Item9211: Change test for "sufficient permissions".

Revise Pub and Data checkers to report insufficient permissions in detail, and a count of excess permissions git-svn-id: http://svn.foswiki.org/trunk@8024 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Jul 4, 2010 · 23db22b · 23db22b
1 parent 51e1161
commit 23db22b
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 16 deletions.
diff --git a/core/lib/Foswiki/Configure/Checker.pm b/core/lib/Foswiki/Configure/Checker.pm
@@ -163,6 +163,7 @@ sub checkTreePerms {
     return '' if ( defined($filter) && $path =~ $filter && !-d $path );
 
     $this->{fileErrors} = 0 unless ( defined $this->{fileErrors} );
+    $this->{excessPerms} = 0 unless ( defined $this->{excessPerms} );
 
     #let's ignore Subversion directories
     return '' if ( $path =~ /^_svn$/ );
@@ -179,14 +180,19 @@ sub checkTreePerms {
 
     if ( $perms =~ /d/ && -d $path ) {
         my $mode = ( stat($path) )[2] & 07777;
-        unless ( $mode == $Foswiki::cfg{RCS}{dirPermission} ) {
-            my $omode = sprintf( '%04o', $mode );
-            my $operm = sprintf( '%04o', $Foswiki::cfg{RCS}{dirPermission} );
-            $permErrs .=
-              "$path - directory permission mismatch $omode should be $operm"
-              . CGI::br()
-              unless ( $this->{fileErrors} > 10 );
-            $this->{fileErrors}++;
+        if ( $mode != $Foswiki::cfg{RCS}{dirPermission}) {
+            if ( ($mode & $Foswiki::cfg{RCS}{dirPermission}) == $Foswiki::cfg{RCS}{dirPermission} ) {
+                $this->{excessPerms}++;
+                }
+            else {
+                my $omode = sprintf( '%04o', $mode );
+                my $operm = sprintf( '%04o', $Foswiki::cfg{RCS}{dirPermission} );
+                $permErrs .=
+                  "$path - directory insufficient permission: $omode should be $operm"
+                  . CGI::br()
+                  unless ( $this->{fileErrors} > 10 );
+                $this->{fileErrors}++;
+            }
         }
     }
 

diff --git a/core/lib/Foswiki/Configure/Checkers/DataDir.pm b/core/lib/Foswiki/Configure/Checkers/DataDir.pm
@@ -12,6 +12,7 @@ sub check {
 
     $this->{filecount}  = 0;
     $this->{fileErrors} = 0;
+    $this->{excessPerms} = 0;
 
     my $e = $this->guessMajorDir( 'DataDir', 'data' );
 
@@ -45,8 +46,17 @@ are set correctly for your environment and correct file system permissions if ne
 ERRMSG
     }
 
+    if ( $this->{excessPerms}) {
+        $e .= $this->WARN(<<PERMS);
+$this->{excessPerms} files appear to have more access permission than is recommended.
+Verify that the Store expert settings of {RCS}{filePermission} and {RCS}{dirPermission}
+are set correctly for your environment and correct file system permissions if necessary.
+PERMS
+    }
+
     $this->{filecount}  = 0;
     $this->{fileErrors} = 0;
+    $this->{excessPerms} = 0;
 
     return $e;
 }

diff --git a/core/lib/Foswiki/Configure/Checkers/PubDir.pm b/core/lib/Foswiki/Configure/Checkers/PubDir.pm
@@ -12,6 +12,7 @@ sub check {
 
     $this->{filecount}  = 0;
     $this->{fileErrors} = 0;
+    $this->{excessPerms} = 0;
     my $e = $this->guessMajorDir( 'PubDir', 'pub' );
     $e .= $this->warnAboutWindowsBackSlashes( $Foswiki::cfg{PubDir} );
 
@@ -24,24 +25,33 @@ sub check {
     # rwd - Readable,  Writable, and directory must match {RCS}{dirPermission}
     my $e2 =
       $this->checkTreePerms( $Foswiki::cfg{PubDir}, 'rw' . $dirchk, qr/,v$/ );
+
+    $e .=
+      ( $this->{filecount} >= $Foswiki::cfg{PathCheckLimit} )
+      ? $this->NOTE(
+"File checking limit $Foswiki::cfg{PathCheckLimit} reached, checking stopped - see expert options"
+      )
+      : $this->NOTE("File count - $this->{filecount} ");
+
     $e .= $this->WARN($e2) if $e2;
 
+    if ( $this->{excessPerms}) {
+        $e .= $this->WARN(<<PERMS);
+$this->{excessPerms} files appear to have more access permission than is recommended.
+Verify that the Store expert settings of {RCS}{filePermission} and {RCS}{dirPermission}
+are set correctly for your environment and correct file system permissions if necessary.
+PERMS
+    }
+
     if ( $this->{fileErrors} > 10 ) {
         $e .= $this->ERROR(<<ERRMSG)
 File/Directory permission mismatch reporting stopped at 10 warnings. 
-$this->{fileErrors} directories or files have mismatched permissions. 
+$this->{fileErrors} directories or files have insufficient permissions. 
 Verify that the Store expert settings of {RCS}{filePermission} and {RCS}{dirPermission}
 are set correctly for your environment and correct file system permissions if necessary.
 ERRMSG
     }
 
-    $e .=
-      ( $this->{filecount} >= $Foswiki::cfg{PathCheckLimit} )
-      ? $this->NOTE(
-"File checking limit $Foswiki::cfg{PathCheckLimit} reached, checking stopped - see expert options"
-      )
-      : $this->NOTE("File count - $this->{filecount} ");
-
     $this->{filecount}  = 0;
     $this->{fileErrors} = 0;