summaryrefslogtreecommitdiff
path: root/cloudinit
diff options
context:
space:
mode:
authorLars Kellogg-Stedman <lars@redhat.com>2017-04-10 15:52:37 -0400
committerScott Moser <smoser@brickies.net>2017-04-12 11:20:27 -0400
commit721348a622a660b65acfdf7fdf53203b47f80748 (patch)
tree0b0f58342c8bc5cf5cfd1514095cb25b259f0052 /cloudinit
parent493f6c3e923902d5d4f3d87e1cc4c726ea90ada4 (diff)
downloadvyos-cloud-init-721348a622a660b65acfdf7fdf53203b47f80748.tar.gz
vyos-cloud-init-721348a622a660b65acfdf7fdf53203b47f80748.zip
util: teach write_file about copy_mode option
On centos/fedora/rhel/derivatives, /etc/ssh/sshd_config has mode 0600, but cloud-init unilaterally sets file modes to 0644 when no explicit mode is passed to util.write_file. On ubuntu/debian, this file has mode 0644. With this patch, write_file learns about the copy_mode option, which will cause it to use the mode of the existing file by default, falling back to the explicit mode parameter if the file does not exist. LP: #1644064 Resolves: rhbz#1295984
Diffstat (limited to 'cloudinit')
-rw-r--r--cloudinit/atomic_helper.py12
-rwxr-xr-xcloudinit/config/cc_set_passwords.py3
-rw-r--r--cloudinit/util.py10
3 files changed, 22 insertions, 3 deletions
diff --git a/cloudinit/atomic_helper.py b/cloudinit/atomic_helper.py
index fb2df8d5..587b9945 100644
--- a/cloudinit/atomic_helper.py
+++ b/cloudinit/atomic_helper.py
@@ -2,13 +2,23 @@
import json
import os
+import stat
import tempfile
_DEF_PERMS = 0o644
-def write_file(filename, content, mode=_DEF_PERMS, omode="wb"):
+def write_file(filename, content, mode=_DEF_PERMS,
+ omode="wb", copy_mode=False):
# open filename in mode 'omode', write content, set permissions to 'mode'
+
+ if copy_mode:
+ try:
+ file_stat = os.stat(filename)
+ mode = stat.S_IMODE(file_stat.st_mode)
+ except OSError:
+ pass
+
tf = None
try:
tf = tempfile.NamedTemporaryFile(dir=os.path.dirname(filename),
diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
index eb0bdab0..bb24d57f 100755
--- a/cloudinit/config/cc_set_passwords.py
+++ b/cloudinit/config/cc_set_passwords.py
@@ -215,7 +215,8 @@ def handle(_name, cfg, cloud, log, args):
pw_auth))
lines = [str(l) for l in new_lines]
- util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
+ util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines),
+ copy_mode=True)
try:
cmd = cloud.distro.init_cmd # Default service
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 17abdf81..6940850c 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -1688,7 +1688,7 @@ def chmod(path, mode):
os.chmod(path, real_mode)
-def write_file(filename, content, mode=0o644, omode="wb"):
+def write_file(filename, content, mode=0o644, omode="wb", copy_mode=False):
"""
Writes a file with the given content and sets the file mode as specified.
Resotres the SELinux context if possible.
@@ -1698,6 +1698,14 @@ def write_file(filename, content, mode=0o644, omode="wb"):
@param mode: The filesystem mode to set on the file.
@param omode: The open mode used when opening the file (w, wb, a, etc.)
"""
+
+ if copy_mode:
+ try:
+ file_stat = os.stat(filename)
+ mode = stat.S_IMODE(file_stat.st_mode)
+ except OSError:
+ pass
+
ensure_dir(os.path.dirname(filename))
if 'b' in omode.lower():
content = encode_text(content)