diff options
author | Jacob Minshall <minshalljg@gmail.com> | 2015-02-22 12:00:21 -0800 |
---|---|---|
committer | Jacob Minshall <minshalljg@gmail.com> | 2015-03-17 12:45:42 -0700 |
commit | c76b988f83ea3cbaa5dd773577265ec5382a9a90 (patch) | |
tree | 277868a9b9c51a135c7e61a024df900b39183101 /lib | |
parent | a7f5c92960aedf8d5bfc71abbce430ab075e016a (diff) | |
download | chef-c76b988f83ea3cbaa5dd773577265ec5382a9a90.tar.gz |
update mode if group or owner change to keep suid bit
On Linux updating the group or owner unsets the suid bit for security
reasons, so check for group and owner updates whether or not to set the
mode.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/file_access_control/unix.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/chef/file_access_control/unix.rb b/lib/chef/file_access_control/unix.rb index 472f30b752..52265f8f7e 100644 --- a/lib/chef/file_access_control/unix.rb +++ b/lib/chef/file_access_control/unix.rb @@ -197,6 +197,8 @@ class Chef # the user has specified a permission, and it does not match the file, so fix the permission Chef::Log.debug("found target_mode != current_mode, updating mode") return true + elsif suid_bit_set? and (should_update_group? or should_update_owner?) + return true else Chef::Log.debug("found target_mode == current_mode, not updating mode") # the user has specified a permission, but it matches the file, so behave idempotently @@ -280,6 +282,9 @@ class Chef return nil end + def suid_bit_set? + return target_mode & 04000 > 0 + end end end end |