Commit 2318a71d authored by Chris McDonough's avatar Chris McDonough

Create a method to log if the base directory is not secure.

parent 028e4185
...@@ -318,11 +318,10 @@ class ClientStorage(object): ...@@ -318,11 +318,10 @@ class ClientStorage(object):
if blob_dir is not None: if blob_dir is not None:
self.fshelper = FilesystemHelper(blob_dir) self.fshelper = FilesystemHelper(blob_dir)
self.fshelper.create() self.fshelper.create()
if not self.fshelper.isSecure(blob_dir): self.fshelper.checkSecure()
log2('Blob dir %s has insecure mode setting' % blob_dir,
level=logging.WARNING)
else: else:
self.fshelper = None self.fshelper = None
# Initialize locks # Initialize locks
self.blob_status_lock = threading.Lock() self.blob_status_lock = threading.Lock()
self.blob_status = {} self.blob_status = {}
......
...@@ -298,6 +298,11 @@ class FilesystemHelper: ...@@ -298,6 +298,11 @@ class FilesystemHelper:
""" Ensure that (POSIX) path mode bits are 0700 """ """ Ensure that (POSIX) path mode bits are 0700 """
return (os.stat(path).st_mode & 077) != 0 return (os.stat(path).st_mode & 077) != 0
def checkSecure(self):
if not self.isSecure(self.base_dir):
log('Blob dir %s has insecure mode setting' % path,
level=logging.WARNING)
def getPathForOID(self, oid): def getPathForOID(self, oid):
""" Given an OID, return the path on the filesystem where """ Given an OID, return the path on the filesystem where
the blob data relating to that OID is stored """ the blob data relating to that OID is stored """
......
...@@ -44,10 +44,8 @@ class BlobStorage(ProxyBase): ...@@ -44,10 +44,8 @@ class BlobStorage(ProxyBase):
# TODO Complain if storage is ClientStorage # TODO Complain if storage is ClientStorage
ProxyBase.__init__(self, storage) ProxyBase.__init__(self, storage)
self.fshelper = FilesystemHelper(base_directory) self.fshelper = FilesystemHelper(base_directory)
if not os.path.exists(self.base_directory): self.fshelper.create()
os.makedirs(self.base_directory, 0700) self.fshelper.checkSecure()
logger.info("Blob directory '%s' does not exist. "
"Created new directory." % self.base_directory)
self.dirty_oids = [] self.dirty_oids = []
def __repr__(self): def __repr__(self):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment