mirror of https://github.com/borgbackup/borg.git
improve are_acls_working function
- ACLs are not working, if ENOTSUP ("Operation not supported") happens
- fix check for macOS
On macOS borg uses "acl_extended", not "acl_access" and
also the ACL text format is a bit different.
This commit is contained in:
Thomas Waldmann
parent
b3554cdc0f
commit
d5396feebd
|
|
@ -1,3 +1,4 @@
|
|||
import errno
|
||||
import functools
|
||||
import os
|
||||
|
||||
|
|
@ -31,25 +32,26 @@ def are_acls_working():
|
|||
with unopened_tempfile() as filepath:
|
||||
open(filepath, "w").close()
|
||||
try:
|
||||
if is_freebsd:
|
||||
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-\n"
|
||||
contained = b"user:root:rw-"
|
||||
elif is_linux:
|
||||
access = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:0\n"
|
||||
contained = b"user:root:rw-:0"
|
||||
elif is_darwin:
|
||||
return True # improve?
|
||||
if is_darwin:
|
||||
acl_key = "acl_extended"
|
||||
acl_value = b"!#acl 1\nuser:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000:root:0:allow:read\n"
|
||||
else:
|
||||
return False # unsupported platform
|
||||
acl = {"acl_access": access}
|
||||
acl_set(filepath, acl)
|
||||
acl_key = "acl_access"
|
||||
acl_value = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n"
|
||||
write_acl = {acl_key: acl_value}
|
||||
acl_set(filepath, write_acl)
|
||||
read_acl = {}
|
||||
acl_get(filepath, read_acl, os.stat(filepath))
|
||||
read_acl_access = read_acl.get("acl_access", None)
|
||||
if read_acl_access and contained in read_acl_access:
|
||||
return True
|
||||
acl = read_acl.get(acl_key, None)
|
||||
if acl is not None:
|
||||
check_for = b"root:0:allow:read" if is_darwin else b"user::rw-"
|
||||
if check_for in acl:
|
||||
return True
|
||||
except PermissionError:
|
||||
pass
|
||||
except OSError as e:
|
||||
if e.errno not in (errno.ENOTSUP,):
|
||||
raise
|
||||
return False
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue