pyfakefs seemingly ignores file permissions on write() #489
Labels
Comments
|
You are running as root, in this case |
|
Fantastic point @mrbean-bremen ! That is exactly it; apologies we did not notice this factor which is a clear explanation. We'll make the necessary adjustments. No issue/bug here then. (closing) Here's an example (for future users landing here); import os
import stat
#from pyfakefs.fake_filesystem_unittest import TestCase
import pyfakefs
import pytest
class TestCaseExample(pyfakefs.fake_filesystem_unittest.TestCase):
def setUp(self):
self.setUpPyfakefs()
def test_create_file(self):
file_path = 'file_foo.txt'
self.assertFalse(os.path.exists(file_path))
self.fs.create_file(file_path)
self.assertTrue(os.path.exists(file_path))
def test_default_file_perms(self):
file_path = 'file_bar.txt'
self.fs.create_file(file_path)
self.assertTrue(os.path.exists(file_path))
default_mask = 0o666
initial_mask = stat.S_IMODE(os.lstat(file_path).st_mode)
assert initial_mask == 0o666
def test_impossible_write_capability(self):
file_path = 'file_bat.txt'
# Change the filesystem UID access to non-root
# (HACK use www-data UID 33)
pyfakefs.fake_filesystem.set_uid(33)
self.fs.create_file(file_path)
self.assertTrue(os.path.exists(file_path))
default_mask = 0o666
initial_mask = stat.S_IMODE(os.lstat(file_path).st_mode)
assert initial_mask == default_mask
no_write_mask = 0o000
os.chmod(file_path, no_write_mask)
new_mask = stat.S_IMODE(os.lstat(file_path).st_mode)
assert new_mask == no_write_mask
with pytest.raises(PermissionError) as e_info:
with open(file_path, 'w') as f:
f.write('This should NOT be possible\n')
with pytest.raises(PermissionError) as e_info:
with open(file_path) as f:
# user should not be allowed to READ, expect PermissionError
print(f.read())(app) root@e2574646d5d0:/app# python3 -m pytest tests/ut/pyfakefs/test_perms.py
Test session starts (platform: linux, Python 3.7.3, pytest 4.6.3, pytest-sugar 0.9.2)
cachedir: .pytest_cache
rootdir: /app, inifile: pytest.ini
plugins: cov-2.7.1, sugar-0.9.2, pyfakefs-3.5.8, mock-1.10.4
collecting ...
tests/ut/pyfakefs/test_perms.py::TestCaseExample.test_create_file ✓ 33% ███▍
tests/ut/pyfakefs/test_perms.py::TestCaseExample.test_default_file_perms ✓ 67% ██████▋
tests/ut/pyfakefs/test_perms.py::TestCaseExample.test_impossible_write_capability ✓ 100% ██████████Coverage.py warning: No data was collected. (no-data-collected)
(snip coverage)
Results (0.94s):
3 passed |
|
Good point about future users - maybe we'll add this to the troubleshooting guide! With docker, this will probably happen more often now... |
mrbean-bremen
added a commit
that referenced
this issue
Jun 21, 2019
tchaikov
added a commit
to tchaikov/ceph
that referenced
this issue
Oct 10, 2022
as we will be create/access directories which are only accessible by root with pyfakefs, and pyfake respects the uid of current effective user, so if we run the test using non-root user, these tests would fail after the fix for pytest-dev/pyfakefs#489 is addressed in the pyfakefs we are using. in this change, we will run the test on behalf of root, so we can create and access the directories as we did before. Signed-off-by: Kefu Chai <tchaikov@gmail.com>
tchaikov
added a commit
to tchaikov/ceph
that referenced
this issue
Oct 10, 2022
as we will be create/access directories which are only accessible by root with pyfakefs, and pyfake respects the uid of current effective user, so if we run the test using non-root user, these tests would fail after the fix for pytest-dev/pyfakefs#489 is addressed in the pyfakefs we are using. in this change, we will run the test on behalf of root, so we can create and access the directories as we did before. Signed-off-by: Kefu Chai <tchaikov@gmail.com>
nizamial09
pushed a commit
to rhcs-dashboard/ceph
that referenced
this issue
Oct 11, 2022
as we will be create/access directories which are only accessible by root with pyfakefs, and pyfake respects the uid of current effective user, so if we run the test using non-root user, these tests would fail after the fix for pytest-dev/pyfakefs#489 is addressed in the pyfakefs we are using. in this change, we will run the test on behalf of root, so we can create and access the directories as we did before. Signed-off-by: Kefu Chai <tchaikov@gmail.com> (cherry picked from commit ed19416) Conflicts: src/cephadm/tests/fixtures.py - Replace _cephadm with cd
adk3798
pushed a commit
to adk3798/ceph
that referenced
this issue
Oct 12, 2022
as we will be create/access directories which are only accessible by root with pyfakefs, and pyfake respects the uid of current effective user, so if we run the test using non-root user, these tests would fail after the fix for pytest-dev/pyfakefs#489 is addressed in the pyfakefs we are using. in this change, we will run the test on behalf of root, so we can create and access the directories as we did before. Signed-off-by: Kefu Chai <tchaikov@gmail.com> (cherry picked from commit ed19416) Conflicts: src/cephadm/tests/fixtures.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
We have come across this seemingly impossible scenario, where despite creating a file in pyfakefs, with completely removed permissions (effectively chmod
000), it is STILL allowed to write and read from it.How To Reproduce
Here follows an example suite of tests:
We EXPECT
test_create_fileandtest_default_file_permsto PASS, andtest_impossible_write_capabilityto FAIL. The failure is because in that last test we change the permissions to chmod000, yet, these commands do not throw.Run it like so:
Your enviroment
Note that we are in a docker, inside of python venv (via pipenv).
The text was updated successfully, but these errors were encountered: