From: ShaoHe Feng <shaohef@linux.vnet.ibm.com> Now we need to check the 'qemu' user can open an iso files. This patch is used to 'qemu' user has permission to open a file. Test this patch: $ mkdir -p a/b/c $ touch a/b/c/f $ chmod o-x a/b/c $ sudo PYTHONPATH=src python -c ' from kimchi.utils import probe_file_permission_as_user print probe_file_permission_as_user("a/b/c/f", "qemu")' It will return False change another user, it may return True Signed-off-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> --- src/kimchi/utils.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/kimchi/utils.py b/src/kimchi/utils.py index 7b15d7f..bf48236 100644 --- a/src/kimchi/utils.py +++ b/src/kimchi/utils.py @@ -19,12 +19,16 @@ # import cherrypy +import grp +from multiprocessing import Process, Queue import os import psutil +import pwd import re import subprocess import urllib2 from threading import Timer +import traceback from cherrypy.lib.reprconf import Parser @@ -236,3 +240,25 @@ def run_setfacl_set_attr(path, attr="r", user=""): set_user = ["setfacl", "--modify", "user:%s:%s" % (user, attr), path] out, error, ret = run_command(set_user) return ret == 0 + + +def probe_file_permission_as_user(file, user): + def probe_permission(q, file, user): + uid = pwd.getpwnam(user).pw_uid + gid = pwd.getpwnam(user).pw_gid + gids = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem] + os.setgid(gid) + os.setgroups(gids) + os.setuid(uid) + try: + with open(file): + q.put((True, None)) + except Exception as e: + kimchi_log.error(traceback.format_exc()) + q.put((False, e)) + + queue = Queue() + p = Process(target=probe_permission, args=(queue, file, user)) + p.start() + p.join() + return queue.get() -- 1.8.4.2