QSP-14 consistent file permissions (#6378)

* QSP-14 consistent file permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * default io file permissions * Merge branch 'consistent_permissions' of github.com:prysmaticlabs/prysm into consistent_permissions * fix comments * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * gaz * Merge branch 'consistent_permissions' of github.com:prysmaticlabs/prysm into consistent_permissions * Merge refs/heads/master into consistent_permissions * Rename IoConfig.go to io_config.go * Update shared/params/BUILD.bazel * Merge refs/heads/master into consistent_permissions * raul feedback * Merge branch 'consistent_permissions' of github.com:prysmaticlabs/prysm into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * gaz * Merge branch 'consistent_permissions' of github.com:prysmaticlabs/prysm into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions * Merge refs/heads/master into consistent_permissions
2026-01-09 21:38:05 -05:00 · 2020-06-25 19:12:59 +03:00
parent 00f24f5729
commit 9103ec98cb
13 changed files with 44 additions and 12 deletions
--- a/beacon-chain/db/kv/backup.go
+++ b/beacon-chain/db/kv/backup.go
@@ -7,6 +7,7 @@ import (
 	"path"

 	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/sirupsen/logrus"
 	bolt "go.etcd.io/bbolt"
 	"go.opencensus.io/trace"
@@ -35,7 +36,7 @@ func (kv *Store) Backup(ctx context.Context) error {
 	backupPath := path.Join(backupsDir, fmt.Sprintf("prysm_beacondb_at_slot_%07d.backup", head.Block.Slot))
 	logrus.WithField("prefix", "db").WithField("backup", backupPath).Info("Writing backup database.")

-	copyDB, err := bolt.Open(backupPath, 0666, nil)
+	copyDB, err := bolt.Open(backupPath, params.BeaconIoConfig().ReadWritePermissions, nil)
 	if err != nil {
 		panic(err)
 	}
--- a/beacon-chain/db/kv/kv.go
+++ b/beacon-chain/db/kv/kv.go
@@ -14,6 +14,7 @@ import (
 	prombolt "github.com/prysmaticlabs/prombbolt"
 	"github.com/prysmaticlabs/prysm/beacon-chain/cache"
 	"github.com/prysmaticlabs/prysm/beacon-chain/db/iface"
+	"github.com/prysmaticlabs/prysm/shared/params"
 	bolt "go.etcd.io/bbolt"
 )

@@ -52,7 +53,7 @@ func NewKVStore(dirPath string, stateSummaryCache *cache.StateSummaryCache) (*St
 		return nil, err
 	}
 	datafile := path.Join(dirPath, databaseFileName)
-	boltDB, err := bolt.Open(datafile, 0600, &bolt.Options{Timeout: 1 * time.Second, InitialMmapSize: 10e6})
+	boltDB, err := bolt.Open(datafile, params.BeaconIoConfig().ReadWritePermissions, &bolt.Options{Timeout: 1 * time.Second, InitialMmapSize: 10e6})
 	if err != nil {
 		if err == bolt.ErrTimeout {
 			return nil, errors.New("cannot obtain database lock, database may be in use by another process")
--- a/beacon-chain/p2p/options_test.go
+++ b/beacon-chain/p2p/options_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"

 	"github.com/libp2p/go-libp2p-core/crypto"
+	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
 )

@@ -32,7 +33,7 @@ func TestPrivateKeyLoading(t *testing.T) {
 	}
 	out := hex.EncodeToString(raw)

-	err = ioutil.WriteFile(file.Name(), []byte(out), 0600)
+	err = ioutil.WriteFile(file.Name(), []byte(out), params.BeaconIoConfig().ReadWritePermissions)
 	if err != nil {
 		t.Fatalf("Could not write key to file: %v", err)
 	}
--- a/beacon-chain/p2p/utils.go
+++ b/beacon-chain/p2p/utils.go
@@ -20,6 +20,7 @@ import (
 	"github.com/prysmaticlabs/go-bitfield"
 	pbp2p "github.com/prysmaticlabs/prysm/proto/beacon/p2p/v1"
 	"github.com/prysmaticlabs/prysm/shared/iputils"
+	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/sirupsen/logrus"
 )

