Commit e480e17b authored by paz's avatar paz

Show a notice to check permissions if cli-command was invoked as root.

parent b11a03cc
Pipeline #14702 passed with stages
in 12 minutes and 59 seconds
......@@ -25,6 +25,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
* Use schleuder.org as website and team@schleuder.org as contact email.
* Check environment variable if code coverage check should be executed. (#342)
* Transform GPG fingerprints to upper case before saving to database. (#327)
* CLI-commands that (potentially) change data now remind the system admin to check file system permission if the command was run with root privileges. (#326)
## [3.2.2] / 2018-02-06
......
......@@ -62,11 +62,13 @@ module Schleuder
list.logger.notify_admin(msg, nil, I18n.t('check_keys'))
end
end
permission_notice
end
desc 'refresh_keys [list1@example.com]', "Refresh all keys of all list from the keyservers sequentially (one by one or on the passed list). (This is supposed to be run from cron weekly.)"
def refresh_keys(list=nil)
work_on_lists(:refresh_keys,list)
permission_notice
end
desc 'pin_keys [list1@example.com]', "Find keys for subscriptions without a pinned key and try to pin a certain key (one by one or based on the passed list)."
......@@ -122,6 +124,7 @@ module Schleuder
end
say "Schleuder has been set up. You can now create a new list using `schleuder-cli`.\nWe hope you enjoy!"
permission_notice
rescue => exc
fatal exc.message
end
......@@ -257,6 +260,7 @@ Please notify the users and admins of this list of these changes.
if messages.present?
say messages.gsub(' // ', "\n")
end
permission_notice
rescue => exc
fatal "#{exc}\n#{exc.backtrace.first}"
end
......@@ -335,5 +339,20 @@ Please notify the users and admins of this list of these changes.
true
end
def permission_notice
if Process.euid == 0
dirs = [Conf.lists_dir, Conf.listlogs_dir]
if Conf.database['adapter'] == 'sqlite3'
dirs << Conf.database['database']
end
dirs_sentence = dirs.uniq.map { |dir| enquote(dir) }.to_sentence
say "Warning: this process was run as root -- please make sure the all files in #{dirs_sentence} have correct file system permissions for the user that is running both, schleuder from the MTA and `schleuder-api-daemon`."
end
end
def enquote(string)
"\`#{string}\`"
end
end
end
......@@ -132,6 +132,19 @@ describe 'cli' do
expect(admin_emails.sort).to eq( ['schleuder2@example.org',
'schleuder2-nokey@example.org' ].sort)
end
it "warns about file system permissions if it was run as root" do
expect(Process).to receive(:euid).and_return(0)
v2list_path = 'spec/fixtures/v2list'
orig_stdout = $stdout
$stdout = StringIO.new
Cli.new.migrate_v2_list(v2list_path)
output = $stdout.string
$stdout = orig_stdout
expect(output).to include("Warning: this process was run as root")
end
end
context '#refresh_keys' do
......@@ -199,7 +212,21 @@ describe 'cli' do
teardown_list_and_mailer(list)
end
it "warns about file system permissions if it was run as root" do
expect(Process).to receive(:euid).and_return(0)
list = create(:list)
orig_stdout = $stdout
$stdout = StringIO.new
Cli.new.refresh_keys(list.email)
output = $stdout.string
$stdout = orig_stdout
expect(output).to include("Warning: this process was run as root")
end
end
context '#pin_keys' do
it 'pins fingerprints on not yet set keys' do
list = create(:list)
......@@ -275,6 +302,18 @@ describe 'cli' do
expect(exc.status).to eql(1)
File.rename(tmp_filename, dbfile)
end
it "warns about file system permissions if it was run as root" do
expect(Process).to receive(:euid).and_return(0)
orig_stdout = $stdout
$stdout = StringIO.new
Cli.new.install
output = $stdout.string
$stdout = orig_stdout
expect(output).to include("Warning: this process was run as root")
end
end
context '#commands' do
......@@ -284,4 +323,18 @@ describe 'cli' do
expect($?.exitstatus).to eq(1)
end
end
context '#check_keys' do
it "warns about file system permissions if it was run as root" do
expect(Process).to receive(:euid).and_return(0)
orig_stdout = $stdout
$stdout = StringIO.new
Cli.new.check_keys
output = $stdout.string
$stdout = orig_stdout
expect(output).to include("Warning: this process was run as root")
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment