mirror of
https://github.com/RsyncProject/rsync.git
synced 2026-04-29 02:25:45 -04:00
Avoid directory permission issues with --fake-super.
Fixes bug 7070.
This commit is contained in:
Wayne Davison
13
generator.c
13
generator.c
@@ -1285,8 +1285,15 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
|
||||
fnamecmp = fname;
|
||||
|
||||
if (is_dir) {
|
||||
mode_t added_perms;
|
||||
if (!implied_dirs && file->flags & FLAG_IMPLIED_DIR)
|
||||
goto cleanup;
|
||||
if (am_root < 0) {
|
||||
/* For --fake-super, the dir must be useable by the copying
|
||||
* user, just like it would be for root. */
|
||||
added_perms = S_IRUSR|S_IWUSR|S_IXUSR;
|
||||
} else
|
||||
added_perms = 0;
|
||||
if (is_dir < 0) {
|
||||
/* In inc_recurse mode we want to make sure any missing
|
||||
* directories get created while we're still processing
|
||||
@@ -1297,7 +1304,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
|
||||
&& (S_ISDIR(sx.st.st_mode)
|
||||
|| delete_item(fname, sx.st.st_mode, del_opts | DEL_FOR_DIR) != 0))
|
||||
goto cleanup; /* Any errors get reported later. */
|
||||
if (do_mkdir(fname, file->mode & 0700) == 0)
|
||||
if (do_mkdir(fname, (file->mode|added_perms) & 0700) == 0)
|
||||
file->flags |= FLAG_DIR_CREATED;
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -1340,10 +1347,10 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
|
||||
itemize(fnamecmp, file, ndx, statret, &sx,
|
||||
statret ? ITEM_LOCAL_CHANGE : 0, 0, NULL);
|
||||
}
|
||||
if (real_ret != 0 && do_mkdir(fname,file->mode) < 0 && errno != EEXIST) {
|
||||
if (real_ret != 0 && do_mkdir(fname,file->mode|added_perms) < 0 && errno != EEXIST) {
|
||||
if (!relative_paths || errno != ENOENT
|
||||
|| make_path(fname, MKP_DROP_NAME | MKP_SKIP_SLASH) < 0
|
||||
|| (do_mkdir(fname, file->mode) < 0 && errno != EEXIST)) {
|
||||
|| (do_mkdir(fname, file->mode|added_perms) < 0 && errno != EEXIST)) {
|
||||
rsyserr(FERROR_XFER, errno,
|
||||
"recv_generator: mkdir %s failed",
|
||||
full_fname(fname));
|
||||
|
||||
15
receiver.c
15
receiver.c
@@ -24,6 +24,7 @@
|
||||
|
||||
extern int dry_run;
|
||||
extern int do_xfers;
|
||||
extern int am_root;
|
||||
extern int am_server;
|
||||
extern int inc_recurse;
|
||||
extern int log_before_transfer;
|
||||
@@ -173,15 +174,25 @@ int get_tmpname(char *fnametmp, const char *fname, BOOL make_unique)
|
||||
int open_tmpfile(char *fnametmp, const char *fname, struct file_struct *file)
|
||||
{
|
||||
int fd;
|
||||
mode_t added_perms;
|
||||
|
||||
if (!get_tmpname(fnametmp, fname, False))
|
||||
return -1;
|
||||
|
||||
if (am_root < 0) {
|
||||
/* For --fake-super, the file must be useable by the copying
|
||||
* user, just like it would be for root. */
|
||||
added_perms = S_IRUSR|S_IWUSR;
|
||||
} else {
|
||||
/* For a normal copy, we need to be able to tweak things like xattrs. */
|
||||
added_perms = S_IWUSR;
|
||||
}
|
||||
|
||||
/* We initially set the perms without the setuid/setgid bits or group
|
||||
* access to ensure that there is no race condition. They will be
|
||||
* correctly updated after the right owner and group info is set.