@@ -76,7 +77,7 @@ func privKey(cfg *Config) (*ecdsa.PrivateKey, error) {
 		}
 		dst := make([]byte, hex.EncodedLen(len(rawbytes)))
 		hex.Encode(dst, rawbytes)
-		if err = ioutil.WriteFile(defaultKeyPath, dst, 0600); err != nil {
+		if err = ioutil.WriteFile(defaultKeyPath, dst, params.BeaconIoConfig().ReadWritePermissions); err != nil {
 			return nil, err
 		}
 		convertedKey := convertFromInterfacePrivKey(priv)
@@ -127,7 +128,7 @@ func metaDataFromConfig(cfg *Config) (*pbp2p.MetaData, error) {
 		if err != nil {
 			return nil, err
 		}
-		if err = ioutil.WriteFile(defaultKeyPath, dst, 0600); err != nil {
+		if err = ioutil.WriteFile(defaultKeyPath, dst, params.BeaconIoConfig().ReadWritePermissions); err != nil {
 			return nil, err
 		}
 		return metaData, nil
--- a/shared/logutil/BUILD.bazel
+++ b/shared/logutil/BUILD.bazel
@@ -5,5 +5,8 @@ go_library(
    srcs = ["logutil.go"],
    importpath = "github.com/prysmaticlabs/prysm/shared/logutil",
    visibility = ["//visibility:public"],
-    deps = ["@com_github_sirupsen_logrus//:go_default_library"],
+    deps = [
+        "//shared/params:go_default_library",
+        "@com_github_sirupsen_logrus//:go_default_library",
+    ],
 )
--- a/shared/logutil/logutil.go
+++ b/shared/logutil/logutil.go
@@ -6,13 +6,14 @@ import (
 	"io"
 	"os"

+	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/sirupsen/logrus"
 )

 // ConfigurePersistentLogging adds a log-to-file writer. File content is identical to stdout.
 func ConfigurePersistentLogging(logFileName string) error {
 	logrus.WithField("logFileName", logFileName).Info("Logs will be made persistent")
-	f, err := os.OpenFile(logFileName, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
+	f, err := os.OpenFile(logFileName, os.O_CREATE|os.O_WRONLY|os.O_APPEND, params.BeaconIoConfig().ReadWritePermissions)
 	if err != nil {
 		return err
 	}
--- a/shared/params/BUILD.bazel
+++ b/shared/params/BUILD.bazel
@@ -5,6 +5,7 @@ go_library(
    name = "go_default_library",
    srcs = [
        "config.go",
+        "io_config.go",
        "loader.go",
        "network_config.go",
    ],
--- a/shared/params/io_config.go
+++ b/shared/params/io_config.go
@@ -0,0 +1,18 @@
+package params
+
+import "os"
+
+// IoConfig defines the shared io parameters.
+type IoConfig struct {
+	ReadWritePermissions os.FileMode
+}
+
+var defaultIoConfig = &IoConfig{
+	ReadWritePermissions: 0600, //-rw------- Read and Write permissions for user
+}
+
+// BeaconIoConfig returns the current io config for
+// the beacon chain.
+func BeaconIoConfig() *IoConfig {
+	return defaultIoConfig
+}
--- a/slasher/db/kv/kv.go
+++ b/slasher/db/kv/kv.go
@@ -9,6 +9,7 @@ import (
 	"time"

