def create_install_directory(self, spec):
_check_concrete(spec)
prefix = self.check_installed(spec)
if prefix:
raise InstallDirectoryAlreadyExistsError(prefix)
# Create install directory with properly configured permissions
# Cannot import at top of file
from spack.package_prefs import get_package_dir_permissions
from spack.package_prefs import get_package_group
# Each package folder can have its own specific permissions, while
# intermediate folders (arch/compiler) are set with full access to
# everyone (0o777) and install_tree root folder is the chokepoint
# for restricting global access.
# So, whoever has access to the install_tree is allowed to install
# packages for same arch/compiler and since no data is stored in
# intermediate folders, it does not represent a security threat.
group = get_package_group(spec)
perms = get_package_dir_permissions(spec)
perms_intermediate = 0o777
mkdirp(spec.prefix, mode=perms, mode_intermediate=perms_intermediate)
if group:
chgrp(spec.prefix, group)
# Need to reset the sticky group bit after chgrp
os.chmod(spec.prefix, perms)
mkdirp(self.metadata_path(spec), mode=perms)
self.write_spec(spec, self.spec_file_path(spec))
def set_permissions(path, perms, group=None):
# Preserve higher-order bits of file permissions
perms |= os.stat(path).st_mode & (st.S_ISUID | st.S_ISGID | st.S_ISVTX)
# Do not let users create world writable suid binaries
if perms & st.S_ISUID and perms & st.S_IWGRP:
raise InvalidPermissionsError(
"Attepting to set suid with world writable")
fs.chmod_x(path, perms)
if group:
fs.chgrp(path, group)
def create_install_directory(self, spec):
_check_concrete(spec)
prefix = self.check_installed(spec)
if prefix:
raise InstallDirectoryAlreadyExistsError(prefix)
# Create install directory with properly configured permissions
# Cannot import at top of file
from spack.package_prefs import get_package_dir_permissions
from spack.package_prefs import get_package_group
group = get_package_group(spec)
perms = get_package_dir_permissions(spec)
mkdirp(spec.prefix, mode=perms)
if group:
chgrp(spec.prefix, group)
# Need to reset the sticky group bit after chgrp
os.chmod(spec.prefix, perms)
mkdirp(self.metadata_path(spec), mode=perms)
self.write_spec(spec, self.spec_file_path(spec))
def create_install_directory(self, spec):
_check_concrete(spec)
prefix = self.check_installed(spec)
if prefix:
raise InstallDirectoryAlreadyExistsError(prefix)
# Create install directory with properly configured permissions
# Cannot import at top of file
from spack.package_prefs import get_package_dir_permissions
from spack.package_prefs import get_package_group
group = get_package_group(spec)
perms = get_package_dir_permissions(spec)
mkdirp(spec.prefix, mode=perms)
if group:
chgrp(spec.prefix, group)
# Need to reset the sticky group bit after chgrp
os.chmod(spec.prefix, perms)
mkdirp(self.metadata_path(spec), mode=perms)
self.write_spec(spec, self.spec_file_path(spec))