Skip to content

Add permission error when user cannot write to /etc/nginx folder #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jan 17, 2025
Merged

Add permission error when user cannot write to /etc/nginx folder #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ffe22f9
Add permission error when user cannot write to /etc/nginx folder
Dec 30, 2024
0c814cb
Fake main directory in tests, add unit test for checking permissions
Dec 30, 2024
97357f1
Remove unneeded import
Dec 30, 2024
ba4fcde
Merge branch 'ByteInternet:master' into master
poespas Jan 16, 2025
71c883a
Change unit test to test the check_can_write_to_main_config_dir function
Jan 16, 2025
7e4f1ca
Fix linting issues
Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions nginx_config_reloader/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
MAGENTO1_CONF,
MAGENTO2_CONF,
MAGENTO_CONF,
MAIN_CONFIG_DIR,
NGINX,
NGINX_PID_FILE,
UNPRIVILEGED_GID,
Expand Down Expand Up @@ -133,6 +134,9 @@ def install_magento_config(self):
# Move temporary symlink to actual location, overwriting existing link or file
os.rename(MAGENTO_CONF_NEW, MAGENTO_CONF)

def check_can_write_to_main_config_dir(self):
return os.access(MAIN_CONFIG_DIR, os.W_OK)

def check_no_forbidden_config_directives_are_present(self):
"""
Loop over the :FORBIDDEN_CONFIG_REGEX: to check if nginx config directory contains forbidden configuration
Expand Down Expand Up @@ -197,6 +201,12 @@ def _apply(self):
if self.check_no_forbidden_config_directives_are_present():
return False

if not self.check_can_write_to_main_config_dir():
self.logger.error(
"No write permissions to main nginx config directory, please check your permissions."
)
return False

if not self.no_magento_config:
try:
self.install_magento_config()
Expand Down
14 changes: 14 additions & 0 deletions tests/test_nginx_config_reloader.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,12 @@ def setUp(self):
self.source = mkdtemp()
self.dest = mkdtemp()
self.backup = mkdtemp()
self.main = mkdtemp()
_, self.mag_conf = mkstemp(text=True)
_, self.mag1_conf = mkstemp(text=True)
_, self.mag2_conf = mkstemp(text=True)

nginx_config_reloader.MAIN_CONFIG_DIR = self.main
nginx_config_reloader.DIR_TO_WATCH = self.source
nginx_config_reloader.CUSTOM_CONFIG_DIR = self.dest
nginx_config_reloader.BACKUP_CONFIG_DIR = self.backup
Expand All @@ -49,6 +51,7 @@ def tearDown(self):
shutil.rmtree(self.source, ignore_errors=True)
shutil.rmtree(self.dest, ignore_errors=True)
shutil.rmtree(self.backup, ignore_errors=True)
shutil.rmtree(self.main, ignore_errors=True)
for f in [self.mag_conf, self.mag1_conf, self.mag2_conf]:
try:
os.unlink(f)
Expand Down Expand Up @@ -646,6 +649,17 @@ def test_permissions_are_masked_for_file_in_subdir(self):
& stat.S_IXOTH
)

def test_no_permission_to_main_config_dir(self):
os.chmod(self.main, 0o400) # Read-only

tm = self._get_nginx_config_reloader_instance()
try:
result = tm.check_can_write_to_main_config_dir()
self.assertFalse(result)
finally:
# Restore permissions after test
os.chmod(self.main, 0o700)

def _get_nginx_config_reloader_instance(
self,
no_magento_config=False,
Expand Down
Loading