-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix incorrect file permissions in file.line #30212
Fix incorrect file permissions in file.line #30212
Conversation
When atomic_open is called from the file module, the file always exists. However, when atomic_open() is called from returners, the file does not exist yet. Should atomic_open() make the assumption that the file exists? If yes, you should fix the calling code in salt/returners/local_cache.py and perhaps other places. If atomic_open should NOT assume the file exists, I think it's a bit nicer to check if the file exists rather than simply swallowing exceptions. For example:
After all, you still want to know if something unexpected happens, and not silently continue. |
Agree. Thanks @codeHotter We are not checking tmp file, which is also a good idea I think. What do you think? Otherwise it will fail badly. |
The temp file should be guaranteed to exist here. It's not necessary to check for it. |
c3d3df8
to
c1917fb
Compare
Thanks again @codeHotter. I just updated this PR with your suggestion. |
@@ -1468,9 +1468,9 @@ def line(path, content, match=None, mode=None, location=None, | |||
salt '*' file.line /etc/nsswitch.conf "networks:\tfiles dns", after="hosts:.*?", mode='ensure' | |||
''' | |||
path = os.path.realpath(os.path.expanduser(path)) | |||
if not os.path.exists(path): | |||
if not os.path.isfle(path): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be isfile
Is the way i send in the PR |
In your previous version it was fine, but now it says "isfle". Look in your github repository on the fix_file_line_permissions branch: If it's correct locally, maybe you can try to push the branch again? |
Looks like atomic_open() doesn't take care of preserving file permissions. It will create a new file, edit it and then move this temp file to the original file ignoring file permissions. Also updated the check to be sure file exist and is a file. Otherwise code will try to update directory content and will fail badly and throw a python error. Fixes saltstack#30150.
c1917fb
to
dec15d1
Compare
You are right. Now should be fixed. Thanks. |
f55b4ea
to
dec15d1
Compare
@abednarik Would this also fix the following issue? #28320 This issue behaves in the same way as mentioned issue does. |
Hi @Grokzen don't' think so, since comment_line is using other function _mkstemp_copy. Anyway, should be fair easy to apply the same I did here. |
Fix incorrect file permissions in file.line
Looks like atomic_open() doesn't take care of preserving file permissions. It will create
a new file, edit it and then move this temp file to the original file ignoring file permissions.
Also updated the check to be sure file exist and is a file. Otherwise code will try to update
directory content and will fail badly and throw a python error.
Fixes #30150.
Hope this one don't break anything :(