From d3b125132be76bd82432716c2b8c905668615660 Mon Sep 17 00:00:00 2001 From: teru Date: Thu, 11 Aug 2016 16:04:25 +0900 Subject: [PATCH] Set permission/owner/group when creating files or directories #3 --- aliasdomain.go | 2 +- aliasuser.go | 2 +- catchalluser.go | 4 ++-- database.go | 18 ++++++++++++++++++ domain.go | 20 ++++++++++++++++---- repository.go | 4 ++-- user.go | 12 +++++++++--- 7 files changed, 49 insertions(+), 13 deletions(-) diff --git a/aliasdomain.go b/aliasdomain.go index 9728caa..b1fc2f7 100644 --- a/aliasdomain.go +++ b/aliasdomain.go @@ -184,7 +184,7 @@ func (r *Repository) AliasDomainRemove(aliasDomainName string) error { // writeAliasDomainsFile writes a AliasDomain slice to the file. func (r *Repository) writeAliasDomainsFile(aliasDomains []*AliasDomain) error { - file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, FileNameAliasDomains), os.O_RDWR|os.O_TRUNC, 0666) + file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, FileNameAliasDomains), os.O_RDWR|os.O_TRUNC, 0600) if err != nil { return err } diff --git a/aliasuser.go b/aliasuser.go index 8389258..647bcfe 100644 --- a/aliasuser.go +++ b/aliasuser.go @@ -227,7 +227,7 @@ func (r *Repository) writeAliasUsersFile(domainName string, aliasUsers []*AliasU return ErrInvalidDomainName } - file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameAliasUsers), os.O_RDWR|os.O_TRUNC, 0666) + file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameAliasUsers), os.O_RDWR|os.O_TRUNC, 0600) if err != nil { return err } diff --git a/catchalluser.go b/catchalluser.go index 7fa2c9a..2853afb 100644 --- a/catchalluser.go +++ b/catchalluser.go @@ -77,7 +77,7 @@ func (r *Repository) CatchAllUserSet(domainName string, catchAllUser *CatchAllUs return ErrUserNotExist } - file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameCatchAllUser), os.O_RDWR|os.O_TRUNC, 0666) + file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameCatchAllUser), os.O_RDWR|os.O_TRUNC, 0600) if err != nil { return err } @@ -100,7 +100,7 @@ func (r *Repository) CatchAllUserUnset(domainName string) error { return ErrDomainNotExist } - file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameCatchAllUser), os.O_RDWR|os.O_TRUNC, 0666) + file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameCatchAllUser), os.O_RDWR|os.O_TRUNC, 0600) if err != nil { return err } diff --git a/database.go b/database.go index 71c02c5..6cc5ad8 100644 --- a/database.go +++ b/database.go @@ -64,6 +64,9 @@ func (r *Repository) generateDbDomains(md *MailData) error { if err != nil { return err } + if err := dbDomains.Chown(r.uid, r.gid); err != nil { + return err + } defer dbDomains.Close() for _, domain := range md.Domains { @@ -86,6 +89,9 @@ func (r *Repository) generateDbDestinations(md *MailData) error { if err != nil { return err } + if err := dbDestinations.Chown(r.uid, r.gid); err != nil { + return err + } defer dbDestinations.Close() for _, domain := range md.Domains { @@ -141,6 +147,9 @@ func (r *Repository) generateDbMaildirs(md *MailData) error { if err != nil { return err } + if err := dbMaildirs.Chown(r.uid, r.gid); err != nil { + return err + } defer dbMaildirs.Close() for _, domain := range md.Domains { @@ -159,6 +168,9 @@ func (r *Repository) generateDbLocaltable(md *MailData) error { if err != nil { return err } + if err := dbLocaltable.Chown(r.uid, r.gid); err != nil { + return err + } defer dbLocaltable.Close() for _, domain := range md.Domains { @@ -180,6 +192,9 @@ func (r *Repository) generateDbForwards(md *MailData) error { if err != nil { return err } + if err := dbForwards.Chown(r.uid, r.gid); err != nil { + return err + } defer dbForwards.Close() for _, domain := range md.Domains { @@ -213,6 +228,9 @@ func (r *Repository) generateDbPasswords(md *MailData) error { if err != nil { return err } + if err := dbPasswords.Chown(r.uid, r.gid); err != nil { + return err + } defer dbPasswords.Close() for _, domain := range md.Domains { diff --git a/domain.go b/domain.go index 1aa23e2..af499e0 100644 --- a/domain.go +++ b/domain.go @@ -116,26 +116,38 @@ func (r *Repository) DomainCreate(domain *Domain) error { domainDirPath := filepath.Join(r.DirMailDataPath, domain.Name()) - if err := os.Mkdir(domainDirPath, 0777); err != nil { + if err := os.Mkdir(domainDirPath, 0700); err != nil { + return err + } + if err := os.Chown(domainDirPath, r.uid, r.gid); err != nil { return err } - usersPasswordFile, err := os.Create(filepath.Join(domainDirPath, FileNameUsersPassword)) + usersPasswordFile, err := os.OpenFile(filepath.Join(domainDirPath, FileNameUsersPassword), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } + if err := usersPasswordFile.Chown(r.uid, r.gid); err != nil { + return err + } usersPasswordFile.Close() - aliasUsersFile, err := os.Create(filepath.Join(domainDirPath, FileNameAliasUsers)) + aliasUsersFile, err := os.OpenFile(filepath.Join(domainDirPath, FileNameAliasUsers), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } + if err := aliasUsersFile.Chown(r.uid, r.gid); err != nil { + return err + } aliasUsersFile.Close() - catchAllUserFile, err := os.Create(filepath.Join(domainDirPath, FileNameCatchAllUser)) + catchAllUserFile, err := os.OpenFile(filepath.Join(domainDirPath, FileNameCatchAllUser), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } + if err := catchAllUserFile.Chown(r.uid, r.gid); err != nil { + return err + } catchAllUserFile.Close() return nil diff --git a/repository.go b/repository.go index 4be11c2..7372956 100644 --- a/repository.go +++ b/repository.go @@ -255,7 +255,7 @@ func InitRepository(rootPath string) error { fi, err = os.Stat(c.DirMailDataPath) if err != nil { if err.(*os.PathError).Err == syscall.ENOENT { - if err = os.Mkdir(c.DirMailDataPath, 0777); err != nil { + if err = os.Mkdir(c.DirMailDataPath, 0700); err != nil { return err } } else { @@ -280,7 +280,7 @@ func InitRepository(rootPath string) error { } } - aliasDomainsFile, err := os.Create(aliasDomainsFileName) + aliasDomainsFile, err := os.OpenFile(aliasDomainsFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return nil } diff --git a/user.go b/user.go index 6e59d6c..cdf3bec 100644 --- a/user.go +++ b/user.go @@ -272,7 +272,10 @@ func (r *Repository) UserCreate(domainName string, user *User) error { filepath.Join(userDirPath, "Maildir/tmp"), } for _, dirName := range dirNames { - if err := os.Mkdir(dirName, 0777); err != nil { + if err := os.Mkdir(dirName, 0700); err != nil { + return err + } + if err := os.Chown(dirName, r.uid, r.gid); err != nil { return err } } @@ -359,7 +362,7 @@ func (r *Repository) writeUsersPasswordFile(domainName string, hashedPasswords m } sort.Strings(keys) - file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameUsersPassword), os.O_RDWR|os.O_TRUNC, 0666) + file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, FileNameUsersPassword), os.O_RDWR|os.O_TRUNC, 0600) if err != nil { return err } @@ -383,10 +386,13 @@ func (r *Repository) writeUserForwardsFile(domainName, userName string, forwards return ErrInvalidUserName } - file, err := os.Create(filepath.Join(r.DirMailDataPath, domainName, userName, FileNameUserForwards)) + file, err := os.OpenFile(filepath.Join(r.DirMailDataPath, domainName, userName, FileNameUserForwards), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { return err } + if err := file.Chown(r.uid, r.gid); err != nil { + return err + } defer file.Close() for _, forward := range forwards {