From a90647259962a164222a29d95a6552d2b65deb60 Mon Sep 17 00:00:00 2001 From: David Roberts Date: Fri, 18 Nov 2016 12:51:07 +0000 Subject: [PATCH 1/2] Set execute permissions for native plugin programs --- .../plugins/InstallPluginCommand.java | 20 +++++++++--- .../plugins/InstallPluginCommandTests.java | 31 +++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java b/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java index 43af643854e57..bbf783d4e85c8 100644 --- a/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java +++ b/core/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java @@ -47,9 +47,12 @@ import java.net.URLDecoder; import java.nio.charset.StandardCharsets; import java.nio.file.DirectoryStream; +import java.nio.file.FileVisitResult; import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.SimpleFileVisitor; import java.nio.file.StandardCopyOption; +import java.nio.file.attribute.BasicFileAttributes; import java.nio.file.attribute.PosixFileAttributeView; import java.nio.file.attribute.PosixFileAttributes; import java.nio.file.attribute.PosixFilePermission; @@ -493,15 +496,24 @@ private void install(Terminal terminal, boolean isBatch, Path tmpRoot, Environme } Files.move(tmpRoot, destination, StandardCopyOption.ATOMIC_MOVE); - try (DirectoryStream stream = Files.newDirectoryStream(destination)) { - for (Path pluginFile : stream) { + Files.walkFileTree(destination, new SimpleFileVisitor() { + @Override + public FileVisitResult visitFile(Path pluginFile, BasicFileAttributes attrs) throws IOException { if (Files.isDirectory(pluginFile)) { setFileAttributes(pluginFile, PLUGIN_DIR_PERMS); } else { - setFileAttributes(pluginFile, PLUGIN_FILES_PERMS); + // There can also be "bin" directories under the plugin directory, storing native code executables + Path parentDir = pluginFile.getParent().getFileName(); + if ("bin".equals(parentDir.toString())) { + setFileAttributes(pluginFile, BIN_FILES_PERMS); + } else { + setFileAttributes(pluginFile, PLUGIN_FILES_PERMS); + } } + return FileVisitResult.CONTINUE; } - } + }); + terminal.println("-> Installed " + info.getName()); } catch (Exception installProblem) { diff --git a/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java b/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java index 3bed3350f0f7f..ac5146e1edbec 100644 --- a/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java +++ b/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java @@ -477,6 +477,37 @@ public void testBinPermissions() throws Exception { } } + public void testPlatformBinPermissions() throws Exception { + assumeTrue("posix filesystem", isPosix); + Tuple env = createEnv(fs, temp); + Path pluginDir = createPluginDir(temp); + Path platformDir = pluginDir.resolve("platform"); + Path platformNameDir = platformDir.resolve("linux-x86_64"); + Path platformBinDir = platformNameDir.resolve("bin"); + Files.createDirectories(platformBinDir); + Path programFile = Files.createFile(platformBinDir.resolve("someprogram")); + try (PosixPermissionsResetter binAttrs = new PosixPermissionsResetter(programFile)) { + Set perms = binAttrs.getCopyPermissions(); + // make sure execute permissions are missing (they should be by default but just in case) + perms.remove(PosixFilePermission.OWNER_EXECUTE); + perms.remove(PosixFilePermission.GROUP_EXECUTE); + perms.remove(PosixFilePermission.OTHERS_EXECUTE); + binAttrs.setPermissions(perms); + } + String pluginZip = createPlugin("fake", pluginDir); + installPlugin(pluginZip, env.v1()); + assertPlugin("fake", pluginDir, env.v2()); + // check that the installed program has execute permissions, even though the one added to the plugin didn't + Path installedPlatformBinDir = env.v2().pluginsFile().resolve("fake").resolve("platform").resolve("linux-x86_64").resolve("bin"); + assertTrue(Files.isDirectory(installedPlatformBinDir)); + Path installedProgramFile = installedPlatformBinDir.resolve("someprogram"); + assertTrue(Files.isRegularFile(installedProgramFile)); + Set perms = Files.getPosixFilePermissions(installedProgramFile); + assertTrue(perms.contains(PosixFilePermission.OWNER_EXECUTE)); + assertTrue(perms.contains(PosixFilePermission.GROUP_EXECUTE)); + assertTrue(perms.contains(PosixFilePermission.OTHERS_EXECUTE)); + } + public void testConfig() throws Exception { Tuple env = createEnv(fs, temp); Path pluginDir = createPluginDir(temp); From 7d9ccc6e0966eca8376f92bc01c53cc9b2501b54 Mon Sep 17 00:00:00 2001 From: David Roberts Date: Mon, 21 Nov 2016 09:18:15 +0000 Subject: [PATCH 2/2] Assert permissions both before and after install --- .../plugins/InstallPluginCommandTests.java | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java b/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java index ac5146e1edbec..08ce0083ec2e2 100644 --- a/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java +++ b/qa/evil-tests/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java @@ -486,14 +486,11 @@ public void testPlatformBinPermissions() throws Exception { Path platformBinDir = platformNameDir.resolve("bin"); Files.createDirectories(platformBinDir); Path programFile = Files.createFile(platformBinDir.resolve("someprogram")); - try (PosixPermissionsResetter binAttrs = new PosixPermissionsResetter(programFile)) { - Set perms = binAttrs.getCopyPermissions(); - // make sure execute permissions are missing (they should be by default but just in case) - perms.remove(PosixFilePermission.OWNER_EXECUTE); - perms.remove(PosixFilePermission.GROUP_EXECUTE); - perms.remove(PosixFilePermission.OTHERS_EXECUTE); - binAttrs.setPermissions(perms); - } + // a file created with Files.createFile() should not have execute permissions + Set sourcePerms = Files.getPosixFilePermissions(programFile); + assertFalse(sourcePerms.contains(PosixFilePermission.OWNER_EXECUTE)); + assertFalse(sourcePerms.contains(PosixFilePermission.GROUP_EXECUTE)); + assertFalse(sourcePerms.contains(PosixFilePermission.OTHERS_EXECUTE)); String pluginZip = createPlugin("fake", pluginDir); installPlugin(pluginZip, env.v1()); assertPlugin("fake", pluginDir, env.v2()); @@ -502,10 +499,10 @@ public void testPlatformBinPermissions() throws Exception { assertTrue(Files.isDirectory(installedPlatformBinDir)); Path installedProgramFile = installedPlatformBinDir.resolve("someprogram"); assertTrue(Files.isRegularFile(installedProgramFile)); - Set perms = Files.getPosixFilePermissions(installedProgramFile); - assertTrue(perms.contains(PosixFilePermission.OWNER_EXECUTE)); - assertTrue(perms.contains(PosixFilePermission.GROUP_EXECUTE)); - assertTrue(perms.contains(PosixFilePermission.OTHERS_EXECUTE)); + Set installedPerms = Files.getPosixFilePermissions(installedProgramFile); + assertTrue(installedPerms.contains(PosixFilePermission.OWNER_EXECUTE)); + assertTrue(installedPerms.contains(PosixFilePermission.GROUP_EXECUTE)); + assertTrue(installedPerms.contains(PosixFilePermission.OTHERS_EXECUTE)); } public void testConfig() throws Exception {