Ensure sanity of the permissions on the storage and session directories and the config database. Fixes #4182

docs/en_US/release_notes_4_6.rst

@@ -20,4 +20,5 @@ Bug fixes
 | `Bug #4104 <https://redmine.postgresql.org/issues/4104>`_ - Ensure that record should be add/edited for root partition table with primary keys.
 | `Bug #4121 <https://redmine.postgresql.org/issues/4121>`_ - Fixed alignment issue of columns in definition section of Index node.
 | `Bug #4138 <https://redmine.postgresql.org/issues/4138>`_ - Fix an issue where the dropdown becomes misaligned/displaced.
-| `Bug #4161 <https://redmine.postgresql.org/issues/4161>`_ - Ensure that parameters of procedures for EPAS server 10 and below should be set/reset properly.
+| `Bug #4161 <https://redmine.postgresql.org/issues/4161>`_ - Ensure that parameters of procedures for EPAS server 10 and below should be set/reset properly.
+| `Bug #4182 <https://redmine.postgresql.org/issues/4182>`_ - Ensure sanity of the permissions on the storage and session directories and the config database.

web/pgadmin/__init__.py

@@ -338,6 +338,8 @@ def create_app(app_name=None):
                 set_version(CURRENT_SCHEMA_VERSION)
                 db.session.commit()
 
+        os.chmod(config.SQLITE_PATH, 0o600)
+
     Mail(app)
 
     import pgadmin.utils.paths as paths

web/pgadmin/setup/data_directory.py

@@ -21,12 +21,14 @@ def create_app_data_directory(config):
     """
     # Create the directory containing the configuration file (if not present).
     _create_directory_if_not_exists(os.path.dirname(config.SQLITE_PATH))
+    os.chmod(os.path.dirname(config.SQLITE_PATH), 0o700)
 
     # Create the directory containing the log file (if not present).
     _create_directory_if_not_exists(os.path.dirname(config.LOG_FILE))
 
     # Create the session directory (if not present).
     _create_directory_if_not_exists(config.SESSION_DB_PATH)
+    os.chmod(os.path.dirname(config.SESSION_DB_PATH), 0o700)
 
     # Create the storage directory (if not present).
     _create_directory_if_not_exists(config.STORAGE_DIR)

web/pgadmin/setup/tests/test_permissions.py

@@ -0,0 +1,35 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2019, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+from pgadmin.utils.route import BaseTestGenerator
+import os
+import config
+from stat import *
+
+
+class PermissionsTestCase(BaseTestGenerator):
+    """
+    This class validates filesystem permissions for data/config storage
+    """
+
+    scenarios = [
+        ('Check config database', dict(path=config.TEST_SQLITE_PATH,
+                                       permissions='600')),
+        ('Check config directory', dict(
+            path=os.path.dirname(config.TEST_SQLITE_PATH),
+            permissions='700')),
+        ('Check session directory', dict(
+            path=os.path.dirname(config.SESSION_DB_PATH),
+            permissions='700'))
+    ]
+
+    def runTest(self):
+        self.assertTrue(
+            oct(os.stat(self.path)[ST_MODE])[-3:] == self.permissions
+        )

web/setup.py

@@ -369,6 +369,8 @@ def setup_db():
                 version.value = CURRENT_SCHEMA_VERSION
                 db.session.commit()
 
+        os.chmod(config.SQLITE_PATH, 0o600)
+
 
 if __name__ == '__main__':
     # Configuration settings