jstests/noPassthrough/configExpand_exec_permissions.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

// Test config file expansion using EXEC when permissions are too loose.
// Ideally, we'd also check for foreign ownership here,
// but that's impractical in a test suite where we're not running as root.

(function() {
    'use strict';

    if (_isWindows()) {
        print("Skipping test on windows");
        return;
    }

    load('jstests/noPassthrough/libs/configExpand/lib.js');

    const sicReflect = {setParameter: {scramIterationCount: {__exec: makeReflectionCmd('12345')}}};

    // Positive test just to be sure this works in a basic case before testing negatives.
    configExpandSuccess(sicReflect, null, {configExpand: 'exec', chmod: 0o600});

    // Still successful if readable by others, but not writable.
    configExpandSuccess(sicReflect, null, {configExpand: 'exec', chmod: 0o644});

    // Fail if writable by others.
    const expect = /is writable by non-owner users/;
    configExpandFailure(sicReflect, expect, {configExpand: 'exec', chmod: 0o666});
    configExpandFailure(sicReflect, expect, {configExpand: 'exec', chmod: 0o622});
    configExpandFailure(sicReflect, expect, {configExpand: 'exec', chmod: 0o660});
    configExpandFailure(sicReflect, expect, {configExpand: 'exec', chmod: 0o606});

    // Explicitly world-readable/writable config file without expansions should be fine.
    configExpandSuccess({}, null, {configExpand: 'none', chmod: 0o666});
})();