Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADH-5802 #18

Merged
merged 6 commits into from
Apr 1, 2025
Merged

ADH-5802 #18

merged 6 commits into from
Apr 1, 2025
+345 −74

Conversation

Asmoday
Copy link

@Asmoday Asmoday commented Mar 24, 2025
edited
Loading

Enforced File Permissions:
The patches add configurable file permission settings for audit spool files and cache files. By introducing properties like filespool.perms (defaulting to “644”).
Controlled Directory Creation:
With the introduction of filespool.dir.perms and policy.cache.dir.perms (defaulting to “755”), directories are now created using NIO.2’s Files.createDirectories() along with explicit POSIX permissions.

Asmoday added 4 commits March 20, 2025 13:28
@Asmoday
fix(ranger-plugin-audit): enforce file permissions for spool files
1ffd907 
- Updating AuditFileSpool, AuditFileQueueSpool, and AuditFileCacheProviderSpool:
  - The spool file permission property is now retrieved to "644" if not specified.
  - After file creation, permissions are enforced via AuditFileUtil.setPermissions().
@Asmoday
fix(ranger-plugin-policy-refresher): enforce cache file permissions
fc3c880 
- Introduce new configuration property "policy.cache.file.perms" to specify cache file permissions.
- Default to "644" if the property is not set, ensuring secure file creation.
@Asmoday
fix(ranger-plugin-audit): enforce directory permissions for spool dir…
2923163 
…ectories

- Introduce new property "filespool.dir.perms" (default "755") to specify permissions for spool directories.
- Update AuditFileSpool, AuditFileQueueSpool, and AuditFileCacheProviderSpool to use the new method instead of mkdirs() for log and archive directories.
@Asmoday
fix(ranger-plugin-policy-refresher): use configured permissions for c…
72216b5 
…ache directory creation

- Add new property "policy.cache.dir.perms" (default "755") to control cache directory permissions.
- Replace "mkdirs()" with Files.createDirectories(), passing the directory permissions via a FileAttribute.
@Asmoday Asmoday self-assigned this Mar 24, 2025
Asmoday added 2 commits March 25, 2025 12:15
@Asmoday
fix(ranger-plugin-audit): enforce correct permissions on spool/cache …
c26ea27 
…files and directories

- Add tests in AuditFileUtilTest for parsePermissions() with "666" and "777" to verify correct conversion to "rw-rw-rw-" and "rwxrwxrwx".
- Add test for createDirectoryWithPermissions() with "777" to ensure that directories are created with full read/write/execute permissions.
- Update AuditFileUtil.createDirectoryWithPermissions() to explicitly call Files.setPosixFilePermissions() after directory creation, ensuring the desired permissions are applied.
- Correct calls in AuditFileSpool, AuditFileQueueSpool, and AuditFileCacheProviderSpool: use setPermissions() on indexDoneFile instead of indexFile.
@Asmoday
fix(ranger-plugin-policy): enforce proper permissions on cache files …
d5f88ab 
…and directories

- Introduce a new FileUtils utility class with methods:
  - parsePermissions(String permStr): converts a 3-digit permission string (e.g., "644", "755") to a Set of POSIX permissions.
  - setPermissions(File file, Set<PosixFilePermission> perms): sets the specified permissions on a file.
  - createDirectoryWithPermissions(File dir, Set<PosixFilePermission> perms): creates directories with the desired permissions and enforces them.

- Update RangerRolesProvider:
  - Add new fields for cache file and cache directory permissions.
  - Parse permission strings from configuration using FileUtils.parsePermissions().
  - Replace mkdirs() with FileUtils.createDirectoryWithPermissions() when creating the cache directory.
  - Ensure that newly created cache files are created with and set to the specified permissions.

- Update PolicyRefresher:
  - Parse cache file and directory permissions using FileUtils.parsePermissions().
  - Use FileUtils.createDirectoryWithPermissions() to create the cache directory with proper permissions.
  - Create the cache file with explicit permissions by calling Files.createFile() and Files.setPosixFilePermissions().

- Update RangerTagEnricher:
  - Parse and store cache file and directory permissions.
  - Pass cache file permissions to RangerTagRefresher.
  - When writing to the cache file, ensure it is created with and assigned the correct permissions.
@Asmoday Asmoday merged commit 7504262 into 2.6.0-develop Apr 1, 2025
2 of 3 checks passed
@Asmoday Asmoday deleted the feature/ADH-5802 branch April 1, 2025 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Asmoday Asmoday

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@Asmoday