Revert "Set default permissions"

This reverts commit 228b5c7146255f95b80e4a233948acb316718b81.
author: Valerij Fredriksen <valerijf@yahooinc.com> 2022-04-20 15:01:22 +0200
committer: Valerij Fredriksen <valerijf@yahooinc.com> 2022-04-20 15:01:22 +0200
commit: d5ecbb1d6e155b4b09306207f03fb26649491e83 (patch)
tree: cbcf42de0afe103f860c093fc51e3ac296449ab3 /node-admin
parent: 67c73b131aa7cd482e398e27687a80518f401a7a (diff)
2 files changed, 2 insertions, 47 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
index 2a2e3d611c9..964ed5e0e4d 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemProvider.java
@@ -26,8 +26,6 @@ import java.nio.file.attribute.FileAttributeView;
 import java.nio.file.attribute.GroupPrincipal;
 import java.nio.file.attribute.PosixFileAttributeView;
 import java.nio.file.attribute.PosixFileAttributes;
-import java.nio.file.attribute.PosixFilePermission;
-import java.nio.file.attribute.PosixFilePermissions;
 import java.nio.file.attribute.UserPrincipal;
 import java.nio.file.spi.FileSystemProvider;
 import java.util.HashMap;
@@ -46,12 +44,6 @@ import static com.yahoo.yolean.Exceptions.uncheck;
  * @author freva
  */
 class ContainerFileSystemProvider extends FileSystemProvider {
-
-    private static final FileAttribute<?> DEFAULT_FILE_PERMISSIONS = PosixFilePermissions.asFileAttribute(Set.of( // 0640
-            PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.GROUP_READ));
-    private static final FileAttribute<?> DEFAULT_DIRECTORY_PERMISSIONS = PosixFilePermissions.asFileAttribute(Set.of( // 0750
-            PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_EXECUTE));
-
     private final ContainerFileSystem containerFs;
     private final ContainerUserPrincipalLookupService userPrincipalLookupService;
 
@@ -90,8 +82,7 @@ class ContainerFileSystemProvider extends FileSystemProvider {
         Path pathOnHost = pathOnHost(path);
         try (SecureDirectoryStream<Path> sds = leafDirectoryStream(pathOnHost)) {
             boolean existedBefore = Files.exists(pathOnHost);
-            SeekableByteChannel seekableByteChannel = sds.newByteChannel(
-                    pathOnHost.getFileName(), addNoFollow(options), addPermissions(DEFAULT_FILE_PERMISSIONS, attrs));
+            SeekableByteChannel seekableByteChannel = sds.newByteChannel(pathOnHost.getFileName(), addNoFollow(options), attrs);
             if (!existedBefore) fixOwnerToContainerRoot(toContainerPath(path));
             return seekableByteChannel;
         }
@@ -108,7 +99,7 @@ class ContainerFileSystemProvider extends FileSystemProvider {
     public void createDirectory(Path dir, FileAttribute<?>... attrs) throws IOException {
         Path pathOnHost = pathOnHost(dir);
         boolean existedBefore = Files.exists(pathOnHost);
-        provider(pathOnHost).createDirectory(pathOnHost, addPermissions(DEFAULT_DIRECTORY_PERMISSIONS, attrs));
+        provider(pathOnHost).createDirectory(pathOnHost);
         if (!existedBefore) fixOwnerToContainerRoot(toContainerPath(dir));
     }
 
@@ -333,16 +324,4 @@ class ContainerFileSystemProvider extends FileSystemProvider {
         copy[options.length] = LinkOption.NOFOLLOW_LINKS;
         return copy;
     }
-
-    private static FileAttribute<?>[] addPermissions(FileAttribute<?> defaultPermissions, FileAttribute<?>... attrs) {
-        for (FileAttribute<?> attr : attrs) {
-            if (attr.name().equals("posix:permissions") || attr.name().equals("unix:permissions"))
-                return attrs;
-        }
-
-        FileAttribute<?>[] copy = new FileAttribute<?>[attrs.length + 1];
-        System.arraycopy(attrs, 0, copy, 0, attrs.length);
-        copy[attrs.length] = defaultPermissions;
-        return copy;
-    }
 }
diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
index b26f0fe5bf8..c3affccc32b 100644
--- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
+++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/task/util/fs/ContainerFileSystemTest.java
@@ -16,8 +16,6 @@ import java.nio.file.LinkOption;
 import java.nio.file.Path;
 import java.nio.file.StandardCopyOption;
 import java.nio.file.StandardOpenOption;
-import java.nio.file.attribute.FileAttribute;
-import java.nio.file.attribute.PosixFilePermissions;
 import java.util.Map;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -176,19 +174,6 @@ class ContainerFileSystemTest {
         Files.writeString(file.pathOnHost(), "hello"); // Writing through host FS works
     }
 
-    @Test
-    public void permissions() throws IOException {
-        assertPermissions(Files.createDirectory(containerFs.getPath("/dir1")), "rwxr-x---");
-        assertPermissions(Files.createDirectory(containerFs.getPath("/dir2"), permissionsFromString("r-x-w-rw-")), "r-x-w-rw-");
-
-        assertPermissions(Files.createDirectories(containerFs.getPath("/sub/dir/leaf"), permissionsFromString("r-x-w-rw-")), "r-x-w-rw-");
-        assertPermissions(containerFs.getPath("/sub/dir"), "r-x-w-rw-"); // Non-leafs get the same permission as the leaf
-
-        // TODO: Uncomment when JimFS forwards attributes for SecureDirectoryStream::newByteChannel
-//        assertPermissions(Files.createFile(containerFs.getPath("/file1")), "rw-r-----");
-//        assertPermissions(Files.createFile(containerFs.getPath("/file2"), permissionsFromString("r-x-w-rw-")), "r-x-w-rw-");
-    }
-
     private static void assertOwnership(ContainerPath path, int contUid, int contGid, int hostUid, int hostGid) throws IOException {
         assertOwnership(path, contUid, contGid);
         assertOwnership(path.pathOnHost(), hostUid, hostGid);
@@ -199,13 +184,4 @@ class ContainerFileSystemTest {
         assertEquals(uid, attrs.get("uid"));
         assertEquals(gid, attrs.get("gid"));
     }
-
-    private static void assertPermissions(Path path, String expected) throws IOException {
-        String actual = PosixFilePermissions.toString(Files.getPosixFilePermissions(path));
-        assertEquals(expected, actual);
-    }
-
-    private static FileAttribute<?> permissionsFromString(String permissions) {
-        return PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString(permissions));
-    }
 }
author	Valerij Fredriksen <valerijf@yahooinc.com>	2022-04-20 15:01:22 +0200
committer	Valerij Fredriksen <valerijf@yahooinc.com>	2022-04-20 15:01:22 +0200
commit	d5ecbb1d6e155b4b09306207f03fb26649491e83 (patch)
tree	cbcf42de0afe103f860c093fc51e3ac296449ab3 /node-admin
parent	67c73b131aa7cd482e398e27687a80518f401a7a (diff)