diff options
| author | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2007-02-01 16:15:36 +0000 |
|---|---|---|
| committer | luke <luke@980ebf18-57e1-0310-9a29-db15c13687c0> | 2007-02-01 16:15:36 +0000 |
| commit | 1d059b0b363aee47cfb776aebcdfc829000e4822 (patch) | |
| tree | 3bdc0edb1b97085008d7ea092c81d439f5d82aba | |
| parent | 69a07b1d856efaba9bba8c9cccc8a4f11efcbfdd (diff) | |
| download | puppet-1d059b0b363aee47cfb776aebcdfc829000e4822.tar.gz puppet-1d059b0b363aee47cfb776aebcdfc829000e4822.tar.xz puppet-1d059b0b363aee47cfb776aebcdfc829000e4822.zip | |
Fixing #470, I think. I basically just threw away the validation and let suidmanager do it all when running commands.
git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2150 980ebf18-57e1-0310-9a29-db15c13687c0
| -rwxr-xr-x | lib/puppet/type/exec.rb | 45 | ||||
| -rwxr-xr-x | test/types/exec.rb | 23 |
2 files changed, 29 insertions, 39 deletions
diff --git a/lib/puppet/type/exec.rb b/lib/puppet/type/exec.rb index 7ab54ade6..04ba9fa6c 100755 --- a/lib/puppet/type/exec.rb +++ b/lib/puppet/type/exec.rb @@ -190,27 +190,11 @@ module Puppet use this then any error output is not currently captured. This is because of a bug within Ruby." - munge do |user| + # Most validation is handled by the SUIDManager class. + validate do |user| unless Puppet::SUIDManager.uid == 0 self.fail "Only root can execute commands as other users" end - require 'etc' - - method = :getpwnam - case user - when Integer - method = :getpwuid - when /^\d+$/ - user = user.to_i - method = :getpwuid - end - begin - Etc.send(method, user) - rescue ArgumentError - self.fail "No such user %s" % user - end - - return user end end @@ -219,26 +203,7 @@ module Puppet haphazardly on different platforms -- it is a platform issue not a Ruby or Puppet one, since the same variety exists when running commnands as different users in the shell." - - # Execute the command as the specified group - munge do |group| - require 'etc' - method = :getgrnam - case group - when Integer: method = :getgrgid - when /^\d+$/ - group = group.to_i - method = :getgrgid - end - - begin - Etc.send(method, group) - rescue ArgumentError - self.fail "No such group %s" % group - end - - group - end + # Validation is handled by the SUIDManager class. end newparam(:cwd) do @@ -578,7 +543,9 @@ module Puppet withenv env do Timeout::timeout(self[:timeout]) do - output, status = Puppet::SUIDManager.run_and_capture([command], self[:user], self[:group]) + output, status = Puppet::SUIDManager.run_and_capture( + [command], self[:user], self[:group] + ) end # The shell returns 127 if the command is missing. if status.exitstatus == 127 diff --git a/test/types/exec.rb b/test/types/exec.rb index 7dc5fca29..918fa62be 100755 --- a/test/types/exec.rb +++ b/test/types/exec.rb @@ -618,6 +618,29 @@ and stuff" assert_apply(exec) end + + # Testing #470 + def test_run_as_created_user + exec = nil + if Process.uid == 0 + user = "nosuchuser" + assert_nothing_raised("Could not create exec with non-existent user") do + exec = Puppet::Type.type(:exec).create( + :command => "/bin/echo yay", + :user => user + ) + end + end + + # Now try the group + group = "nosuchgroup" + assert_nothing_raised("Could not create exec with non-existent user") do + exec = Puppet::Type.type(:exec).create( + :command => "/bin/echo yay", + :group => group + ) + end + end end # $Id$ |