CheckKeployFolderPermissions checks if the keploy folder and its contents are readable and writable by the current user. Returns a list of paths with permission issues.
(logger *zap.Logger, keployPath string)
| 20 | // CheckKeployFolderPermissions checks if the keploy folder and its contents are readable |
| 21 | // and writable by the current user. Returns a list of paths with permission issues. |
| 22 | func CheckKeployFolderPermissions(logger *zap.Logger, keployPath string) ([]PermissionError, error) { |
| 23 | var permissionErrors []PermissionError |
| 24 | currentUID := uint32(os.Getuid()) |
| 25 | |
| 26 | // Check if keploy folder exists |
| 27 | info, err := os.Stat(keployPath) |
| 28 | if os.IsNotExist(err) { |
| 29 | // Folder doesn't exist yet - no permission issues |
| 30 | return nil, nil |
| 31 | } else if err != nil { |
| 32 | // Can't even stat the folder - this is a permission issue |
| 33 | return []PermissionError{{Path: keployPath, OwnerUID: 0, IsRead: true}}, nil |
| 34 | } |
| 35 | |
| 36 | // Folder exists, check if it's a directory |
| 37 | if !info.IsDir() { |
| 38 | return nil, fmt.Errorf("keploy path %s exists but is not a directory", keployPath) |
| 39 | } |
| 40 | |
| 41 | // Walk the directory tree and check permissions |
| 42 | err = filepath.WalkDir(keployPath, func(path string, d os.DirEntry, err error) error { |
| 43 | if err != nil { |
| 44 | // Access error - this indicates a permission issue |
| 45 | logger.Debug("cannot access path", zap.String("path", path), zap.Error(err)) |
| 46 | ownerUID := uint32(0) |
| 47 | if fileInfo, statErr := os.Lstat(path); statErr == nil { |
| 48 | if stat, ok := fileInfo.Sys().(*syscall.Stat_t); ok { |
| 49 | ownerUID = stat.Uid |
| 50 | } |
| 51 | } |
| 52 | permissionErrors = append(permissionErrors, PermissionError{Path: path, OwnerUID: ownerUID, IsRead: true}) |
| 53 | return filepath.SkipDir |
| 54 | } |
| 55 | |
| 56 | // Get file info to check ownership |
| 57 | fileInfo, infoErr := d.Info() |
| 58 | if infoErr != nil { |
| 59 | return nil |
| 60 | } |
| 61 | |
| 62 | // Check if file is owned by a different user (likely root) |
| 63 | if stat, ok := fileInfo.Sys().(*syscall.Stat_t); ok { |
| 64 | if stat.Uid != currentUID { |
| 65 | // File is owned by someone else - potential permission issue |
| 66 | // Verify by actually trying to open for read/write |
| 67 | hasIssue := false |
| 68 | |
| 69 | if d.IsDir() { |
| 70 | // For directories, check if we can read and write |
| 71 | _, readErr := os.ReadDir(path) |
| 72 | if readErr != nil { |
| 73 | hasIssue = true |
| 74 | } |
| 75 | // Also check write permission by checking if we can create a temp file |
| 76 | // We use access() syscall equivalent - try to open with write flag |
| 77 | testFile := filepath.Join(path, ".keploy_perm_test") |
| 78 | f, writeErr := os.OpenFile(testFile, os.O_CREATE|os.O_WRONLY, 0644) |
| 79 | if writeErr != nil { |
no test coverage detected