Fix config directory permission validation

Directories were reported as read-only as soon as the effective uid didn't the match directory owner. Rewrite permission validation to properly support UNIX permissions. Does not support for Access Control Lists. Fixes #87
2022-01-20 18:46:47 +01:00 · 2022-01-20 18:46:47 +01:00 · 6071f4e96d
parent 251cac14de
commit 6071f4e96d
1 changed files with 23 additions and 7 deletions
--- a/utils/utils_custom.go
+++ b/utils/utils_custom.go
@ -22,19 +22,35 @@ func DirWritable(path string) (bool, error) {
 		return false, errors.New("path isn't a directory")
 	}

-	if info.Mode().Perm()&(1<<(uint(7))) == 0 {
-		return false, errors.New("write permission bit is not set on this file for user")
-	}
-
 	var stat syscall.Stat_t
 	if err = syscall.Stat(path, &stat); err != nil {
 		return false, errors.New("unable to get stat")
 	}

-	if uint32(os.Geteuid()) != stat.Uid {
-		return false, errors.New("user doesn't have permission to write to this directory")
+	if uint32(os.Geteuid()) == stat.Uid {
+		if info.Mode().Perm()&(1<<7) != 0 {
+			// owner matches and has write permissions
+			return true, nil
+		} else {
+			return false, errors.New("owner doesn't have write permissions for this path")
+		}
 	}
-	return true, nil
+
+	if uint32(os.Getegid()) == stat.Gid {
+		if info.Mode().Perm()&(1<<4) != 0 {
+			// group matches and has write permissions
+			return true, nil
+		} else {
+			return false, errors.New("group doesn't have write permissions for this path")
+		}
+	}
+
+	if info.Mode().Perm()&(1<<1) != 0 {
+		// all users have write permissions
+		return true, nil
+	}
+
+	return false, errors.New("user doesn't have write permissions for this path")
 }

 func Ping(address string, secondsTimeout int) (int64, error) {