|
||||
* (Thanks to snabb@epipe.fi for pointing this out.) */
|
||||
fd = do_mkstemp(fnametmp, (file->mode & INITACCESSPERMS) | S_IWUSR);
|
||||
fd = do_mkstemp(fnametmp, (file->mode|added_perms) & INITACCESSPERMS);
|
||||
|
||||
#if 0
|
||||
/* In most cases parent directories will already exist because their
|
||||
@@ -191,7 +202,7 @@ int open_tmpfile(char *fnametmp, const char *fname, struct file_struct *file)
|
||||
&& make_path(fnametmp, MKP_SKIP_SLASH | MKP_DROP_NAME) == 0) {
|
||||
/* Get back to name with XXXXXX in it. */
|
||||
get_tmpname(fnametmp, fname, False);
|
||||
fd = do_mkstemp(fnametmp, file->mode & INITACCESSPERMS);
|
||||
fd = do_mkstemp(fnametmp, (file->mode|added_perms) & INITACCESSPERMS);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@@ -48,7 +48,8 @@ makepath "$chkdir/foo"
|
||||
echo wow >"$chkdir/file1"
|
||||
cp_touch "$fromdir/foo/file3" "$chkdir/foo"
|
||||
|
||||
files='foo file0 file1 file2 foo/file3 file4 foo/bar/file5'
|
||||
files='foo file0 file1 file2 foo/file3 file4 foo/bar foo/bar/file5'
|
||||
uid_gid=`"$TOOLDIR/tls" "$fromdir/foo" | sed 's/^.* \([0-9][0-9]*\)\.\([0-9][0-9]*\) .*/\1:\2/'`
|
||||
|
||||
cd "$fromdir"
|
||||
|
||||
@@ -106,12 +107,35 @@ checkit "$RSYNC -aiX --fake-super --link-dest=../chk . ../to" "$chkdir" "$todir"
|
||||
cd "$todir"
|
||||
xls $files | diff $diffopt "$scratchdir/xattrs.txt" -
|
||||
|
||||
sed -n -e '/\.\/file1$/d' -e '/^[^ ][^ ]* *[^ ][^ ]* *[^ ][^ ]* *1 /p' "$scratchdir/ls-to" >"$scratchdir/ls-diff"
|
||||
sed -n -e '/^[^ ][^ ]* *[^ ][^ ]* *[^ ][^ ]* *1 /p' "$scratchdir/ls-to" >"$scratchdir/ls-diff-all"
|
||||
fgrep -v './file1' "$scratchdir/ls-diff-all" >"$scratchdir/ls-diff" || :
|
||||
if [ -s "$scratchdir/ls-diff" ]; then
|
||||
echo "Missing hard links on:"
|
||||
cat "$scratchdir/ls-diff"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -s "$scratchdir/ls-diff-all" ]; then
|
||||
echo "Too many hard links on file1!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cd "$chkdir"
|
||||
chmod go-rwx . $files
|
||||
|
||||
xset user.nice 'this is nice, but different' file1
|
||||
xset user.rsync.%stat "100000 0,0 $uid_gid" $files
|
||||
xset user.rsync.%stat "40000 0,0 $uid_gid" foo foo/bar
|
||||
|
||||
xls $files >"$scratchdir/xattrs.txt"
|
||||
|
||||
cd "$fromdir"
|
||||
rm -rf "$todir"
|
||||
|
||||
# When run by a non-root tester, this checks if no-user-perm files/dirs can be copied.
|
||||
checkit "$RSYNC -aiX --fake-super --chmod=a= . ../to" "$chkdir" "$todir" # 2>"$scratchdir/errors.txt"
|
||||
|
||||
cd "$todir"
|
||||
xls $files | diff $diffopt "$scratchdir/xattrs.txt" -
|
||||
|
||||
cd "$fromdir"
|
||||
rm -rf "$todir" "$chkdir"
|
||||
|
||||
Reference in New Issue
Block a user