[Kimchi-devel] [RFC][PATCH V4 1/4] add a method to probe the permission as qemu user
Zhou Zheng Sheng
zhshzhou at linux.vnet.ibm.com
Tue Mar 11 06:14:32 UTC 2014
Reviewed-by: Zhou Zheng Sheng <zhshzhou at linux.vnet.ibm.com>
on 2014/03/11 14:08, shaohef at linux.vnet.ibm.com wrote:
> From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
>
> Now we need to check the 'qemu' user can open an iso files.
>
> This patch is used to check 'qemu' user has permission to open a file.
>
> Test this patch:
> $ mkdir -p a/b/c
> $ touch a/b/c/f
> $ chmod o-x a/b/c
> $ sudo PYTHONPATH=src python -c '
> from kimchi.utils import probe_file_permission_as_user
> print probe_file_permission_as_user("a/b/c/f", "qemu")'
>
> It will return False
> change another user, it may return True
>
> Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
> Signed-off-by: Royce Lv <lvroyce at linux.vnet.ibm.com>
> ---
> src/kimchi/utils.py | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/src/kimchi/utils.py b/src/kimchi/utils.py
> index 7b15d7f..6c29e0e 100644
> --- a/src/kimchi/utils.py
> +++ b/src/kimchi/utils.py
> @@ -19,11 +19,15 @@
> #
>
> import cherrypy
> +import grp
> import os
> import psutil
> +import pwd
> import re
> import subprocess
> +import traceback
> import urllib2
> +from multiprocessing import Process, Queue
> from threading import Timer
>
> from cherrypy.lib.reprconf import Parser
> @@ -236,3 +240,25 @@ def run_setfacl_set_attr(path, attr="r", user=""):
> set_user = ["setfacl", "--modify", "user:%s:%s" % (user, attr), path]
> out, error, ret = run_command(set_user)
> return ret == 0
> +
> +
> +def probe_file_permission_as_user(file, user):
> + def probe_permission(q, file, user):
> + uid = pwd.getpwnam(user).pw_uid
> + gid = pwd.getpwnam(user).pw_gid
> + gids = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
> + os.setgid(gid)
> + os.setgroups(gids)
> + os.setuid(uid)
> + try:
> + with open(file):
> + q.put((True, None))
> + except Exception as e:
> + kimchi_log.debug(traceback.format_exc())
> + q.put((False, e))
> +
> + queue = Queue()
> + p = Process(target=probe_permission, args=(queue, file, user))
> + p.start()
> + p.join()
> + return queue.get()
>
--
Thanks and best regards!
Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou at linux.vnet.ibm.com
Telephone: 86-10-82454397
More information about the Kimchi-devel
mailing list