pkg: check file stats

modify file util.
etcd-io · Apr 20, 2020 · b6fa073 · b6fa073
1 parent 1166b1f
commit b6fa073
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 12 deletions.
diff --git a/etcdmain/etcd.go b/etcdmain/etcd.go
@@ -260,9 +260,16 @@ func startProxy(cfg *config) error {
 	}
 
 	cfg.ec.Dir = filepath.Join(cfg.ec.Dir, "proxy")
-	err = os.MkdirAll(cfg.ec.Dir, fileutil.PrivateDirMode)
-	if err != nil {
-		return err
+	if fileutil.Exist(cfg.ec.Dir) {
+		err := fileutil.CheckPermission(cfg.ec.Dir, fileutil.PrivateDirMode)
+		if err != nil {
+			return err
+		}
+	} else {
+		err = os.MkdirAll(cfg.ec.Dir, fileutil.PrivateDirMode)
+		if err != nil {
+			return err
+		}
 	}
 
 	var peerURLs []string

diff --git a/pkg/fileutil/fileutil.go b/pkg/fileutil/fileutil.go
@@ -42,14 +42,22 @@ func IsDirWriteable(dir string) error {
 // TouchDirAll is similar to os.MkdirAll. It creates directories with 0700 permission if any directory
 // does not exists. TouchDirAll also ensures the given directory is writable.
 func TouchDirAll(dir string) error {
-	// If path is already a directory, MkdirAll does nothing
-	// and returns nil.
-	err := os.MkdirAll(dir, PrivateDirMode)
-	if err != nil {
-		// if mkdirAll("a/text") and "text" is not
-		// a directory, this will return syscall.ENOTDIR
-		return err
+	// If path is already a directory, MkdirAll does nothing and returns nil, so,
+	// first check if dir exist with an expected permission mode.
+	if Exist(dir) {
+		err := CheckPermission(dir, PrivateDirMode)
+		if err != nil {
+			return err
+		}
+	} else {
+		err := os.MkdirAll(dir, PrivateDirMode)
+		if err != nil {
+			// if mkdirAll("a/text") and "text" is not
+			// a directory, this will return syscall.ENOTDIR
+			return err
+		}
 	}
+
 	return IsDirWriteable(dir)
 }
 
@@ -104,3 +112,22 @@ func ZeroToEnd(f *os.File) error {
 	_, err = f.Seek(off, io.SeekStart)
 	return err
 }
+
+// CheckPermission checks permission on an existing dir or a file.
+// Returns error if dir or file empty or exist with a different permission than specified.
+func CheckPermission(dir string, perm os.FileMode) error {
+	if !Exist(dir) {
+		return fmt.Errorf("directory %q empty, cannot check permission.", dir)
+	}
+	//check the existing permission on the directory
+	dirInfo, err := os.Stat(dir)
+	if err != nil {
+		return err
+	}
+	dirMode := dirInfo.Mode().Perm()
+	if dirMode != perm {
+		err = fmt.Errorf("directory %q exist without desired file permission. %q", dir, dirInfo.Mode())
+		return err
+	}
+	return nil
+}
diff --git a/pkg/fileutil/fileutil_test.go b/pkg/fileutil/fileutil_test.go
@@ -173,3 +173,21 @@ func TestZeroToEnd(t *testing.T) {
 		}
 	}
 }
+
+func TestDirPermission(t *testing.T) {
+	tmpdir, err := ioutil.TempDir(os.TempDir(), "foo")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmpdir)
+
+	tmpdir2 := filepath.Join(tmpdir, "testpermission")
+	// create a new dir with 0700
+	if err = CreateDirAll(tmpdir2); err != nil {
+		t.Fatal(err)
+	}
+	// check dir permission with mode different than created dir
+	if err = CheckPermission(tmpdir2, 0600); err == nil {
+		t.Errorf("expected error, got nil")
+	}
+}
diff --git a/pkg/transport/listener.go b/pkg/transport/listener.go
@@ -31,6 +31,7 @@ import (
 	"strings"
 	"time"
 
+	"go.etcd.io/etcd/pkg/fileutil"
 	"go.etcd.io/etcd/pkg/tlsutil"
 
 	"go.uber.org/zap"
@@ -114,8 +115,15 @@ func (info TLSInfo) Empty() bool {
 }
 
 func SelfCert(lg *zap.Logger, dirpath string, hosts []string, additionalUsages ...x509.ExtKeyUsage) (info TLSInfo, err error) {
-	if err = os.MkdirAll(dirpath, 0700); err != nil {
-		return
+	if fileutil.Exist(dirpath) {
+		err = fileutil.CheckPermission(dirpath, fileutil.PrivateDirMode)
+		if err != nil {
+			return
+		}
+	} else {
+		if err = os.MkdirAll(dirpath, fileutil.PrivateDirMode); err != nil {
+			return
+		}
 	}
 	info.Logger = lg