From a27b0dd673266ff38a53066ef8c31578b57fc9a8 Mon Sep 17 00:00:00 2001 From: Derek Collison Date: Wed, 19 May 2021 14:46:07 -0700 Subject: [PATCH] Move default file and dir perms Signed-off-by: Derek Collison --- server/dirstore.go | 8 ++++---- server/disk_avail.go | 2 +- server/filestore.go | 44 +++++++++++++++++++++++------------------ server/jetstream.go | 6 +++--- server/jetstream_api.go | 2 +- server/stream.go | 6 +++--- 6 files changed, 37 insertions(+), 31 deletions(-) diff --git a/server/dirstore.go b/server/dirstore.go index 720657b3..b1ad4e86 100644 --- a/server/dirstore.go +++ b/server/dirstore.go @@ -91,7 +91,7 @@ func newDir(dirPath string, create bool) (string, error) { if !create { return "", err } - if err = os.MkdirAll(dirPath, 0755); err != nil { + if err = os.MkdirAll(dirPath, defaultDirPerms); err != nil { return "", err } if fullPath, err = validateDirPath(dirPath); err != nil { @@ -424,7 +424,7 @@ func (store *DirJWTStore) write(path string, publicKey string, theJWT string) (b } } } - if err := ioutil.WriteFile(path, []byte(theJWT), 0644); err != nil { + if err := ioutil.WriteFile(path, []byte(theJWT), defaultFilePerms); err != nil { return false, err } else if store.expiration != nil { store.expiration.track(publicKey, newHash, theJWT) @@ -473,7 +473,7 @@ func (store *DirJWTStore) save(publicKey string, theJWT string) error { } dirPath := filepath.Dir(path) if _, err := validateDirPath(dirPath); err != nil { - if err := os.MkdirAll(dirPath, 0755); err != nil { + if err := os.MkdirAll(dirPath, defaultDirPerms); err != nil { store.Unlock() return err } @@ -499,7 +499,7 @@ func (store *DirJWTStore) saveIfNewer(publicKey string, theJWT string) error { } dirPath := filepath.Dir(path) if _, err := validateDirPath(dirPath); err != nil { - if err := os.MkdirAll(dirPath, 0755); err != nil { + if err := os.MkdirAll(dirPath, defaultDirPerms); err != nil { return err } } diff --git a/server/disk_avail.go b/server/disk_avail.go index 8abe3e49..993f5188 100644 --- a/server/disk_avail.go +++ b/server/disk_avail.go @@ -23,7 +23,7 @@ import ( func diskAvailable(storeDir string) int64 { var ba int64 if _, err := os.Stat(storeDir); os.IsNotExist(err) { - os.MkdirAll(storeDir, 0755) + os.MkdirAll(storeDir, defaultDirPerms) } var fs syscall.Statfs_t if err := syscall.Statfs(storeDir, &fs); err == nil { diff --git a/server/filestore.go b/server/filestore.go index eec64aad..4036e5bf 100644 --- a/server/filestore.go +++ b/server/filestore.go @@ -64,6 +64,12 @@ type FileConsumerInfo struct { ConsumerConfig } +// Default file and directory permissions. +const ( + defaultDirPerms = os.FileMode(0750) + defaultFilePerms = os.FileMode(0640) +) + type fileStore struct { mu sync.RWMutex state StreamState @@ -225,7 +231,7 @@ func newFileStoreWithCreated(fcfg FileStoreConfig, cfg StreamConfig, created tim // Check the directory if stat, err := os.Stat(fcfg.StoreDir); os.IsNotExist(err) { - if err := os.MkdirAll(fcfg.StoreDir, 0755); err != nil { + if err := os.MkdirAll(fcfg.StoreDir, defaultDirPerms); err != nil { return nil, fmt.Errorf("could not create storage directory - %v", err) } } else if stat == nil || !stat.IsDir() { @@ -250,10 +256,10 @@ func newFileStoreWithCreated(fcfg FileStoreConfig, cfg StreamConfig, created tim // Check if this is a new setup. mdir := path.Join(fcfg.StoreDir, msgDir) odir := path.Join(fcfg.StoreDir, consumerDir) - if err := os.MkdirAll(mdir, 0755); err != nil { + if err := os.MkdirAll(mdir, defaultDirPerms); err != nil { return nil, fmt.Errorf("could not create message storage directory - %v", err) } - if err := os.MkdirAll(odir, 0755); err != nil { + if err := os.MkdirAll(odir, defaultDirPerms); err != nil { return nil, fmt.Errorf("could not create consumer storage directory - %v", err) } @@ -372,14 +378,14 @@ func (fs *fileStore) writeStreamMeta() error { if err != nil { return err } - if err := ioutil.WriteFile(meta, b, 0644); err != nil { + if err := ioutil.WriteFile(meta, b, defaultFilePerms); err != nil { return err } fs.hh.Reset() fs.hh.Write(b) checksum := hex.EncodeToString(fs.hh.Sum(nil)) sum := path.Join(fs.fcfg.StoreDir, JetStreamMetaFileSum) - if err := ioutil.WriteFile(sum, []byte(checksum), 0644); err != nil { + if err := ioutil.WriteFile(sum, []byte(checksum), defaultFilePerms); err != nil { return err } return nil @@ -513,7 +519,7 @@ func (mb *msgBlock) rebuildState() (*LostStreamData, error) { if mb.mfd != nil { fd = mb.mfd } else { - fd, err = os.OpenFile(mb.mfn, os.O_RDWR, 0644) + fd, err = os.OpenFile(mb.mfn, os.O_RDWR, defaultFilePerms) if err != nil { defer fd.Close() } @@ -911,7 +917,7 @@ func (fs *fileStore) newMsgBlockForWrite() (*msgBlock, error) { mdir := path.Join(fs.fcfg.StoreDir, msgDir) mb.mfn = path.Join(mdir, fmt.Sprintf(blkScan, mb.index)) - mfd, err := os.OpenFile(mb.mfn, os.O_CREATE|os.O_RDWR, 0644) + mfd, err := os.OpenFile(mb.mfn, os.O_CREATE|os.O_RDWR, defaultFilePerms) if err != nil { mb.dirtyCloseWithRemove(true) return nil, fmt.Errorf("Error creating msg block file [%q]: %v", mb.mfn, err) @@ -919,7 +925,7 @@ func (fs *fileStore) newMsgBlockForWrite() (*msgBlock, error) { mb.mfd = mfd mb.ifn = path.Join(mdir, fmt.Sprintf(indexScan, mb.index)) - ifd, err := os.OpenFile(mb.ifn, os.O_CREATE|os.O_RDWR, 0644) + ifd, err := os.OpenFile(mb.ifn, os.O_CREATE|os.O_RDWR, defaultFilePerms) if err != nil { mb.dirtyCloseWithRemove(true) return nil, fmt.Errorf("Error creating msg index file [%q]: %v", mb.mfn, err) @@ -959,7 +965,7 @@ func (fs *fileStore) enableLastMsgBlockForWriting() error { if mb.mfd != nil { return nil } - mfd, err := os.OpenFile(mb.mfn, os.O_CREATE|os.O_RDWR, 0644) + mfd, err := os.OpenFile(mb.mfn, os.O_CREATE|os.O_RDWR, defaultFilePerms) if err != nil { return fmt.Errorf("error opening msg block file [%q]: %v", mb.mfn, err) } @@ -1520,7 +1526,7 @@ func (mb *msgBlock) eraseMsg(seq uint64, ri, rl int) error { // Disk if mb.cache.off+mb.cache.wp > ri { - mfd, err := os.OpenFile(mb.mfn, os.O_RDWR, 0644) + mfd, err := os.OpenFile(mb.mfn, os.O_RDWR, defaultFilePerms) if err != nil { return err } @@ -2740,7 +2746,7 @@ func (mb *msgBlock) writeIndexInfo() error { } var err error if mb.ifd == nil { - ifd, err := os.OpenFile(mb.ifn, os.O_CREATE|os.O_RDWR, 0644) + ifd, err := os.OpenFile(mb.ifn, os.O_CREATE|os.O_RDWR, defaultFilePerms) if err != nil { return err } @@ -2939,7 +2945,7 @@ func (fs *fileStore) purge(fseq uint64) (uint64, error) { os.Rename(mdir, pdir) go os.RemoveAll(pdir) // Create new one. - os.MkdirAll(mdir, 0755) + os.MkdirAll(mdir, defaultDirPerms) // Make sure we have a lmb to write to. if _, err := fs.newMsgBlockForWrite(); err != nil { @@ -3521,7 +3527,7 @@ func (fs *fileStore) ConsumerStore(name string, cfg *ConsumerConfig) (ConsumerSt return nil, fmt.Errorf("bad consumer config") } odir := path.Join(fs.fcfg.StoreDir, consumerDir, name) - if err := os.MkdirAll(odir, 0755); err != nil { + if err := os.MkdirAll(odir, defaultDirPerms); err != nil { return nil, fmt.Errorf("could not create consumer directory - %v", err) } csi := &FileConsumerInfo{ConsumerConfig: *cfg} @@ -3886,14 +3892,14 @@ func (cfs *consumerFileStore) writeConsumerMeta() error { if err != nil { return err } - if err := ioutil.WriteFile(meta, b, 0644); err != nil { + if err := ioutil.WriteFile(meta, b, defaultFilePerms); err != nil { return err } cfs.hh.Reset() cfs.hh.Write(b) checksum := hex.EncodeToString(cfs.hh.Sum(nil)) sum := path.Join(cfs.odir, JetStreamMetaFileSum) - if err := ioutil.WriteFile(sum, []byte(checksum), 0644); err != nil { + if err := ioutil.WriteFile(sum, []byte(checksum), defaultFilePerms); err != nil { return err } return nil @@ -3912,7 +3918,7 @@ func (o *consumerFileStore) syncStateFile() { // Lock should be held. func (o *consumerFileStore) ensureStateFileOpen() error { if o.ifd == nil { - ifd, err := os.OpenFile(o.ifn, os.O_CREATE|os.O_RDWR, 0644) + ifd, err := os.OpenFile(o.ifn, os.O_CREATE|os.O_RDWR, defaultFilePerms) if err != nil { return err } @@ -4206,7 +4212,7 @@ func newTemplateFileStore(storeDir string) *templateFileStore { func (ts *templateFileStore) Store(t *streamTemplate) error { dir := path.Join(ts.dir, t.Name) - if err := os.MkdirAll(dir, 0755); err != nil { + if err := os.MkdirAll(dir, defaultDirPerms); err != nil { return fmt.Errorf("could not create templates storage directory for %q- %v", t.Name, err) } meta := path.Join(dir, JetStreamMetaFile) @@ -4219,7 +4225,7 @@ func (ts *templateFileStore) Store(t *streamTemplate) error { if err != nil { return err } - if err := ioutil.WriteFile(meta, b, 0644); err != nil { + if err := ioutil.WriteFile(meta, b, defaultFilePerms); err != nil { return err } // FIXME(dlc) - Do checksum @@ -4227,7 +4233,7 @@ func (ts *templateFileStore) Store(t *streamTemplate) error { ts.hh.Write(b) checksum := hex.EncodeToString(ts.hh.Sum(nil)) sum := path.Join(dir, JetStreamMetaFileSum) - if err := ioutil.WriteFile(sum, []byte(checksum), 0644); err != nil { + if err := ioutil.WriteFile(sum, []byte(checksum), defaultFilePerms); err != nil { return err } return nil diff --git a/server/jetstream.go b/server/jetstream.go index e4ce5f46..ac3985bf 100644 --- a/server/jetstream.go +++ b/server/jetstream.go @@ -216,7 +216,7 @@ func (s *Server) checkStoreDir(cfg *JetStreamConfig) error { // like streams and consumers. if ok { if !haveJetstreamDir { - err := os.Mkdir(filepath.Join(filepath.Dir(cfg.StoreDir), JetStreamStoreDir), 0755) + err := os.Mkdir(filepath.Join(filepath.Dir(cfg.StoreDir), JetStreamStoreDir), defaultDirPerms) if err != nil { return err } @@ -243,7 +243,7 @@ func (s *Server) enableJetStream(cfg JetStreamConfig) error { // FIXME(dlc) - Allow memory only operation? if stat, err := os.Stat(cfg.StoreDir); os.IsNotExist(err) { - if err := os.MkdirAll(cfg.StoreDir, 0755); err != nil { + if err := os.MkdirAll(cfg.StoreDir, defaultDirPerms); err != nil { return fmt.Errorf("could not create storage directory - %v", err) } } else { @@ -866,7 +866,7 @@ func (a *Account) EnableJetStream(limits *JetStreamAccountLimits) error { sdir := path.Join(jsa.storeDir, streamsDir) if _, err := os.Stat(sdir); os.IsNotExist(err) { - if err := os.MkdirAll(sdir, 0755); err != nil { + if err := os.MkdirAll(sdir, defaultDirPerms); err != nil { return fmt.Errorf("could not create storage streams directory - %v", err) } } diff --git a/server/jetstream_api.go b/server/jetstream_api.go index dc435890..44a3dc47 100644 --- a/server/jetstream_api.go +++ b/server/jetstream_api.go @@ -2632,7 +2632,7 @@ func (s *Server) processStreamRestore(ci *ClientInfo, acc *Account, cfg *StreamC snapDir := path.Join(js.config.StoreDir, snapStagingDir) if _, err := os.Stat(snapDir); os.IsNotExist(err) { - if err := os.MkdirAll(snapDir, 0755); err != nil { + if err := os.MkdirAll(snapDir, defaultDirPerms); err != nil { resp.Error = &ApiError{Code: 503, Description: "JetStream unable to create temp storage for restore"} s.sendAPIErrResponse(ci, acc, subject, reply, string(msg), s.jsonResponse(&resp)) return nil diff --git a/server/stream.go b/server/stream.go index 1e11d093..d384820b 100644 --- a/server/stream.go +++ b/server/stream.go @@ -3240,7 +3240,7 @@ func (a *Account) RestoreStream(ncfg *StreamConfig, r io.Reader) (*stream, error sd := path.Join(jsa.storeDir, snapsDir) if _, err := os.Stat(sd); os.IsNotExist(err) { - if err := os.MkdirAll(sd, 0755); err != nil { + if err := os.MkdirAll(sd, defaultDirPerms); err != nil { return nil, fmt.Errorf("could not create snapshots directory - %v", err) } } @@ -3249,7 +3249,7 @@ func (a *Account) RestoreStream(ncfg *StreamConfig, r io.Reader) (*stream, error return nil, err } if _, err := os.Stat(sdir); os.IsNotExist(err) { - if err := os.MkdirAll(sdir, 0755); err != nil { + if err := os.MkdirAll(sdir, defaultDirPerms); err != nil { return nil, fmt.Errorf("could not create snapshots directory - %v", err) } } @@ -3266,7 +3266,7 @@ func (a *Account) RestoreStream(ncfg *StreamConfig, r io.Reader) (*stream, error } fpath := path.Join(sdir, filepath.Clean(hdr.Name)) pdir := filepath.Dir(fpath) - os.MkdirAll(pdir, 0750) + os.MkdirAll(pdir, defaultDirPerms) fd, err := os.OpenFile(fpath, os.O_CREATE|os.O_RDWR, 0600) if err != nil { return nil, err