
|
hasOnlyOwnerRW = false
|
|
|
|
hasSomeWrite = true
|
|
|
|
}
|
|
|
|
|
2022-01-27 18:06:34 +00:00
|
|
|
// check that owners have read and write permissions
|
2021-06-17 17:04:21 +00:00
|
|
|
if !hasSomeRead || !hasSomeWrite {
|
|
|
|
errors = append(errors, fmt.Sprintf(FilePermissionsMissingWarning+": perms are %s", mode.String()))
|
|
|
|
}
|
|
|
|
|
|
|
|
if mode&os.ModeSymlink != 0 {
|
|
|
|
errors = append(errors, FileIsSymlinkWarning)
|
|
|
|
}
|
|
|
|
|
|
|
|
if hasOnlyOwnerRW {
|
|
|
|
return true, errors
|
|
|
|
}
|
|
|
|
return false, errors
|
|
|
|
}
|