git: bb4a12ff9ac0 - stable/14 - nuageinit: Add wrappers for chmod and chown

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 29 Jul 2025 12:49:12 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=bb4a12ff9ac0feb05af7232c1ffc8e7cdd00f2dd

commit bb4a12ff9ac0feb05af7232c1ffc8e7cdd00f2dd
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-07-05 14:54:07 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-07-29 12:08:32 +0000

    nuageinit: Add wrappers for chmod and chown
    
    In the wrappers, check for errors and abort if one is raised.  At some
    point it may be useful to have a mechanism to ignore errors, but I'm not
    sure yet how that should look.
    
    For chmod, let the mode be specified as an octal number, otherwise it's
    hard to understand what's happening.  Note that this must be specified
    as a string, otherwise tonumber() will raise an error.
    
    Reviewed by:    bapt
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D51159
    
    (cherry picked from commit 667ef8875bad115d334a85c1023db0cf4d8379ba)
---
 libexec/nuageinit/nuage.lua | 35 +++++++++++++++++++++++++----------
 libexec/nuageinit/nuageinit |  7 +++----
 2 files changed, 28 insertions(+), 14 deletions(-)

diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua
index 11958e8b5cc2..493ae11d6ca7 100644
--- a/libexec/nuageinit/nuage.lua
+++ b/libexec/nuageinit/nuage.lua
@@ -56,6 +56,21 @@ local function errmsg(str, prepend)
 	os.exit(1)
 end
 
+local function chmod(path, mode)
+	local mode = tonumber(mode, 8)
+	local _, err, msg = sys_stat.chmod(path, mode)
+	if err then
+		errmsg("chmod(" .. path .. ", " .. mode .. ") failed: " .. msg)
+	end
+end
+
+local function chown(path, owner, group)
+	local _, err, msg = unistd.chown(path, owner, group)
+	if err then
+		errmsg("chown(" .. path .. ", " .. owner .. ", " .. group .. ") failed: " .. msg)
+	end
+end
+
 local function dirname(oldpath)
 	if not oldpath then
 		return nil
@@ -252,12 +267,12 @@ local function addsshkey(homedir, key)
 	f:write(key .. "\n")
 	f:close()
 	if chownak then
-		sys_stat.chmod(ak_path, 384)
-		unistd.chown(ak_path, dirattrs.uid, dirattrs.gid)
+		chmod(ak_path, "0600")
+		chown(ak_path, dirattrs.uid, dirattrs.gid)
 	end
 	if chowndotssh then
-		sys_stat.chmod(dotssh_path, 448)
-		unistd.chown(dotssh_path, dirattrs.uid, dirattrs.gid)
+		chmod(dotssh_path, "0700")
+		chown(dotssh_path, dirattrs.uid, dirattrs.gid)
 	end
 end
 
@@ -296,10 +311,10 @@ local function addsudo(pwd)
 	end
 	f:close()
 	if chmodsudoers then
-		sys_stat.chmod(sudoers, 416)
+		chmod(sudoers, "0640")
 	end
 	if chmodsudoersd then
-		sys_stat.chmod(sudoers, 480)
+		chmod(sudoers, "0740")
 	end
 end
 
@@ -521,16 +536,14 @@ local function addfile(file, defer)
 	end
 	f:close()
 	if file.permissions then
-		-- convert from octal to decimal
-		local perm = tonumber(file.permissions, 8)
-		sys_stat.chmod(filepath, perm)
+		chmod(filepath, file.permissions)
 	end
 	if file.owner then
 		local owner, group = string.match(file.owner, "([^:]+):([^:]+)")
 		if not owner then
 			owner = file.owner
 		end
-		unistd.chown(filepath, owner, group)
+		chown(filepath, owner, group)
 	end
 	return true
 end
@@ -538,6 +551,8 @@ end
 local n = {
 	warn = warnmsg,
 	err = errmsg,
+	chmod = chmod,
+	chown = chown,
 	dirname = dirname,
 	mkdir_p = mkdir_p,
 	sethostname = sethostname,
diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit
index 84133d4373c5..0fcdc7274db3 100755
--- a/libexec/nuageinit/nuageinit
+++ b/libexec/nuageinit/nuageinit
@@ -7,7 +7,6 @@
 local nuage = require("nuage")
 local ucl = require("ucl")
 local yaml = require("lyaml")
-local sys_stat = require("posix.sys.stat")
 
 if #arg ~= 2 then
 	nuage.err("Usage: " .. arg[0] .. " <cloud-init-directory> (<config-2> | <nocloud>)", false)
@@ -157,7 +156,7 @@ local function ssh_keys(obj)
 					sshkey:close()
 				end
 				if keytype == "private" then
-					sys_stat.chmod(path, 384)
+					nuage.chmod(path, "0600")
 				end
 			end
 		end
@@ -281,7 +280,7 @@ local function runcmd(obj)
 	end
 	if f ~= nil then
 		f:close()
-		sys_stat.chmod(root .. "/var/cache/nuageinit/runcmds", 493)
+		nuage.chmod(root .. "/var/cache/nuageinit/runcmds", "0755")
 	end
 end
 
@@ -503,5 +502,5 @@ if line == "#cloud-config" then
 	end
 elseif line:sub(1, 2) == "#!" then
 	-- delay for execution at rc.local time --
-	sys_stat.chmod(root .. "/var/cache/nuageinit/user_data", 493)
+	nuage.chmod(root .. "/var/cache/nuageinit/user_data", "0755")
 end