Ensure sanity of the permissions on the storage and session directories and the config database. Fixes #4182

2024-11-22 08:46:39 -06:00 · 2019-04-17 16:57:34 +01:00 · 2019-04-17 16:57:34 +01:00 · d728ee7436
commit d728ee7436
parent 1a192109d6
5 changed files with 43 additions and 1 deletions
--- a/docs/en_US/release_notes_4_6.rst
+++ b/docs/en_US/release_notes_4_6.rst
@ -20,4 +20,5 @@ Bug fixes
 | `Bug #4104 <https://redmine.postgresql.org/issues/4104>`_ - Ensure that record should be add/edited for root partition table with primary keys.
 | `Bug #4121 <https://redmine.postgresql.org/issues/4121>`_ - Fixed alignment issue of columns in definition section of Index node.
 | `Bug #4138 <https://redmine.postgresql.org/issues/4138>`_ - Fix an issue where the dropdown becomes misaligned/displaced.
-| `Bug #4161 <https://redmine.postgresql.org/issues/4161>`_ - Ensure that parameters of procedures for EPAS server 10 and below should be set/reset properly.
+| `Bug #4161 <https://redmine.postgresql.org/issues/4161>`_ - Ensure that parameters of procedures for EPAS server 10 and below should be set/reset properly.
+| `Bug #4182 <https://redmine.postgresql.org/issues/4182>`_ - Ensure sanity of the permissions on the storage and session directories and the config database.
--- a/web/pgadmin/init.py
+++ b/web/pgadmin/init.py
@ -338,6 +338,8 @@ def create_app(app_name=None):
                set_version(CURRENT_SCHEMA_VERSION)
                db.session.commit()

+        os.chmod(config.SQLITE_PATH, 0o600)
+
    Mail(app)

    import pgadmin.utils.paths as paths
--- a/web/pgadmin/setup/data_directory.py
+++ b/web/pgadmin/setup/data_directory.py
@ -21,12 +21,14 @@ def create_app_data_directory(config):
    """
    # Create the directory containing the configuration file (if not present).
    _create_directory_if_not_exists(os.path.dirname(config.SQLITE_PATH))
+    os.chmod(os.path.dirname(config.SQLITE_PATH), 0o700)

    # Create the directory containing the log file (if not present).
    _create_directory_if_not_exists(os.path.dirname(config.LOG_FILE))

    # Create the session directory (if not present).
    _create_directory_if_not_exists(config.SESSION_DB_PATH)
+    os.chmod(os.path.dirname(config.SESSION_DB_PATH), 0o700)

    # Create the storage directory (if not present).
    _create_directory_if_not_exists(config.STORAGE_DIR)
--- a/web/pgadmin/setup/tests/test_permissions.py
+++ b/web/pgadmin/setup/tests/test_permissions.py
@ -0,0 +1,35 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2019, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+from pgadmin.utils.route import BaseTestGenerator
+import os
+import config
+from stat import *
+
+
+class PermissionsTestCase(BaseTestGenerator):
+    """
+    This class validates filesystem permissions for data/config storage
+    """
+
+    scenarios = [
+        ('Check config database', dict(path=config.TEST_SQLITE_PATH,
+                                       permissions='600')),
+        ('Check config directory', dict(
+            path=os.path.dirname(config.TEST_SQLITE_PATH),
+            permissions='700')),
+        ('Check session directory', dict(
+            path=os.path.dirname(config.SESSION_DB_PATH),
+            permissions='700'))
+    ]
+
+    def runTest(self):
+        self.assertTrue(
+            oct(os.stat(self.path)[ST_MODE])[-3:] == self.permissions
+        )
--- a/web/setup.py
+++ b/web/setup.py
@ -369,6 +369,8 @@ def setup_db():
                version.value = CURRENT_SCHEMA_VERSION
                db.session.commit()

+        os.chmod(config.SQLITE_PATH, 0o600)
+

 if __name__ == '__main__':
    # Configuration settings