From 755b27e59818d3d123dfc4300e528d92f8b5d904 Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Sat, 5 Apr 2014 09:38:12 +0100
Subject: [PATCH] Set permissions on generated ring files
The use of NamedTemporaryFile creates rings with permissions 0600;
however most installs probably generate the rings as root but the
swift-proxy runs as user swift.
Set the permissions on the generated ring to 0644 prior to rename so
that the swift user can read the rings.
Change-Id: Ia511931f471c5c9840012c3a75b89c1f35b1b245
Closes-Bug: #1302700
---
swift/common/ring/ring.py | 1 +
test/unit/common/ring/test_ring.py | 10 ++++++++++
2 files changed, 11 insertions(+)
diff --git a/swift/common/ring/ring.py b/swift/common/ring/ring.py
index 5b31528..a1f9024 100644
--- a/swift/common/ring/ring.py
+++ b/swift/common/ring/ring.py
@@ -120,6 +120,7 @@ class RingData(object):
tempf.flush()
os.fsync(tempf.fileno())
tempf.close()
+ os.chmod(tempf.name, 0o644)
os.rename(tempf.name, filename)
def to_dict(self):
diff --git a/test/unit/common/ring/test_ring.py b/test/unit/common/ring/test_ring.py
index 04eb1b7..1892d19 100644
--- a/test/unit/common/ring/test_ring.py
+++ b/test/unit/common/ring/test_ring.py
@@ -18,6 +18,7 @@ import cPickle as pickle
import os
import sys
import unittest
+import stat
from contextlib import closing
from gzip import GzipFile
from tempfile import mkdtemp
@@ -98,6 +99,15 @@ class TestRingData(unittest.TestCase):
with open(ring_fname2) as ring2:
self.assertEqual(ring1.read(), ring2.read())
+ def test_permissions(self):
+ ring_fname = os.path.join(self.testdir, 'stat.ring.gz')
+ rd = ring.RingData(
+ [array.array('H', [0, 1, 0, 1]), array.array('H', [0, 1, 0, 1])],
+ [{'id': 0, 'zone': 0}, {'id': 1, 'zone': 1}], 30)
+ rd.save(ring_fname)
+ self.assertEqual(oct(stat.S_IMODE(os.stat(ring_fname).st_mode)),
+ '0644')
+
class TestRing(unittest.TestCase):