def git_dir_wrong_perms(): submin_env = options.env_path() git_dir = options.env_path("git_dir") try: git_user = pwd.getpwnam(options.value("git_user")) except UnknownKeyError: return [] apache = www_user() wrong_permissions = [] checkdir = git_dir while checkdir != '/' and checkdir != submin_env: try: st = os.stat(checkdir) except OSError as e: if e.errno == errno.EACCES: wrong_permissions.append({ 'dir': checkdir, 'reason': 'unknown' }) else: if (st.st_uid != git_user.pw_uid or st.st_gid != apache.pw_gid or st.st_mode & 0o750 != 0o750) and (st.st_mode & 0o005 != 0o005): wrong_permissions.append({ 'dir': checkdir, 'reason': 'incorrect' }) checkdir = os.path.dirname(checkdir) return wrong_permissions
def git_dir_wrong_perms(): submin_env = options.env_path() git_dir = options.env_path("git_dir") try: git_user = pwd.getpwnam(options.value("git_user")) except UnknownKeyError: return [] apache = www_user() wrong_permissions = [] checkdir = git_dir while checkdir != "/" and checkdir != submin_env: try: st = os.stat(checkdir) except OSError as e: if e.errno == errno.EACCES: wrong_permissions.append({"dir": checkdir, "reason": "unknown"}) else: if (st.st_uid != git_user.pw_uid or st.st_gid != apache.pw_gid or st.st_mode & 0o750 != 0o750) and ( st.st_mode & 0o005 != 0o005 ): wrong_permissions.append({"dir": checkdir, "reason": "incorrect"}) checkdir = os.path.dirname(checkdir) return wrong_permissions
def git_repos_wrong_perms(git_dir): bad_dirs = [] ssh_dir = git_dir + '.ssh' git_user = pwd.getpwnam(options.value('git_user')) apache = www_user() for root, dirs, files in os.walk(git_dir.encode('utf-8')): for d in dirs: path = os.path.join(root, d) # skip .ssh dir if path == ssh_dir: continue st = os.stat(path) if stat.S_ISDIR(st.st_mode): user = pwd.getpwuid(st.st_uid) group = grp.getgrgid(st.st_gid) ingroup = group.gr_gid == apache.pw_gid or \ apache.pw_name in group.gr_mem if not ingroup or not st.st_mode & stat.S_ISGID or \ user.pw_name != git_user.pw_name: modestr = status.filemode(st.st_mode) relative = path[len(git_dir) + 1:] bad_dirs.append({ 'name': relative, 'mode': modestr, 'user': user.pw_name, 'group': group.gr_name }) return bad_dirs
def git_repos_wrong_perms(git_dir): bad_dirs = [] ssh_dir = git_dir + ".ssh" git_user = pwd.getpwnam(options.value("git_user")) apache = www_user() for root, dirs, files in os.walk(git_dir): for d in dirs: path = os.path.join(root, d) # skip .ssh dir if path == ssh_dir: continue st = os.stat(path) if stat.S_ISDIR(st.st_mode): user = pwd.getpwuid(st.st_uid) group = grp.getgrgid(st.st_gid) ingroup = group.gr_gid == apache.pw_gid or apache.pw_name in group.gr_mem if not ingroup or not st.st_mode & stat.S_ISGID or user.pw_name != git_user.pw_name: modestr = status.filemode(st.st_mode) relative = path[len(git_dir) + 1 :] bad_dirs.append({"name": relative, "mode": modestr, "user": user.pw_name, "group": group.gr_name}) return bad_dirs