We got nominated! Help us out and vote for GitHub as Best Bootstrapped Startup of 2008. (You can vote once a day.) [ hide ]

FooBarWidget / passenger fork watch download tarball
public
Description: Phusion Passenger (mod_rails)
Homepage: http://www.modrails.com/
Clone URL: git://github.com/FooBarWidget/passenger.git
Click here to lend your support to: passenger and make a donation at www.pledgie.com ! 
Bump version to 1.0.1.
Hongli Lai (Phusion) (author)
Fri Apr 11 09:14:31 -0700 2008
commit  5ad480d39fb72b98215f9ba8336f184ab47ce219
tree    a0c823a9838eca566fef4de53ffd892547777c9c
parent  e5b39013396e33d689dc2f4bf0ff5e18b5dd64d3
passenger / test / spawner_privilege_lowering_spec.rb
100644 72 lines (60 sloc) 2.279 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

require 'support/config'
require 'etc'
 
shared_examples_for "a spawner that supports lowering of privileges" do
  before :all do
    @environment_rb = "#{@test_app}/config/environment.rb"
    @original_uid = File.stat(@environment_rb).uid
    system("chmod -R o+rx #{@test_app}")
    system("chmod o+rx . ..")
  end
  
  after :all do
    File.chown(@original_uid, nil, @environment_rb)
  end
  
  it "should lower its privileges to the owner of environment.rb" do
    File.chown(uid_for('normal_user_1'), nil, @environment_rb)
    spawn_app do |app|
      user_of_process(app.pid).should == CONFIG['normal_user_1']
    end
  end
  
  it "should switch the group as well after lowering privileges" do
    File.chown(uid_for('normal_user_1'), nil, @environment_rb)
    spawn_app do |app|
      expected_gid = Etc.getpwnam(CONFIG['normal_user_1']).gid
      expected_group = Etc.getgrgid(expected_gid).name
      group_of_process(app.pid).should == expected_group
    end
  end
  
  it "should lower its privileges to 'lowest_user' if environment.rb is owned by root" do
    File.chown(ApplicationSpawner::ROOT_UID, nil, @environment_rb)
    spawn_app do |app|
      user_of_process(app.pid).should == CONFIG['lowest_user']
    end
  end
  
  it "should lower its privileges to 'lowest_user' if environment.rb is owned by a nonexistant user" do
    File.chown(CONFIG['nonexistant_uid'], nil, @environment_rb)
    spawn_app do |app|
      user_of_process(app.pid).should == CONFIG['lowest_user']
    end
  end
  
  it "should not switch user if environment.rb is owned by a nonexistant user, and 'lowest_user' doesn't exist either" do
    File.chown(CONFIG['nonexistant_uid'], nil, @environment_rb)
    spawn_app(:lowest_user => CONFIG['nonexistant_user']) do |app|
      user_of_process(app.pid).should == user_of_process(Process.pid)
    end
  end
  
  it "should not switch user if 'lower_privilege' is set to false" do
    File.chown(uid_for('normal_user_2'), nil, @environment_rb)
    spawn_app(:lower_privilege => false) do |app|
      user_of_process(app.pid).should == user_of_process(Process.pid)
    end
  end
  
  def uid_for(name)
    return Etc.getpwnam(CONFIG[name]).uid
  end
  
  def user_of_process(pid)
    return `ps -p #{pid} -o user`.split("\n")[1].to_s.strip
  end
  
  def group_of_process(pid)
    return `ps -p #{pid} -o rgroup`.split("\n")[1].to_s.strip
  end
end