checkOwnerUID verifies the file is owned by the current user.
(path, label string)
| 15 | |
| 16 | // checkOwnerUID verifies the file is owned by the current user. |
| 17 | func checkOwnerUID(path, label string) error { |
| 18 | stat, err := vfs.Stat(path) |
| 19 | if err != nil { |
| 20 | return fmt.Errorf("%s: cannot stat %q: %w", label, path, err) |
| 21 | } |
| 22 | sysStat, ok := stat.Sys().(*syscall.Stat_t) |
| 23 | if !ok { |
| 24 | return fmt.Errorf("%s: cannot retrieve file owner for %q", label, path) |
| 25 | } |
| 26 | if sysStat.Uid != uint32(os.Getuid()) { |
| 27 | return fmt.Errorf("%s: path %q is owned by uid %d, expected %d", |
| 28 | label, path, sysStat.Uid, os.Getuid()) |
| 29 | } |
| 30 | return nil |
| 31 | } |
| 32 | |
| 33 | // auditFilePermissions rejects world/group-writable modes (always) and |
| 34 | // world/group-readable modes (unless allowReadableByOthers is true, which |
no test coverage detected