arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2026-02-04 04:19:47 +00:00
Code Issues Projects Releases Wiki Activity

fix: use effective uid instead of uid

Browse Source
This commit is contained in:
Evgenii Alekseev
2026-02-03 16:22:26 +02:00
parent 5738b8b911
commit 389bad6725
4 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ahriman/core/utils.py
View File

@@ -192,7 +192,7 @@ def check_user(root: Path, *, unsafe: bool) -> None:
if unsafe:
return # unsafe flag is enabled, no check performed
current_uid = os.getuid()
current_uid = os.geteuid()
root_uid, _ = owner(root)
if current_uid != root_uid:

2
src/ahriman/models/repository_paths.py
View File

@@ -239,7 +239,7 @@ class RepositoryPaths(LazyLogging):
# the reason we do this is that it only works if permissions can be actually changed. Hence,
# non-privileged user (e.g. personal user or ahriman user) can't change permissions.
# The only one who can do so is root, so if user is not root we just terminate function
current_uid, current_gid = os.getuid(), os.getgid()
current_uid, current_gid = os.geteuid(), os.getegid()
if current_uid != 0:
yield
return

6
tests/ahriman/core/test_utils.py
View File

@@ -160,7 +160,7 @@ def test_check_user(repository_id: RepositoryId, mocker: MockerFixture) -> None:
must check user correctly
"""
paths = RepositoryPaths(Path.cwd(), repository_id)
mocker.patch("os.getuid", return_value=paths.root_owner[0])
mocker.patch("os.geteuid", return_value=paths.root_owner[0])
check_user(paths.root, unsafe=False)
@@ -177,7 +177,7 @@ def test_check_user_exception(repository_id: RepositoryId, mocker: MockerFixture
must raise exception if user differs
"""
paths = RepositoryPaths(Path.cwd(), repository_id)
mocker.patch("os.getuid", return_value=paths.root_owner[0] + 1)
mocker.patch("os.geteuid", return_value=paths.root_owner[0] + 1)
with pytest.raises(UnsafeRunError):
check_user(paths.root, unsafe=False)
@@ -188,7 +188,7 @@ def test_check_user_unsafe(repository_id: RepositoryId, mocker: MockerFixture) -
must skip check if unsafe flag is set
"""
paths = RepositoryPaths(Path.cwd(), repository_id)
mocker.patch("os.getuid", return_value=paths.root_owner[0] + 1)
mocker.patch("os.geteuid", return_value=paths.root_owner[0] + 1)
check_user(paths.root, unsafe=True)

12
tests/ahriman/models/test_repository_paths.py
View File

@@ -198,8 +198,8 @@ def test_preserve_owner(tmp_path: Path, repository_id: RepositoryId, mocker: Moc
"""
must preserve file owner during operations
"""
mocker.patch("os.getuid", return_value=0)
mocker.patch("os.getgid", return_value=0)
mocker.patch("os.geteuid", return_value=0)
mocker.patch("os.getegid", return_value=0)
seteuid_mock = mocker.patch("os.seteuid")
setegid_mock = mocker.patch("os.setegid")
@@ -214,8 +214,8 @@ def test_preserve_owner_exception(tmp_path: Path, repository_id: RepositoryId, m
"""
must return to original uid and gid even during exception
"""
mocker.patch("os.getuid", return_value=0)
mocker.patch("os.getgid", return_value=0)
mocker.patch("os.geteuid", return_value=0)
mocker.patch("os.getegid", return_value=0)
mocker.patch("pathlib.Path.mkdir", side_effect=Exception)
seteuid_mock = mocker.patch("os.seteuid")
setegid_mock = mocker.patch("os.setegid")
@@ -232,8 +232,8 @@ def test_preserve_owner_non_root(tmp_path: Path, repository_id: RepositoryId, mo
"""
must skip processing if user is not root
"""
mocker.patch("os.getuid", return_value=42)
mocker.patch("os.getgid", return_value=42)
mocker.patch("os.geteuid", return_value=42)
mocker.patch("os.getegid", return_value=42)
repository_paths = RepositoryPaths(tmp_path, repository_id)
seteuid_mock = mocker.patch("os.seteuid")
setegid_mock = mocker.patch("os.setegid")