diff options
| author | chrislu <chris.lu@gmail.com> | 2022-01-12 23:58:11 -0800 |
|---|---|---|
| committer | chrislu <chris.lu@gmail.com> | 2022-01-12 23:58:11 -0800 |
| commit | f2847f1266fc5f450e819ebe427c30cebda6843d (patch) | |
| tree | df244a6988b160e2cf8a4b1e9f0b17cda5e6a802 | |
| parent | 0c75f15062c931d457fb52a079ca22fbb4679247 (diff) | |
| download | seaweedfs-f2847f1266fc5f450e819ebe427c30cebda6843d.tar.xz seaweedfs-f2847f1266fc5f450e819ebe427c30cebda6843d.zip | |
POSIX: check deletion permission
| -rw-r--r-- | weed/filesys/dir.go | 4 | ||||
| -rw-r--r-- | weed/filesys/permission.go | 60 |
2 files changed, 64 insertions, 0 deletions
diff --git a/weed/filesys/dir.go b/weed/filesys/dir.go index 53633b2f1..be140e8df 100644 --- a/weed/filesys/dir.go +++ b/weed/filesys/dir.go @@ -424,6 +424,10 @@ func findFileType(mode uint16) fuse.DirentType { func (dir *Dir) Remove(ctx context.Context, req *fuse.RemoveRequest) error { + if err := checkPermission(dir.entry, req.Uid, req.Gid, true); err != nil { + return err + } + if !req.Dir { return dir.removeOneFile(req) } diff --git a/weed/filesys/permission.go b/weed/filesys/permission.go new file mode 100644 index 000000000..a8c4cd891 --- /dev/null +++ b/weed/filesys/permission.go @@ -0,0 +1,60 @@ +package filesys + +import ( + "github.com/chrislusf/seaweedfs/weed/pb/filer_pb" + "github.com/seaweedfs/fuse" +) + +func checkPermission(entry *filer_pb.Entry, uid, gid uint32, isWrite bool) error { + if entry == nil { + return nil + } + if entry.Attributes == nil { + return nil + } + attr := entry.Attributes + if attr.Uid == uid { + if isWrite { + if attr.FileMode&0002 > 0 { + return nil + } else { + return fuse.EPERM + } + } else { + if attr.FileMode&0004 > 0 { + return nil + } else { + return fuse.EPERM + } + } + } else if attr.Gid == gid { + if isWrite { + if attr.FileMode&0020 > 0 { + return nil + } else { + return fuse.EPERM + } + } else { + if attr.FileMode&0040 > 0 { + return nil + } else { + return fuse.EPERM + } + } + } else { + if isWrite { + if attr.FileMode&0200 > 0 { + return nil + } else { + return fuse.EPERM + } + } else { + if attr.FileMode&0400 > 0 { + return nil + } else { + return fuse.EPERM + } + } + } + +} |