feature: added config file permissions check

cuprumtan · cuprumtan · commit 19c9a7ae84d6 · 2022-06-15T14:28:18.000+03:00
diff --git a/github-actions-tests/mamonsu_build.sh b/github-actions-tests/mamonsu_build.sh
@@ -76,6 +76,8 @@ elif [ "${OS%:*}" = "ubuntu" ]; then
     sudo touch /etc/mamonsu/agent.conf
     cat /mamonsu/github-actions-tests/sources/agent_3.4.0.conf > /etc/mamonsu/agent.conf
     chmod -R 777 /etc/mamonsu/
+    sudo chmod 600 /etc/mamonsu/agent.conf
+    sudo chown mamonsu:mamonsu /etc/mamonsu/agent.conf
     sudo apt-get -y install ./mamonsu*.deb
     service mamonsu restart
     sleep 5
diff --git a/mamonsu/lib/config.py b/mamonsu/lib/config.py
@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
+import pwd
 import socket
 import os
 import logging
@@ -79,6 +80,17 @@ def __init__(self, cfg_file=None, plugin_directories=None):
                 sys.stderr.write('Config file is empty: {0}\n'.format(cfg_file))
                 sys.exit(1)
             if cfg_file is not None:
+                if platform.LINUX:
+                    config_status = int(repr(oct(os.stat(cfg_file).st_mode))[:-1][-3:])
+                    config_owner = pwd.getpwuid(os.stat(cfg_file).st_uid).pw_name
+                    if not (config_status == 600 and config_owner == "mamonsu"):
+                        logging.info(
+                            "Shut down because of incorrect config file {0} permissions. It must be r/w for mamonsu user only (600).".format(
+                                cfg_file))
+                        sys.stderr.write(
+                            "Please, check your config file {0} permissions. It must be r/w for mamonsu user only (600).\n".format(
+                                cfg_file))
+                        sys.exit(1)
                 self.config.read_file(open(cfg_file))
 
         plugins = self.fetch('plugins', 'directory', str)
