jstests/noPassthrough/umask.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

/*
 * This test makes sure that the log files created by the server correctly honor the server's umask
 * as set in SERVER-22829
 *
 * @tags: [ requires_wiredtiger ]
 */
(function() {
    'use strict';
    // We only test this on POSIX since that's the only platform where umasks make sense
    if (_isWindows()) {
        return;
    }

    const oldUmask = new Number(umask(0));
    jsTestLog("Setting umask to really permissive 000 mode, old mode was " + oldUmask.toString(8));

    const defaultUmask = Number.parseInt("600", 8);
    const permissiveUmask = Number.parseInt("666", 8);

    // Any files that have some explicit permissions set on them should be added to this list
    const exceptions = [
        // The lock file gets created with explicit 644 permissions
        'mongod.lock',
        // Mobile se files get created with 644 permissions when honoring the system umask
        'mobile.sqlite',
        'mobile.sqlite-shm',
        'mobile.sqlite-wal',
    ];

    let mongodOptions = MongoRunner.mongodOptions({
        useLogFiles: true,
        cleanData: true,
    });

    if (buildInfo()["modules"].some((mod) => {
            return mod == "enterprise";
        })) {
        mongodOptions.auditDestination = "file";
        mongodOptions.auditPath = mongodOptions.dbpath + "/audit.log";
        mongodOptions.auditFormat = "JSON";
    }

    const checkMask = (topDir, expected, honoringUmask) => {
        const maybeNot = honoringUmask ? "" : " not";
        const processDirectory = (dir) => {
            jsTestLog(`Checking ${dir}`);
            ls(dir).forEach((file) => {
                if (file.endsWith("/")) {
                    return processDirectory(file);
                } else if (exceptions.some((exception) => {
                               return file.endsWith(exception);
                           })) {
                    return;
                }
                const mode = new Number(getFileMode(file));
                const modeStr = mode.toString(8);
                const msg = `Mode for ${file} is ${modeStr} when${maybeNot} honoring system umask`;
                assert.eq(mode.valueOf(), expected, msg);
            });
        };

        processDirectory(topDir);
    };

    // First we start up the mongod normally, all the files except mongod.lock should have the mode
    // 0600
    let conn = MongoRunner.runMongod(mongodOptions);

    checkMask(conn.fullOptions.dbpath, defaultUmask, false);

    MongoRunner.stopMongod(conn);

    // Restart the mongod with honorSystemUmask, all files should have the mode 0666
    mongodOptions.setParameter = {honorSystemUmask: true};
    conn = MongoRunner.runMongod(mongodOptions);
    checkMask(conn.fullOptions.dbpath, permissiveUmask, false);

    MongoRunner.stopMongod(conn);
    umask(oldUmask.valueOf());
})();