Skip to content

Commit 605e17d

Browse files
joe4devjoe4dev
authored
Fix filesystem permission parity (#22)
1 parent e4d28d8 commit 605e17d

File tree

3 files changed

+40
-5
lines changed

3 files changed

+40
-5
lines changed

cmd/localstack/file_utils.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
package main
2+
3+
import (
4+
"os"
5+
"path/filepath"
6+
)
7+
8+
// Inspired by https://stackoverflow.com/questions/73864379/golang-change-permission-os-chmod-and-os-chowm-recursively
9+
// but using the more efficient WalkDir API
10+
func ChmodRecursively(root string, mode os.FileMode) error {
11+
return filepath.WalkDir(root,
12+
func(path string, d os.DirEntry, err error) error {
13+
if err != nil {
14+
return err
15+
}
16+
err = os.Chmod(path, mode)
17+
if err != nil {
18+
return err
19+
}
20+
return nil
21+
})
22+
}

cmd/localstack/main.go

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,15 @@ func main() {
132132
log.Fatal("Failed to download code archives: " + err.Error())
133133
}
134134

135+
// fix permissions of the layers directory for better AWS parity
136+
if err := ChmodRecursively("/opt", 0755); err != nil {
137+
log.Warnln("Could not change file mode recursively of directory /opt:", err)
138+
}
139+
// fix permissions of the tmp directory for better AWS parity
140+
if err := ChmodRecursively("/tmp", 0700); err != nil {
141+
log.Warnln("Could not change file mode recursively of directory /tmp:", err)
142+
}
143+
135144
// parse CLI args
136145
bootstrap, handler := getBootstrap(os.Args)
137146

@@ -141,11 +150,15 @@ func main() {
141150
gid := 990
142151
AddUser(lsOpts.User, uid, gid)
143152
if err := os.Chown("/tmp", uid, gid); err != nil {
144-
log.Warnln("Could not change owner of /tmp:", err)
153+
log.Warnln("Could not change owner of directory /tmp:", err)
145154
}
146155
UserLogger().Debugln("Process running as root user.")
147-
DropPrivileges(lsOpts.User)
148-
UserLogger().Debugln("Process running as non-root user.")
156+
err := DropPrivileges(lsOpts.User)
157+
if err != nil {
158+
log.Warnln("Could not drop root privileges.", err)
159+
} else {
160+
UserLogger().Debugln("Process running as non-root user.")
161+
}
149162
}
150163

151164
logCollector := NewLogCollector()

cmd/localstack/user.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -70,12 +70,12 @@ func UserLogger() *log.Entry {
7070
}
7171
uid := os.Getuid()
7272
uidString := strconv.Itoa(uid)
73-
user, err := user.LookupId(uidString)
73+
userObject, err := user.LookupId(uidString)
7474
if err != nil {
7575
log.Warnln("Could not look up user by uid:", uid, err)
7676
}
7777
return log.WithFields(log.Fields{
78-
"username": user.Username,
78+
"username": userObject.Username,
7979
"uid": uid,
8080
"euid": os.Geteuid(),
8181
"gid": os.Getgid(),

0 commit comments

Comments
 (0)