ZP-845 Improve Utils::FixFileOwner.

Released under the Affero GNU General Public License (AGPL) version 3. If we are running as root (bad idea), parent directory is owned by root, and the file is owned by root, it means that we can't FixFileOwner, so remove the file and throw an exception instead of silently breaking zpush Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>

ZP-845 Improve Utils::FixFileOwner.
Released under the Affero GNU General Public License (AGPL) version 3. If we are running as root (bad idea), parent directory is owned by root, and the file is owned by root, it means that we can't FixFileOwner, so remove the file and throw an exception instead of silently breaking zpush Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
01358ff4 · Etienne CHAMPETIER · 3f1f999e · 01358ff4
Commit 01358ff4 authored Feb 25, 2016 by Etienne CHAMPETIER
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

utils.php src/lib/utils/utils.php +9 -4

No files found.
--- a/src/lib/utils/utils.php
+++ b/src/lib/utils/utils.php
@@ -886,11 +886,16 @@ class Utils {
        if(posix_getuid() == 0 && file_exists($file)) {
            $dir = dirname($file);
            $perm_dir = stat($dir);
-            $perm_log = stat($file);
+            $perm_file = stat($file);
-            if($perm_dir[4] !== $perm_log[4] || $perm_dir[5] !== $perm_log[5]) {
+            if ($perm_file['uid'] == 0 && $perm_dir['uid'] == 0) {
-                chown($file, $perm_dir[4]);
+                unlink($file);
-                chgrp($file, $perm_dir[5]);
+                throw new FatalException("FixFileOwner: $dir must be owned by the nginx/apache/php user instead of root");
+            }
+            if($perm_dir['uid'] !== $perm_file['uid'] || $perm_dir['gid'] !== $perm_file['gid']) {
+                chown($file, $perm_dir['uid']);
+                chgrp($file, $perm_dir['gid']);
            }
        }
        return true;