Issue #1152 Add file mode as argument for file creation

As of now if a user uses umask as `0077` which is serve security level then any file created by default not readable by any different user. With this setup if that user run `crc setup` it will pass without any issue but then `crc start` fails with following error. ``` FATA Error opening file: /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf: open /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf: permission denied ``` This is happen since we create those file using `sudo` and don't provide any file-mode which makes those file only readable by root user and thus this failure.
crc-org · Apr 15, 2020 · 16515f6 · 16515f6
1 parent 60261b4
commit 16515f6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/pkg/crc/preflight/preflight_checks_linux.go b/pkg/crc/preflight/preflight_checks_linux.go
@@ -507,6 +507,7 @@ func fixCrcDnsmasqConfigFile() error {
 		fmt.Sprintf("write dnsmasq configuration in %s", crcDnsmasqConfigPath),
 		crcDnsmasqConfig,
 		crcDnsmasqConfigPath,
+		0644,
 	)
 	if err != nil {
 		return fmt.Errorf("Failed to write dnsmasq config file: %s: %v", crcDnsmasqConfigPath, err)
@@ -572,6 +573,7 @@ func fixCrcNetworkManagerConfig() error {
 		fmt.Sprintf("write NetworkManager config in %s", crcNetworkManagerConfigPath),
 		crcNetworkManagerConfig,
 		crcNetworkManagerConfigPath,
+		0644,
 	)
 	if err != nil {
 		return fmt.Errorf("Failed to write NetworkManager config file: %s: %v", crcNetworkManagerConfigPath, err)

diff --git a/pkg/os/util_linux.go b/pkg/os/util_linux.go
@@ -3,13 +3,15 @@ package os
 import (
 	"bytes"
 	"fmt"
+	"os"
 	"os/exec"
+	"strconv"
 	"strings"
 
 	"github.com/code-ready/crc/pkg/crc/logging"
 )
 
-func WriteToFileAsRoot(reason, content, filepath string) error {
+func WriteToFileAsRoot(reason, content, filepath string, mode os.FileMode) error {
 	logging.Infof("Will use root access: %s", reason)
 	cmd := exec.Command("sudo", "tee", filepath) // #nosec G204
 	cmd.Stdin = strings.NewReader(content)
@@ -18,6 +20,10 @@ func WriteToFileAsRoot(reason, content, filepath string) error {
 	if err := cmd.Run(); err != nil {
 		return fmt.Errorf("Failed writing to file as root: %s: %s: %v", filepath, buf.String(), err)
 	}
+	if _, _, err := RunWithPrivilege(fmt.Sprintf("Changing permission for %s to %d ", filepath, mode),
+		"chmod", strconv.FormatUint(uint64(mode), 8), filepath); err != nil {
+		return err
+	}
 	return nil
 }