Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set directory ownership explicitly during setup #626

Merged
merged 7 commits into from
Nov 7, 2024
Merged

Set directory ownership explicitly during setup #626

merged 7 commits into from
Nov 7, 2024

Conversation

jherbel
Copy link
Contributor

@jherbel jherbel commented Nov 4, 2024

No description provided.

@jherbel jherbel force-pushed the dev/joerg/CMK-20037_explicit_directory_ownership branch 5 times, most recently from 9a4d73f to 94f8ab7 Compare November 4, 2024 12:17
@jherbel jherbel requested a review from SoloJacobs November 4, 2024 12:28
SoloJacobs
SoloJacobs requested changes Nov 5, 2024
View reviewed changes
src/bin/scheduler/setup/directories.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/directories.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/directories.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/directories.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/directories.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/windows_permissions.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/directories.rs Outdated Show resolved Hide resolved
src/bin/scheduler/setup/directories.rs Show resolved Hide resolved
@jherbel jherbel force-pushed the dev/joerg/CMK-20037_explicit_directory_ownership branch 2 times, most recently from 2352762 to 3dc5858 Compare November 5, 2024 13:57
@jherbel jherbel requested a review from SoloJacobs November 5, 2024 14:09
@jherbel
Specify only base runtime directory in external configuration
474009e 
All sub-directories (managed, plans, rcc_setup) are now managed internally. This
ensures that we have a single parent directory whose ownership we can set.

CMK-20037
@jherbel
Rename: setup::{general -> directories}.rs
53b7223 
The new name actually describes what we are setting up.
@jherbel
Add libc crate to retrieve current user and group id (Linux)
89b520c 
CMK-20037
@jherbel
Directories setup: Implement new struct to handle setting of ownership
d85292d 
* Linux: Transfer ownership to current user and group.
* Windows: Transfer ownership to administrator group. This has two advantages:
  1) We don't have to find out the name of the current user.
  2) This seems to be default for files created by the local system account
     SYSTEM, under which the scheduler is usually executed when it is run by the
     Windows agent.

For both Linux and Windows, we don't follow symbolic links. The scheduler itself
is not creating any, so the only place where we might expect to find symbolic
links is the managed robots directory. Since we anyway remove and re-create the
managed robots directory during the setup, there is no need to explicitly set
the ownership of this directory.

CMK-20037
@jherbel
Explictly create runtime directory and set ownership (non-recursive)
5bd05aa 
* Linux: Transfer ownership to current user and group.
* Windows: Transfer ownership to administrator group.

CMK-20037
@jherbel
Explicitly set non-recursive ownership of working and plan working di…
0b35309 
…rectories

* Linux: Transfer ownership to current user and group.
* Windows: Transfer ownership to administrator group.

Directory structure:
working_directory
  |__ plans
        |__ {plan_id}

The actual files created when running the plans might belong to a different
user, either because an explicit user is set in the plan configuration (Windows
only) or because the scheduler was previously executed as a different user. Both
cases are ok, since we are not using these files in any way. Eventually, they
are cleaned up.

However, the parent directories should definitely belong to us, such that no
unauthorized user can attempt to modify new files we create.

CMK-20037
@jherbel
Explicitly set ownership of results directory (recursively)
48d5f7a 
* Linux: Transfer ownership to current user and group.
* Windows: Transfer ownership to administrator group.

Files in this directory are never written by a different user, so we can take
ownership recursively. If the scheduler was previously executed as a different
user, it's OK for us to take over ownership, since the previous user must anyway
have elevated access.

CMK-20037
@jherbel jherbel force-pushed the dev/joerg/CMK-20037_explicit_directory_ownership branch from 3dc5858 to 48d5f7a Compare November 7, 2024 13:49
@jherbel jherbel requested a review from SoloJacobs November 7, 2024 13:50
@SoloJacobs
Copy link
Contributor

Nice 👍

@jherbel jherbel merged commit 5701504 into main Nov 7, 2024
23 checks passed
@jherbel jherbel deleted the dev/joerg/CMK-20037_explicit_directory_ownership branch November 7, 2024 13:57
@github-actions github-actions bot locked and limited conversation to collaborators Nov 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@SoloJacobs SoloJacobs SoloJacobs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jherbel @SoloJacobs