Class: Inspec::Resources::UnixFilePermissions
Instance Attribute Summary
#inspec
Instance Method Summary
collapse
#initialize
Instance Method Details
#check_file_permission_by_mask(file, access_type, usergroup, specific_user) ⇒ Object
183
184
185
186
187
188
189
|
# File 'lib/resources/file.rb', line 183
def check_file_permission_by_mask(file, access_type, usergroup, specific_user)
usergroup = usergroup_for(usergroup, specific_user)
flag = permission_flag(access_type)
mask = file.unix_mode_mask(usergroup, flag)
raise 'Invalid usergroup/owner provided' if mask.nil?
(file.mode & mask) != 0
end
|
#check_file_permission_by_user(access_type, user, path) ⇒ Object
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
# File 'lib/resources/file.rb', line 191
def check_file_permission_by_user(access_type, user, path)
flag = permission_flag(access_type)
if inspec.os.linux?
perm_cmd = "su -s /bin/sh -c \"test -#{flag} #{path}\" #{user}"
elsif inspec.os.bsd? || inspec.os.solaris?
perm_cmd = "sudo -u #{user} test -#{flag} #{path}"
elsif inspec.os.aix?
perm_cmd = "su #{user} -c test -#{flag} #{path}"
elsif inspec.os.hpux?
perm_cmd = "su #{user} -c \"test -#{flag} #{path}\""
else
return skip_resource 'The `file` resource does not support `by_user` on your OS.'
end
cmd = inspec.command(perm_cmd)
cmd.exit_status == 0 ? true : false
end
|
#permission_flag(access_type) ⇒ Object
160
161
162
163
164
165
166
167
168
169
170
171
|
# File 'lib/resources/file.rb', line 160
def permission_flag(access_type)
case access_type
when 'read'
'r'
when 'write'
'w'
when 'execute'
'x'
else
raise 'Invalid access_type provided'
end
end
|
#usergroup_for(usergroup, specific_user) ⇒ Object
173
174
175
176
177
178
179
180
181
|
# File 'lib/resources/file.rb', line 173
def usergroup_for(usergroup, specific_user)
if usergroup == 'others'
'other'
elsif (usergroup.nil? || usergroup.empty?) && specific_user.nil?
'all'
else
usergroup
end
end
|