FooBarWidget / passenger fork watch download tarball
public
Description: Phusion Passenger (mod_rails)
Homepage: http://www.modrails.com/
Clone URL: git://github.com/FooBarWidget/passenger.git
Click here to lend your support to: passenger and make a donation at www.pledgie.com ! 
Bump version to 1.0.4.
Hongli Lai (Phusion) (author)
Thu May 01 11:19:37 -0700 2008
commit  a332965fec0c1756961dddcfc1b867359c65910e
tree    389fef67ed7a13b53ad8938da775099d5fafb419
parent  89cd016e92be791b249abc1bd9385edd45d718c4
passenger / test / spawner_privilege_lowering_spec.rb
100644 73 lines (61 sloc) 2.321 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

require 'support/config'
require 'etc'
 
shared_examples_for "a spawner that supports lowering of privileges" do
  before :all do
    @environment_rb = "#{@test_app}/config/environment.rb"
    @original_uid = File.stat(@environment_rb).uid
    system("chmod -R o+rx #{@test_app}")
    system("chmod o+rx . ..")
  end
  
  after :all do
    File.chown(@original_uid, nil, @environment_rb)
  end
  
  it "should lower its privileges to the owner of environment.rb" do
    File.chown(uid_for('normal_user_1'), nil, @environment_rb)
    spawn_app do |app|
      user_of_process(app.pid).should == CONFIG['normal_user_1']
    end
  end
  
  it "should switch the group as well after lowering privileges" do
    File.chown(uid_for('normal_user_1'), nil, @environment_rb)
    spawn_app do |app|
      expected_gid = Etc.getpwnam(CONFIG['normal_user_1']).gid
      expected_group = Etc.getgrgid(expected_gid).name
      group_of_process(app.pid).should == expected_group
      # TODO: check supplementary group list
    end
  end
  
  it "should lower its privileges to 'lowest_user' if environment.rb is owned by root" do
    File.chown(ApplicationSpawner::ROOT_UID, nil, @environment_rb)
    spawn_app do |app|
      user_of_process(app.pid).should == CONFIG['lowest_user']
    end
  end
  
  it "should lower its privileges to 'lowest_user' if environment.rb is owned by a nonexistant user" do
    File.chown(CONFIG['nonexistant_uid'], nil, @environment_rb)
    spawn_app do |app|
      user_of_process(app.pid).should == CONFIG['lowest_user']
    end
  end
  
  it "should not switch user if environment.rb is owned by a nonexistant user, and 'lowest_user' doesn't exist either" do
    File.chown(CONFIG['nonexistant_uid'], nil, @environment_rb)
    spawn_app(:lowest_user => CONFIG['nonexistant_user']) do |app|
      user_of_process(app.pid).should == user_of_process(Process.pid)
    end
  end
  
  it "should not switch user if 'lower_privilege' is set to false" do
    File.chown(uid_for('normal_user_2'), nil, @environment_rb)
    spawn_app(:lower_privilege => false) do |app|
      user_of_process(app.pid).should == user_of_process(Process.pid)
    end
  end
  
  def uid_for(name)
    return Etc.getpwnam(CONFIG[name]).uid
  end
  
  def user_of_process(pid)
    return `ps -p #{pid} -o user`.split("\n")[1].to_s.strip
  end
  
  def group_of_process(pid)
    return `ps -p #{pid} -o rgroup`.split("\n")[1].to_s.strip
  end
end