File provider: fix sticky bits management / preservationlcg/fix-sticky-bits

Looks to be an at least 5 year old bug here dealing with how POSIX
strips sticky bits off of files on a chown/chgrp.

closes #7711

Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>

1 files changed, 5 insertions, 4 deletions

diff --git a/lib/chef/file_content_management/deploy/mv_unix.rb b/lib/chef/file_content_management/deploy/mv_unix.rb
index cbc9b903a8..dbf58914d5 100644
--- a/lib/chef/file_content_management/deploy/mv_unix.rb
+++ b/lib/chef/file_content_management/deploy/mv_unix.rb
@@ -1,6 +1,6 @@
 #
 # Author:: Lamont Granquist (<lamont@chef.io>)
-# Copyright:: Copyright 2013-2016, Chef Software Inc.
+# Copyright:: Copyright 2013-2018, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -44,9 +44,6 @@ class Chef
 
           Chef::Log.trace("Applying mode = #{mode.to_s(8)}, uid = #{uid}, gid = #{gid} to #{src}")
 
-          # i own the inode, so should be able to at least chmod it
-          ::File.chmod(mode, src)
-
           # we may be running as non-root in which case because we are doing an mv we cannot preserve
           # the file modes.  after the mv we have a different inode and if we don't have rights to
           # chown/chgrp on the inode then we can't fix the ownership.
@@ -67,6 +64,10 @@ class Chef
             Chef::Log.warn("Could not set gid = #{gid} on #{src}, file modes not preserved")
           end
 
+          # i own the inode, so should be able to at least chmod it
+          # NOTE: this must come last due to POSIX stripping sticky mode bits on chown/chgrp
+          ::File.chmod(mode, src)
+
           Chef::Log.trace("Moving temporary file #{src} into place at #{dst}")
           FileUtils.mv(src, dst)
         end