"fmt"
"io/fs"
"os"
+ "runtime"
"syscall"
"testing"
t.Fatal(err)
}
+ // Regular users cannot create sticky files
+ skipInvalidSticky := os.Getuid() != 0 &&
+ (runtime.GOOS == "freebsd" || runtime.GOOS == "openbsd")
+
chmod("files-invalid-perm-dir/files", 0500)
defer chmod("files-invalid-perm-dir/files", 0700)
chmod("files-invalid-perm-dir/files/etc/", 0755)
chmod("files-invalid-perm-file-executable/files", 0755)
chmod("files-invalid-perm-file-executable/files/etc", 0755)
chmod("files-invalid-perm-file-executable/files/etc/rc.local", 0750)
- chmod("files-invalid-perm-file-sticky/files", 0755)
- chmod("files-invalid-perm-file-sticky/files/etc", 0755)
- chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644)
+ if !skipInvalidSticky {
+ chmod("files-invalid-perm-file-sticky/files", 0755)
+ chmod("files-invalid-perm-file-sticky/files/etc", 0755)
+ chmod("files-invalid-perm-file-sticky/files/etc/resolv.conf", 01644)
+ }
err = syscall.Mkfifo("files-invalid-type/files/invalid", 0644)
if err != nil {
defer os.Remove("files-invalid-type/files/invalid")
const errMsg = `
+
The actual permissions and user/group of files and directories are not used
(except for +x on files). 0644/0755 and current remote user/group is used per
default. Apply different file permissions via permissions.yaml. To prevent
tests := []struct {
group string
+ skip bool
exp map[string]*safcm.File
expErr error
}{
{
"empty",
+ false,
nil,
nil,
},
{
"group",
+ false,
map[string]*safcm.File{
"/": {
Path: "/",
{{if .InGroup "detected_freebsd"}}
This is FreeBSD host
{{end}}
+
+{{if .InGroup "all"}}
+all
+{{end}}
+{{if .InGroup "host1.example.org"}}
+host1.example.org
+{{end}}
+{{if .InGroup "host2"}}
+host2
+{{end}}
+{{if .InGroup "host3.example.net"}}
+host3.example.net
+{{end}}
`),
},
"/etc/rc.local": {
{
"files-invalid-type",
+ false,
nil,
fmt.Errorf("files-invalid-type: \"files-invalid-type/files/invalid\": file type not supported"),
},
{
"files-invalid-perm-dir",
+ false,
nil,
fmt.Errorf("files-invalid-perm-dir: \"files-invalid-perm-dir/files\": invalid permissions 0500" + errMsg),
},
{
"files-invalid-perm-dir-setgid",
+ false,
nil,
fmt.Errorf("files-invalid-perm-dir-setgid: \"files-invalid-perm-dir-setgid/files/etc\": invalid permissions 02755" + errMsg),
},
{
"files-invalid-perm-file",
+ false,
nil,
fmt.Errorf("files-invalid-perm-file: \"files-invalid-perm-file/files/etc/resolv.conf\": invalid permissions 0600" + errMsg),
},
{
"files-invalid-perm-file-executable",
+ false,
nil,
fmt.Errorf("files-invalid-perm-file-executable: \"files-invalid-perm-file-executable/files/etc/rc.local\": invalid permissions 0750" + errMsg),
},
{
"files-invalid-perm-file-sticky",
+ skipInvalidSticky,
nil,
fmt.Errorf("files-invalid-perm-file-sticky: \"files-invalid-perm-file-sticky/files/etc/resolv.conf\": invalid permissions 01644" + errMsg),
},
for _, tc := range tests {
t.Run(tc.group, func(t *testing.T) {
+ if tc.skip {
+ t.SkipNow()
+ }
+
res, err := LoadFiles(tc.group)
testutil.AssertEqual(t, "res", res, tc.exp)
testutil.AssertErrorEqual(t, "err", err, tc.expErr)