As we discovered in PR #377 and #379 some of the fileio access-related functions have subtle pitfalls in case run as a privileged user rather than the unprivileged one we typically use in deployments.
Basically we cannot solely rely on POSIX file system permissions to enforce read-only and write-only file/directory access in that case.
AFAICT we never really intended this to be different or even used from privileged user accounts. So I guess we should warn and perhaps even refuse such use by throwing an exception if attempted. Yet, we decided to postpone any further work on that for later to avoid introducing potential regressions and spending too much time on irrelevant fixes we don't use anyway.
It would be nice to adjust at least the following functions from mig/shared/fileio.py:
- check_read_access
- check_write_access
- check_readable
- check_writable
- check_readonly
- check_readwritable
to explicitly handle or refuse such privileged account use and to adjust the unit tests in tests/test_mig_shared_fileio.py accordingly to eliminate or refactor the uid == 0 conditionals. Please refer especially to the comments in #377 for further details.
As we discovered in PR #377 and #379 some of the
fileioaccess-related functions have subtle pitfalls in case run as a privileged user rather than the unprivileged one we typically use in deployments.Basically we cannot solely rely on POSIX file system permissions to enforce read-only and write-only file/directory access in that case.
AFAICT we never really intended this to be different or even used from privileged user accounts. So I guess we should warn and perhaps even refuse such use by throwing an exception if attempted. Yet, we decided to postpone any further work on that for later to avoid introducing potential regressions and spending too much time on irrelevant fixes we don't use anyway.
It would be nice to adjust at least the following functions from
mig/shared/fileio.py:to explicitly handle or refuse such privileged account use and to adjust the unit tests in
tests/test_mig_shared_fileio.pyaccordingly to eliminate or refactor theuid == 0conditionals. Please refer especially to the comments in #377 for further details.