Print this page
5432 zoneadm install could fix zonepath permissions automatically
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>


1006         if (!S_ISDIR(stbuf.st_mode)) {
1007                 (void) fprintf(stderr, gettext("%s is not a directory.\n"),
1008                     rpath);
1009                 return (Z_ERR);
1010         }
1011         if (strcmp(stbuf.st_fstype, MNTTYPE_TMPFS) == 0) {
1012                 (void) printf(gettext("WARNING: %s is on a temporary "
1013                     "file system.\n"), rpath);
1014         }
1015         if (crosscheck_zonepaths(rpath) != Z_OK)
1016                 return (Z_ERR);
1017         /*
1018          * Try to collect and report as many minor errors as possible
1019          * before returning, so the user can learn everything that needs
1020          * to be fixed up front.
1021          */
1022         if (stbuf.st_uid != 0) {
1023                 (void) fprintf(stderr, gettext("%s is not owned by root.\n"),
1024                     rpath);
1025                 err = B_TRUE;










1026         }


1027         err |= bad_mode_bit(stbuf.st_mode, S_IRUSR, B_TRUE, rpath);
1028         err |= bad_mode_bit(stbuf.st_mode, S_IWUSR, B_TRUE, rpath);
1029         err |= bad_mode_bit(stbuf.st_mode, S_IXUSR, B_TRUE, rpath);
1030         err |= bad_mode_bit(stbuf.st_mode, S_IRGRP, B_FALSE, rpath);
1031         err |= bad_mode_bit(stbuf.st_mode, S_IWGRP, B_FALSE, rpath);
1032         err |= bad_mode_bit(stbuf.st_mode, S_IXGRP, B_FALSE, rpath);
1033         err |= bad_mode_bit(stbuf.st_mode, S_IROTH, B_FALSE, rpath);
1034         err |= bad_mode_bit(stbuf.st_mode, S_IWOTH, B_FALSE, rpath);
1035         err |= bad_mode_bit(stbuf.st_mode, S_IXOTH, B_FALSE, rpath);
1036 











1037         (void) snprintf(ppath, sizeof (ppath), "%s/..", path);
1038         if ((res = resolvepath(ppath, rppath, sizeof (rppath))) == -1) {
1039                 zperror(ppath, B_FALSE);
1040                 return (Z_ERR);
1041         }
1042         rppath[res] = '\0';
1043         if ((res = stat(rppath, &stbuf)) != 0) {
1044                 zperror(rppath, B_FALSE);
1045                 return (Z_ERR);
1046         }
1047         /* theoretically impossible */
1048         if (!S_ISDIR(stbuf.st_mode)) {
1049                 (void) fprintf(stderr, gettext("%s is not a directory.\n"),
1050                     rppath);
1051                 return (Z_ERR);
1052         }
1053         if (stbuf.st_uid != 0) {
1054                 (void) fprintf(stderr, gettext("%s is not owned by root.\n"),
1055                     rppath);
1056                 err = B_TRUE;




1006         if (!S_ISDIR(stbuf.st_mode)) {
1007                 (void) fprintf(stderr, gettext("%s is not a directory.\n"),
1008                     rpath);
1009                 return (Z_ERR);
1010         }
1011         if (strcmp(stbuf.st_fstype, MNTTYPE_TMPFS) == 0) {
1012                 (void) printf(gettext("WARNING: %s is on a temporary "
1013                     "file system.\n"), rpath);
1014         }
1015         if (crosscheck_zonepaths(rpath) != Z_OK)
1016                 return (Z_ERR);
1017         /*
1018          * Try to collect and report as many minor errors as possible
1019          * before returning, so the user can learn everything that needs
1020          * to be fixed up front.
1021          */
1022         if (stbuf.st_uid != 0) {
1023                 (void) fprintf(stderr, gettext("%s is not owned by root.\n"),
1024                     rpath);
1025                 err = B_TRUE;
1026 
1027                 /* Try to change owner */
1028                 if (cmd_num != CMD_VERIFY) {
1029                         (void) fprintf(stderr, gettext("%s: changing owner "
1030                             "to root.\n"), rpath);
1031                         if (chown(rpath, 0, -1) != 0) {
1032                                 zperror(rpath, B_FALSE);
1033                                 return (Z_ERR);
1034                         } else {
1035                                 err = B_FALSE;
1036                         }
1037                 }
1038         }
1039         err |= bad_mode_bit(stbuf.st_mode, S_IRUSR, B_TRUE, rpath);
1040         err |= bad_mode_bit(stbuf.st_mode, S_IWUSR, B_TRUE, rpath);
1041         err |= bad_mode_bit(stbuf.st_mode, S_IXUSR, B_TRUE, rpath);
1042         err |= bad_mode_bit(stbuf.st_mode, S_IRGRP, B_FALSE, rpath);
1043         err |= bad_mode_bit(stbuf.st_mode, S_IWGRP, B_FALSE, rpath);
1044         err |= bad_mode_bit(stbuf.st_mode, S_IXGRP, B_FALSE, rpath);
1045         err |= bad_mode_bit(stbuf.st_mode, S_IROTH, B_FALSE, rpath);
1046         err |= bad_mode_bit(stbuf.st_mode, S_IWOTH, B_FALSE, rpath);
1047         err |= bad_mode_bit(stbuf.st_mode, S_IXOTH, B_FALSE, rpath);
1048 
1049         /* If the group perms are wrong, fix them */
1050         if (err && (cmd_num != CMD_VERIFY)) {
1051                 (void) fprintf(stderr, gettext("%s: changing permissions "
1052                     "to 0700.\n"), rpath);
1053                 if (chmod(rpath, S_IRWXU) != 0) {
1054                         zperror(path, B_FALSE);
1055                 } else {
1056                         err = B_FALSE;
1057                 }
1058         }
1059 
1060         (void) snprintf(ppath, sizeof (ppath), "%s/..", path);
1061         if ((res = resolvepath(ppath, rppath, sizeof (rppath))) == -1) {
1062                 zperror(ppath, B_FALSE);
1063                 return (Z_ERR);
1064         }
1065         rppath[res] = '\0';
1066         if ((res = stat(rppath, &stbuf)) != 0) {
1067                 zperror(rppath, B_FALSE);
1068                 return (Z_ERR);
1069         }
1070         /* theoretically impossible */
1071         if (!S_ISDIR(stbuf.st_mode)) {
1072                 (void) fprintf(stderr, gettext("%s is not a directory.\n"),
1073                     rppath);
1074                 return (Z_ERR);
1075         }
1076         if (stbuf.st_uid != 0) {
1077                 (void) fprintf(stderr, gettext("%s is not owned by root.\n"),
1078                     rppath);
1079                 err = B_TRUE;