Skip to content

Fix annoying "permission denied" when saving running-config #979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Mar 11, 2025
Merged

Fix annoying "permission denied" when saving running-config #979

merged 11 commits into from
Mar 11, 2025

Conversation

troglobit
Copy link
Contributor

Description

Fixes #977

Checklist

Tick relevant boxes, this PR is-a or has-a:

  • Bugfix
    • Regression tests
    • ChangeLog updates (for next release)
  • Feature
    • YANG model change => revision updated?
    • Regression tests added?
    • ChangeLog updates (for next release)
    • Documentation added?
  • Test changes
    • Checked in changed Readme.adoc (make test-spec)
    • Added new test to group Readme.adoc and yaml file
  • Code style update (formatting, renaming)
  • Refactoring (please detail in commit messages)
  • Build related changes
  • Documentation content changes
    • ChangeLog updated (for major changes)
  • Other (please describe):

troglobit added 5 commits March 9, 2025 16:44
@troglobit
bin: copy: reduce confusion username vs user -> remote_user
df1fc6f 
For future readers, the user paramenter to the copy() function is
actually the remote user in any curl command.

Also, realign columns in infix_config[].

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
bin: copy: set group owner on (new) files
5021a1d 
When copying a file to a directory, the file should be accessible (read
+ write) by all members of the group that are allowed write access.

E.g., an 'admin' level user creating a new file /cfg/foo.cfg should
result in the file being owned by $LOGNAME:wheel with 0660 perms,
because /cfg is root:wheel.

Writing to already existing file, e.g., created by 'root' at first boot,
say /cfg/startup-config.cfg should be possible by all members of the
'wheel' group.  In this case thef file already exists as root:wheel and
any user trying to chgrp it will fail, this is fine.

Fixes #977

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
cli: show file extension of copy src and dst on tab completion
82df624 
As per earlier decsision, the .cfg suffix is no longer implied when a
user copy to a regular file, so we should allow tab completion in the
copy command to show foo.cfg, otherwise the copy command will fail.

Skip /cfg/startup-config.cfg since it's treated as a special case and
added to the list by the infix_datastore() plugin function.

Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
cli: fix dir command's $HOME when not logged in as root
496d56e 
Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit
doc: update ChangeLog with copy command fix
4998e32 
Signed-off-by: Joachim Wiberg <[email protected]>
@troglobit troglobit requested a review from jovatn March 9, 2025 15:50
@troglobit troglobit mentioned this pull request Mar 9, 2025
Merged
17 tasks
wkz
wkz reviewed Mar 9, 2025
View reviewed changes
src/bin/copy.c
Comment on lines +90 to +92
* E.g., writing to /cfg/foo, where /cfg is owned by root:wheel,
* should result in the file being owned by $LOGNAME:wheel with
* 0660 perms for other users in same group.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we made sure that we create startup with g+s, could we rely on the kernel to handle this logic for us?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we made sure that we create startup with g+s, could we rely on the kernel to handle this logic for us?

You mean on /cfg, I assume. Yes, but I was worrying about bind + overlay mounts, as well as external media with vfat/exfat file systems.

@jovatn jovatn requested review from rical and removed request for jovatn March 10, 2025 07:21
rical
rical reviewed Mar 10, 2025
View reviewed changes
src/bin/copy.c
return 0;
}

getgrouplist(user, pw->pw_gid, groups, &num);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't there's a theoretical race here, if the user is added to a group after the last call to getgrouplist()? If so, perhaps it's worth wrapping this in an if (..... != -1).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is, wrapping it with a realloc() is probably a good idea to be safer.

src/bin/copy.c Outdated
return 0;

strlcpy(dir, fn, sizeof(dir));
ptr = strrchr(dir, '/');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this block use dirname() to make it easier to understand?

@jovatn jovatn added this to the Infix v25.02 milestone Mar 10, 2025
@troglobit
Copy link
Contributor Author

CCB: assigning to @rical to fix the comments. Thanks!

rical added 5 commits March 10, 2025 14:52
@rical
bin: copy: use NGROUPS_MAX when probing user groups
03437fc 
Avoid a theoretical race between getting the number of groups a user
belongs to and actually processing them. We should not need to check
the return value of getgrouplist() as we know the number of groups fit
inside the buffer.

Signed-off-by: Richard Alpe <[email protected]>
@rical
bin: copy: use dirname() to derive parent directory
5d99c12 
Cosmetic change intended to improve code readability.

Signed-off-by: Richard Alpe <[email protected]>
@rical
bin: copy: save errno in chown error path
dd788f5 
Prior to this patch the errno value was overwritten by getgrgid()
making the printouts invalid:

Error: setting group owner wheel (10) on /cfg/startup-config.cfg:
Success

Signed-off-by: Richard Alpe <[email protected]>
@rical
bin: copy: add newline to same-same error message
95931c8 
Signed-off-by: Richard Alpe <[email protected]>
@rical
bin: copy: fix segfault for one argument
b8fc8b7 
The code assumes both SRC and DST is passed, here we ensure this
early.

Prior to this patch:
root@host:~$ copy foo
Segmentation fault (core dumped)

Signed-off-by: Richard Alpe <[email protected]>
troglobit
troglobit commented Mar 11, 2025
View reviewed changes
Copy link
Contributor Author

@troglobit troglobit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, looks good to me!

Unfortunately our policies prevent me from approving my own PR, so maybe @jovatn can make the formal approval?

mattiaswal
mattiaswal requested changes Mar 11, 2025
View reviewed changes
Copy link
Contributor

@mattiaswal mattiaswal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment

mattiaswal
mattiaswal approved these changes Mar 11, 2025
View reviewed changes
Copy link
Contributor

@mattiaswal mattiaswal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mattiaswal mattiaswal merged commit 2291e9f into main Mar 11, 2025
6 checks passed
@mattiaswal mattiaswal deleted the copy-owner branch March 11, 2025 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wkz wkz wkz left review comments

@rical rical rical left review comments

@mattiaswal mattiaswal mattiaswal approved these changes

Assignees

@rical rical

Labels

None yet

Projects

None yet

Milestone

Infix v25.02

Development

Successfully merging this pull request may close these issues.

Permission error message when 'copy running-config startup-config'

5 participants

@troglobit @wkz @rical @mattiaswal @jovatn