From b9b5fef89af51c66905de33e2436c063f4b09d36 Mon Sep 17 00:00:00 2001 From: James Page Date: Sat, 5 Apr 2014 09:38:12 +0100 Subject: [PATCH] Set permissions on generated ring files The use of NamedTemporaryFile creates rings with permissions 0600; however most installs probably generate the rings as root but the swift-proxy runs as user swift. Set the permissions on the generated ring to 0644 prior to rename so that the swift user can read the rings. Change-Id: Ia511931f471c5c9840012c3a75b89c1f35b1b245 Closes-Bug: #1302700 --- swift/common/ring/ring.py | 1 + test/unit/common/ring/test_ring.py | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/swift/common/ring/ring.py b/swift/common/ring/ring.py index 5b315285ac..a1f9024bc4 100644 --- a/swift/common/ring/ring.py +++ b/swift/common/ring/ring.py @@ -120,6 +120,7 @@ class RingData(object): tempf.flush() os.fsync(tempf.fileno()) tempf.close() + os.chmod(tempf.name, 0o644) os.rename(tempf.name, filename) def to_dict(self): diff --git a/test/unit/common/ring/test_ring.py b/test/unit/common/ring/test_ring.py index 04eb1b7cb5..1892d19923 100644 --- a/test/unit/common/ring/test_ring.py +++ b/test/unit/common/ring/test_ring.py @@ -18,6 +18,7 @@ import cPickle as pickle import os import sys import unittest +import stat from contextlib import closing from gzip import GzipFile from tempfile import mkdtemp @@ -98,6 +99,15 @@ class TestRingData(unittest.TestCase): with open(ring_fname2) as ring2: self.assertEqual(ring1.read(), ring2.read()) + def test_permissions(self): + ring_fname = os.path.join(self.testdir, 'stat.ring.gz') + rd = ring.RingData( + [array.array('H', [0, 1, 0, 1]), array.array('H', [0, 1, 0, 1])], + [{'id': 0, 'zone': 0}, {'id': 1, 'zone': 1}], 30) + rd.save(ring_fname) + self.assertEqual(oct(stat.S_IMODE(os.stat(ring_fname).st_mode)), + '0644') + class TestRing(unittest.TestCase):