From 06312ddf1827c03e8d0b5f883eb622c547822d9d Mon Sep 17 00:00:00 2001 From: Todd Gamblin Date: Fri, 30 Dec 2022 01:24:35 -0800 Subject: [PATCH] bugfix: setgid tests fail when primary group is unknown (#34729) On systems with remote groups, the primary user group may be remote and may not exist on the local system (i.e., it might just be a number). On the CLI, it looks like this: ```console > touch foo > l foo -rw-r--r-- 1 gamblin2 57095 0 Dec 29 22:24 foo > chmod 2000 foo chmod: changing permissions of 'foo': Operation not permitted ``` Here, the local machine doesn't know about per-user groups, so they appear as gids in `ls` output. `57095` is also `gamblin2`'s uid, but the local machine doesn't know that `gamblin2` is in the `57095` group. Unfortunately, it seems that Python's `os.chmod()` just fails silently, setting permissions to `0o0000` instead of `0o2000`. We can avoid this by ensuring that the file has a group the user is known to be a member of. - [x] Add `ensure_known_group()` in the permissions tests. - [x] Call `ensure_known_group()` on tempfile in `test_chmod_real_entries_ignores_suid_sgid`. --- lib/spack/spack/test/permissions.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/spack/spack/test/permissions.py b/lib/spack/spack/test/permissions.py index 06814695de..0297bb2d8e 100644 --- a/lib/spack/spack/test/permissions.py +++ b/lib/spack/spack/test/permissions.py @@ -16,6 +16,18 @@ pytestmark = pytest.mark.skipif(sys.platform == "win32", reason="chmod unsupported on Windows") +def ensure_known_group(path): + """Ensure that the group of a file is one that's actually in our group list. + + On systems with remote groups, the primary user group may be remote and may not + exist on the local system (i.e., it might just be a number). Trying to use chmod to + setgid can fail silently in situations like this. + """ + uid = os.getuid() + gid = fs.group_ids(uid)[0] + os.chown(path, uid, gid) + + def test_chmod_real_entries_ignores_suid_sgid(tmpdir): path = str(tmpdir.join("file").ensure()) mode = stat.S_ISUID | stat.S_ISGID | stat.S_ISVTX @@ -50,6 +62,8 @@ def test_chmod_rejects_world_writable_suid(tmpdir): def test_chmod_rejects_world_writable_sgid(tmpdir): path = str(tmpdir.join("file").ensure()) + ensure_known_group(path) + mode = stat.S_ISGID fs.chmod_x(path, mode)