areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone
Blob Blame History Raw
From 68d97e2beca1ee3b398fc5f0d3ed70aa8b69e732 Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Tue, 11 Apr 2017 17:35:30 +0200
Subject: [PATCH] ipapython.ipautil.run: Add option to set umask before
 executing command

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
---
 ipapython/ipautil.py | 43 +++++++++++++++++++++++--------------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index cd66328e6c9a0f69e6f83582a9d288ac239c5be3..317fc225b722ad3ce2f4b9d92822b4f19d49adb9 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -309,7 +309,7 @@ class _RunResult(collections.namedtuple('_RunResult',
 def run(args, stdin=None, raiseonerr=True, nolog=(), env=None,
         capture_output=False, skip_output=False, cwd=None,
         runas=None, suplementary_groups=[],
-        capture_error=False, encoding=None, redirect_output=False):
+        capture_error=False, encoding=None, redirect_output=False, umask=None):
     """
     Execute an external command.
 
@@ -345,6 +345,7 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None,
         error_output, and (if it's not bytes) stdin.
         If None, the current encoding according to locale is used.
     :param redirect_output: Redirect (error) output to standard (error) output.
+    :param umask: Set file-creation mask before running the command.
 
     :return: An object with these attributes:
 
@@ -416,25 +417,27 @@ def run(args, stdin=None, raiseonerr=True, nolog=(), env=None,
     root_logger.debug('Starting external process')
     root_logger.debug('args=%s' % arg_string)
 
-    preexec_fn = None
-    if runas is not None:
-        pent = pwd.getpwnam(runas)
-
-        suplementary_gids = [
-            grp.getgrnam(group).gr_gid for group in suplementary_groups
-        ]
-
-        root_logger.debug('runas=%s (UID %d, GID %s)', runas,
-            pent.pw_uid, pent.pw_gid)
-        if suplementary_groups:
-            for group, gid in zip(suplementary_groups, suplementary_gids):
-                root_logger.debug('suplementary_group=%s (GID %d)', group, gid)
-
-        preexec_fn = lambda: (
-            os.setgroups(suplementary_gids),
-            os.setregid(pent.pw_gid, pent.pw_gid),
-            os.setreuid(pent.pw_uid, pent.pw_uid),
-        )
+    def preexec_fn():
+        if runas is not None:
+            pent = pwd.getpwnam(runas)
+
+            suplementary_gids = [
+                grp.getgrnam(group).gr_gid for group in suplementary_groups
+            ]
+
+            root_logger.debug('runas=%s (UID %d, GID %s)', runas,
+                              pent.pw_uid, pent.pw_gid)
+            if suplementary_groups:
+                for group, gid in zip(suplementary_groups, suplementary_gids):
+                    root_logger.debug('suplementary_group=%s (GID %d)',
+                                      group, gid)
+
+            os.setgroups(suplementary_gids)
+            os.setregid(pent.pw_gid, pent.pw_gid)
+            os.setreuid(pent.pw_uid, pent.pw_uid)
+
+        if umask:
+            os.umask(umask)
 
     try:
         p = subprocess.Popen(args, stdin=p_in, stdout=p_out, stderr=p_err,
-- 
2.9.4