 	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/slasher/cache"
 	bolt "go.etcd.io/bbolt"
 	"go.opencensus.io/trace"
@@ -91,7 +92,7 @@ func NewKVStore(dirPath string, cfg *Config) (*Store, error) {
 		return nil, err
 	}
 	datafile := path.Join(dirPath, databaseFileName)
-	boltDB, err := bolt.Open(datafile, 0600, &bolt.Options{Timeout: 1 * time.Second})
+	boltDB, err := bolt.Open(datafile, params.BeaconIoConfig().ReadWritePermissions, &bolt.Options{Timeout: 1 * time.Second})
 	if err != nil {
 		if err == bolt.ErrTimeout {
 			return nil, errors.New("cannot obtain database lock, database may be in use by another process")
--- a/tools/cluster-pk-manager/server/BUILD.bazel
+++ b/tools/cluster-pk-manager/server/BUILD.bazel
@@ -23,6 +23,7 @@ go_library(
        "//shared/bls:go_default_library",
        "//shared/bytesutil:go_default_library",
        "//shared/keystore:go_default_library",
+        "//shared/params:go_default_library",
        "//shared/prometheus:go_default_library",
        "@com_github_ethereum_go_ethereum//:go_default_library",
        "@com_github_ethereum_go_ethereum//accounts/abi/bind:go_default_library",
--- a/tools/cluster-pk-manager/server/db.go
+++ b/tools/cluster-pk-manager/server/db.go
@@ -14,6 +14,7 @@ import (
 	"github.com/prysmaticlabs/prysm/shared/bls"
 	"github.com/prysmaticlabs/prysm/shared/bytesutil"
 	"github.com/prysmaticlabs/prysm/shared/keystore"
+	"github.com/prysmaticlabs/prysm/shared/params"
 	bolt "go.etcd.io/bbolt"
 )

@@ -52,7 +53,7 @@ type db struct {

 func newDB(dbPath string) *db {
 	datafile := path.Join(dbPath, dbFileName)
-	boltdb, err := bolt.Open(datafile, 0600, &bolt.Options{Timeout: 1 * time.Second})
+	boltdb, err := bolt.Open(datafile, params.BeaconIoConfig().ReadWritePermissions, &bolt.Options{Timeout: 1 * time.Second})
 	if err != nil {
 		panic(err)
 	}
--- a/validator/keymanager/BUILD.bazel
+++ b/validator/keymanager/BUILD.bazel
@@ -49,6 +49,7 @@ go_test(
    deps = [
        "//shared/bls:go_default_library",
        "//shared/bytesutil:go_default_library",
+        "//shared/params:go_default_library",
        "//shared/testutil:go_default_library",
        "@com_github_wealdtech_go_eth2_wallet_encryptor_keystorev4//:go_default_library",
        "@com_github_wealdtech_go_eth2_wallet_nd//:go_default_library",
--- a/validator/keymanager/remote_test.go
+++ b/validator/keymanager/remote_test.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 	"testing"

+	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/prysmaticlabs/prysm/shared/testutil"
 	"github.com/prysmaticlabs/prysm/validator/keymanager"
 )
@@ -136,21 +137,21 @@ func TestNewRemoteWallet(t *testing.T) {
 				}
 				if test.caCert != "" {
 					caCertPath := fmt.Sprintf("%s/ca.crt", dir)
-					if err := ioutil.WriteFile(caCertPath, []byte(test.caCert), 0666); err != nil {
+					if err := ioutil.WriteFile(caCertPath, []byte(test.caCert), params.BeaconIoConfig().ReadWritePermissions); err != nil {
 						t.Fatalf("Failed to write CA certificate: %v", err)
 					}
 					test.opts = strings.ReplaceAll(test.opts, "<<cacert>>", caCertPath)
 				}
 				if test.clientCert != "" {
 					clientCertPath := fmt.Sprintf("%s/client.crt", dir)
-					if err := ioutil.WriteFile(clientCertPath, []byte(test.clientCert), 0666); err != nil {
+					if err := ioutil.WriteFile(clientCertPath, []byte(test.clientCert), params.BeaconIoConfig().ReadWritePermissions); err != nil {
 						t.Fatalf("Failed to write client certificate: %v", err)
 					}
 					test.opts = strings.ReplaceAll(test.opts, "<<clientcert>>", clientCertPath)
 				}
 				if test.clientKey != "" {
 					clientKeyPath := fmt.Sprintf("%s/client.key", dir)
-					if err := ioutil.WriteFile(clientKeyPath, []byte(test.clientKey), 0666); err != nil {
+					if err := ioutil.WriteFile(clientKeyPath, []byte(test.clientKey), params.BeaconIoConfig().ReadWritePermissions); err != nil {
 						t.Fatalf("Failed to write client key: %v", err)
 					}
 					test.opts = strings.ReplaceAll(test.opts, "<<clientkey>>", clientKeyPath)