From 725347fccd372b98bfe73c9104fd4fb989d62617 Mon Sep 17 00:00:00 2001
From: Alex Clemmer <clemmer.alexander@gmail.com>
Date: Wed, 20 Sep 2017 16:24:54 -0700
Subject: [PATCH] Adopt 0755 as default permissions for folders

Under certain circumstances, it is possible for operations to fail
because of permissions that are too restrictive. Here we adopt the
default permissions of 0755 (i.e., rwxr-xr-x), which should be a better
balance of restriction and flexibility.
---
 metadata/environment.go | 12 ++++++------
 metadata/interface.go   |  3 ++-
 metadata/manager.go     |  2 +-
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/metadata/environment.go b/metadata/environment.go
index d0c2baab..797bec47 100644
--- a/metadata/environment.go
+++ b/metadata/environment.go
@@ -83,7 +83,7 @@ func (m *manager) createEnvironment(name, uri string, extensionsLibData, k8sLibD
 	log.Infof("Creating environment '%s' with uri '%s'", name, uri)
 
 	envPath := appendToAbsPath(m.environmentsPath, name)
-	err = m.appFS.MkdirAll(string(envPath), defaultPermissions)
+	err = m.appFS.MkdirAll(string(envPath), defaultFolderPermissions)
 	if err != nil {
 		return err
 	}
@@ -93,7 +93,7 @@ func (m *manager) createEnvironment(name, uri string, extensionsLibData, k8sLibD
 	// Generate the schema file.
 	log.Debugf("Generating '%s', length: %d", schemaFilename, len(specData))
 	schemaPath := appendToAbsPath(envPath, schemaFilename)
-	err = afero.WriteFile(m.appFS, string(schemaPath), specData, defaultPermissions)
+	err = afero.WriteFile(m.appFS, string(schemaPath), specData, defaultFilePermissions)
 	if err != nil {
 		log.Debugf("Failed to write '%s'", schemaFilename)
 		return err
@@ -101,7 +101,7 @@ func (m *manager) createEnvironment(name, uri string, extensionsLibData, k8sLibD
 
 	log.Debugf("Generating '%s', length: %d", k8sLibFilename, len(k8sLibData))
 	k8sLibPath := appendToAbsPath(envPath, k8sLibFilename)
-	err = afero.WriteFile(m.appFS, string(k8sLibPath), k8sLibData, defaultPermissions)
+	err = afero.WriteFile(m.appFS, string(k8sLibPath), k8sLibData, defaultFilePermissions)
 	if err != nil {
 		log.Debugf("Failed to write '%s'", k8sLibFilename)
 		return err
@@ -109,7 +109,7 @@ func (m *manager) createEnvironment(name, uri string, extensionsLibData, k8sLibD
 
 	log.Debugf("Generating '%s', length: %d", extensionsLibFilename, len(extensionsLibData))
 	extensionsLibPath := appendToAbsPath(envPath, extensionsLibFilename)
-	err = afero.WriteFile(m.appFS, string(extensionsLibPath), extensionsLibData, defaultPermissions)
+	err = afero.WriteFile(m.appFS, string(extensionsLibPath), extensionsLibData, defaultFilePermissions)
 	if err != nil {
 		log.Debugf("Failed to write '%s'", extensionsLibFilename)
 		return err
@@ -123,7 +123,7 @@ func (m *manager) createEnvironment(name, uri string, extensionsLibData, k8sLibD
 
 	log.Debugf("Generating '%s', length: %d", specFilename, len(envSpecData))
 	envSpecPath := appendToAbsPath(envPath, specFilename)
-	return afero.WriteFile(m.appFS, string(envSpecPath), envSpecData, defaultPermissions)
+	return afero.WriteFile(m.appFS, string(envSpecPath), envSpecData, defaultFilePermissions)
 }
 
 func (m *manager) DeleteEnvironment(name string) error {
@@ -278,7 +278,7 @@ func (m *manager) SetEnvironment(name string, desired Environment) error {
 		envPath := appendToAbsPath(m.environmentsPath, name)
 		specPath := appendToAbsPath(envPath, specFilename)
 
-		err = afero.WriteFile(m.appFS, string(specPath), newSpec, defaultPermissions)
+		err = afero.WriteFile(m.appFS, string(specPath), newSpec, defaultFilePermissions)
 		if err != nil {
 			log.Debugf("Failed to write %s at path '%s'", specFilename, specPath)
 			return err
diff --git a/metadata/interface.go b/metadata/interface.go
index be20f6ef..2c45891e 100644
--- a/metadata/interface.go
+++ b/metadata/interface.go
@@ -22,7 +22,8 @@ import (
 )
 
 var appFS afero.Fs
-var defaultPermissions = os.FileMode(0644)
+var defaultFolderPermissions = os.FileMode(0755)
+var defaultFilePermissions = os.FileMode(0644)
 
 // AbsPath is an advisory type that represents an absolute path. It is advisory
 // in that it is not forced to be absolute, but rather, meant to indicate
diff --git a/metadata/manager.go b/metadata/manager.go
index 85c69b74..21742567 100644
--- a/metadata/manager.go
+++ b/metadata/manager.go
@@ -157,7 +157,7 @@ func (m *manager) createAppDirTree() error {
 	}
 
 	for _, p := range paths {
-		if err := m.appFS.MkdirAll(string(p), defaultPermissions); err != nil {
+		if err := m.appFS.MkdirAll(string(p), defaultFolderPermissions); err != nil {
 			return err
 		}
 	}
-- 
GitLab