feat: User-specified mount point owner and permissions

Added new volume options related to mount point directory: mount_user - directory owner (string) mount_group - directory group (string) mount_permissions - directory permissions (string; same format as chmod) Resolves: rhbz#2181661
linux-system-roles · May 16, 2023 · a638c00 · a638c00
1 parent 1b4b4c5
commit a638c00
Show file tree

Hide file tree

Showing 4 changed files with 79 additions and 2 deletions.
diff --git a/library/blivet.py b/library/blivet.py
@@ -1632,7 +1632,10 @@ def handle_new_mount(volume, fstab):
                            'opts': volume['mount_options'],
                            'dump': volume['mount_check'],
                            'passno': volume['mount_passno'],
-                           'state': 'mounted' if volume['fs_type'] != "swap" else "present"})
+                           'state': 'mounted' if volume['fs_type'] != "swap" else "present",
+                           'owner': volume['mount_user'],
+                           'group': volume['mount_group'],
+                           'permissions': volume['mount_permissions']})
 
     return mount_info
 
@@ -1729,6 +1732,9 @@ def run_module():
                               fs_type=dict(type='str'),
                               mount_options=dict(type='str'),
                               mount_point=dict(type='str'),
+                              mount_user=dict(type='str'),
+                              mount_group=dict(type='str'),
+                              mount_permissions=dict(type='str'),
                               name=dict(type='str'),
                               raid_level=dict(type='str'),
                               size=dict(type='str'),

diff --git a/tasks/main-blivet.yml b/tasks/main-blivet.yml
@@ -161,6 +161,33 @@
     daemon_reload: true
   when: blivet_output['mounts']
 
+- name: Set directory owner
+  command: "chown {{ mount_info['owner'] }} {{ mount_info['path'] }}"
+  when: mount_info['owner']
+  loop: "{{ blivet_output.mounts | selectattr('state', 'defined') |
+            rejectattr('state', 'match', '^absent$') | list }}"
+  loop_control:
+    loop_var: mount_info
+  changed_when: false
+
+- name: Set directory group
+  command: "chown :{{ mount_info['group'] }} {{ mount_info['path'] }}"
+  when: mount_info['group']
+  loop: "{{ blivet_output.mounts | selectattr('state', 'defined') |
+            rejectattr('state', 'match', '^absent$') | list }}"
+  loop_control:
+    loop_var: mount_info
+  changed_when: false
+
+- name: Set directory permissions
+  command: "chmod {{ mount_info['permissions'] }} {{ mount_info['path'] }}"
+  when: mount_info['permissions']
+  loop: "{{ blivet_output.mounts | selectattr('state', 'defined') |
+            rejectattr('state', 'match', '^absent$') | list }}"
+  loop_control:
+    loop_var: mount_info
+  changed_when: false
+
 #
 # Manage /etc/crypttab
 #

diff --git a/tests/test-verify-volume-mount.yml b/tests/test-verify-volume-mount.yml
@@ -30,6 +30,24 @@
       _storage_test_volume_present and
       storage_test_volume.fs_type == 'swap' else 0 }}"
 
+- name: Get information about the mountpoint directory owner
+  command: "stat -c '%U' {{ storage_test_volume.mount_point }}"
+  register: storage_test_found_mount_user
+  changed_when: false
+  when: _storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_user
+
+- name: Get information about the mountpoint directory group
+  command: "stat -c '%U' {{ storage_test_volume.mount_point }}"
+  register: storage_test_found_mount_group
+  changed_when: false
+  when: _storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_group
+
+- name: Get information about the mountpoint directory permissions
+  command: "stat -c '%a' {{ storage_test_volume.mount_point }}"
+  register: storage_test_found_mount_permissions
+  changed_when: false
+  when: _storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_permissions
+
 #
 # Verify mount presence.
 #
@@ -43,7 +61,7 @@
   when: _storage_test_volume_present and storage_test_volume.mount_point
 
 #
-# Verify mount directory.
+# Verify mount directory (state, owner, group, permissions).
 #
 - name: Verify the current mount state by mount point
   assert:
@@ -53,6 +71,24 @@
       Found unexpected mount state for volume
       '{{ storage_test_volume.name }}' mount point
 
+- name: Verify mount directory user
+  assert:
+    that: "{{ storage_test_volume.mount_user == storage_test_found_mount_user.stdout }}"
+    msg: "Mount directory {{ storage_test_volume.mount_point }} of volume {{ storage_test_volume.name }}) has unexcepted owner (expected: {{ storage_test_volume.mount_user }}, found: {{ storage_test_found_mount_user.stdout }})"
+  when: _storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_user
+
+- name: Verify mount directory group
+  assert:
+    that: "{{ storage_test_volume.mount_group == storage_test_found_mount_group.stdout }}"
+    msg: "Mount directory {{ storage_test_volume.mount_point }} of volume {{ storage_test_volume.name }}) has unexcepted group (expected: {{ storage_test_volume.mount_group }}, found: {{ storage_test_found_mount_group.stdout }})"
+  when: _storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_group
+
+- name: Verify mount directory permissions
+  assert:
+    that: "{{ storage_test_volume.mount_permissions == storage_test_found_mount_permissions.stdout }}"
+    msg: "Mount directory {{ storage_test_volume.mount_point }} of volume {{ storage_test_volume.name }}) has unexcepted permissions (expected: {{ storage_test_volume.mount_permissions }}, found: {{ storage_test_found_mount_permissions.stdout }})"
+  when: _storage_test_volume_present and storage_test_volume.mount_point and storage_test_volume.mount_permissions
+
 #
 # Verify mount fs type.
 #
@@ -100,3 +136,5 @@
     storage_test_swap_expected_matches: null
     storage_test_sys_node: null
     storage_test_swaps: null
+    storage_test_found_mount_user: null
+    storage_test_found_mount_user: null
diff --git a/tests/tests_create_disk_then_remove.yml b/tests/tests_create_disk_then_remove.yml
@@ -35,6 +35,9 @@
             disks: "{{ unused_disks[0] }}"
             fs_type: ext4
             mount_point: "{{ mount_location }}"
+            mount_user: "nobody"
+            mount_group: "nobody"
+            mount_permissions: "777"
 
     - name: Verify role results
       include_tasks: verify-role-results.yml
@@ -48,6 +51,9 @@
             type: disk
             disks: "{{ unused_disks }}"
             mount_point: "{{ mount_location }}"
+            mount_user: "root"
+            mount_group: "root"
+            mount_permissions: "755"
 
     - name: Assert file system is preserved on existing partition volume
       assert: