diff options
| author | Thom May <thom@chef.io> | 2015-05-05 17:49:19 +0100 |
|---|---|---|
| committer | Thom May <thom@chef.io> | 2015-05-05 17:49:19 +0100 |
| commit | 25e05528231b32ed181f57c983d9a8161564571e (patch) | |
| tree | 55e70ed926278115f492bca95b97df86ace5adb0 | |
| parent | 8c92948746bc418fac09218814a9cfb9e4894b5d (diff) | |
| parent | 7204f72e91235fd52c6a97ed3169d31caf7235d1 (diff) | |
| download | chef-25e05528231b32ed181f57c983d9a8161564571e.tar.gz | |
Merge branch 'minshallj/keep_suid_bit' of https://github.com/minshallj/chef into minshallj-minshallj/keep_suid_bit
| -rw-r--r-- | lib/chef/file_access_control/unix.rb | 5 | ||||
| -rw-r--r-- | spec/support/shared/functional/securable_resource.rb | 18 |
2 files changed, 23 insertions, 0 deletions
diff --git a/lib/chef/file_access_control/unix.rb b/lib/chef/file_access_control/unix.rb index 472f30b752..52265f8f7e 100644 --- a/lib/chef/file_access_control/unix.rb +++ b/lib/chef/file_access_control/unix.rb @@ -197,6 +197,8 @@ class Chef # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.debug("found target_mode != current_mode, updating mode") return true + elsif suid_bit_set? and (should_update_group? or should_update_owner?) + return true else Chef::Log.debug("found target_mode == current_mode, not updating mode") # the user has specified a permission, but it matches the file, so behave idempotently @@ -280,6 +282,9 @@ class Chef return nil end + def suid_bit_set? + return target_mode & 04000 > 0 + end end end end diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb index e016bb685d..2af6ef3a67 100644 --- a/spec/support/shared/functional/securable_resource.rb +++ b/spec/support/shared/functional/securable_resource.rb @@ -231,6 +231,24 @@ shared_examples_for "a securable resource with existing target" do expect(resource.updated_by_last_action?).to eq(expect_updated?) end end + + describe "when setting the suid bit", :requires_root do + before do + @suid_mode = 04776 + resource.mode @suid_mode + resource.run_action(:create) + end + + it "should set the suid bit" do + expect(File.lstat(path).mode & 007777).to eq(@suid_mode & 007777) + end + + it "should retain the suid bit when updating the user" do + resource.user 1338 + resource.run_action(:create) + expect(File.lstat(path).mode & 007777).to eq(@suid_mode & 007777) + end + end end context "on Windows", :windows_only do |