Beispiel #1
0
    def create_install_directory(self, spec):
        _check_concrete(spec)

        prefix = self.check_installed(spec)
        if prefix:
            raise InstallDirectoryAlreadyExistsError(prefix)

        # Create install directory with properly configured permissions
        # Cannot import at top of file
        from spack.package_prefs import get_package_dir_permissions
        from spack.package_prefs import get_package_group

        # Each package folder can have its own specific permissions, while
        # intermediate folders (arch/compiler) are set with full access to
        # everyone (0o777) and install_tree root folder is the chokepoint
        # for restricting global access.
        # So, whoever has access to the install_tree is allowed to install
        # packages for same arch/compiler and since no data is stored in
        # intermediate folders, it does not represent a security threat.
        group = get_package_group(spec)
        perms = get_package_dir_permissions(spec)
        perms_intermediate = 0o777

        mkdirp(spec.prefix, mode=perms, mode_intermediate=perms_intermediate)
        if group:
            chgrp(spec.prefix, group)
            # Need to reset the sticky group bit after chgrp
            os.chmod(spec.prefix, perms)

        mkdirp(self.metadata_path(spec), mode=perms)

        self.write_spec(spec, self.spec_file_path(spec))
Beispiel #2
0
def set_permissions(path, perms, group=None):
    # Preserve higher-order bits of file permissions
    perms |= os.stat(path).st_mode & (st.S_ISUID | st.S_ISGID | st.S_ISVTX)

    # Do not let users create world writable suid binaries
    if perms & st.S_ISUID and perms & st.S_IWGRP:
        raise InvalidPermissionsError(
            "Attepting to set suid with world writable")

    fs.chmod_x(path, perms)

    if group:
        fs.chgrp(path, group)
Beispiel #3
0
    def create_install_directory(self, spec):
        _check_concrete(spec)

        prefix = self.check_installed(spec)
        if prefix:
            raise InstallDirectoryAlreadyExistsError(prefix)

        # Create install directory with properly configured permissions
        # Cannot import at top of file
        from spack.package_prefs import get_package_dir_permissions
        from spack.package_prefs import get_package_group
        group = get_package_group(spec)
        perms = get_package_dir_permissions(spec)
        mkdirp(spec.prefix, mode=perms)
        if group:
            chgrp(spec.prefix, group)
            # Need to reset the sticky group bit after chgrp
            os.chmod(spec.prefix, perms)

        mkdirp(self.metadata_path(spec), mode=perms)
        self.write_spec(spec, self.spec_file_path(spec))
Beispiel #4
0
    def create_install_directory(self, spec):
        _check_concrete(spec)

        prefix = self.check_installed(spec)
        if prefix:
            raise InstallDirectoryAlreadyExistsError(prefix)

        # Create install directory with properly configured permissions
        # Cannot import at top of file
        from spack.package_prefs import get_package_dir_permissions
        from spack.package_prefs import get_package_group
        group = get_package_group(spec)
        perms = get_package_dir_permissions(spec)
        mkdirp(spec.prefix, mode=perms)
        if group:
            chgrp(spec.prefix, group)
            # Need to reset the sticky group bit after chgrp
            os.chmod(spec.prefix, perms)

        mkdirp(self.metadata_path(spec), mode=perms)
        self.write_spec(spec, self.spec_file_path(spec))