ClusterCockpit/cc-metric-collector
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-metric-collector.git synced 2024-12-26 15:29:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add check for configuration files to be owned by user and have perm 0600. Fixes #33

Browse Source
This commit is contained in:
Thomas Roehl 2024-12-21 03:45:53 +01:00
parent ee4e1baf5b
commit 03d5486413
1 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
cc-metric-collector.go
View File

@ -3,6 +3,7 @@ package main
import ( import (
"encoding/json" "encoding/json"
"flag" "flag"
"fmt"
"os" "os"
"os/signal" "os/signal"
"syscall" "syscall"
@ -15,9 +16,9 @@ import (
"sync" "sync"
"time" "time"
lp "github.com/ClusterCockpit/cc-energy-manager/pkg/cc-message"
mr "github.com/ClusterCockpit/cc-metric-collector/internal/metricRouter" mr "github.com/ClusterCockpit/cc-metric-collector/internal/metricRouter"
cclog "github.com/ClusterCockpit/cc-metric-collector/pkg/ccLogger" cclog "github.com/ClusterCockpit/cc-metric-collector/pkg/ccLogger"
lp "github.com/ClusterCockpit/cc-energy-manager/pkg/cc-message"
mct "github.com/ClusterCockpit/cc-metric-collector/pkg/multiChanTicker" mct "github.com/ClusterCockpit/cc-metric-collector/pkg/multiChanTicker"
) )
@ -42,6 +43,27 @@ func LoadCentralConfiguration(file string, config *CentralConfigFile) error {
return err return err
} }
func ConfigFileCheck(file string) error {
info, err := os.Stat(file)
if err != nil {
cclog.Error("Cannot access file", file)
return err
}
uid := info.Sys().(*syscall.Stat_t).Uid
perm := info.Mode().Perm()
if uid != uint32(os.Getuid()) {
err = fmt.Errorf("file %s has a different owner", file)
return err
}
if perm != 0600 {
err = fmt.Errorf("file %s has a invalid permissions", file)
return err
}
return nil
}
type RuntimeConfig struct { type RuntimeConfig struct {
Interval time.Duration Interval time.Duration
Duration time.Duration Duration time.Duration
@ -167,6 +189,12 @@ func mainFunc() int {
CliArgs: ReadCli(), CliArgs: ReadCli(),
} }
err = ConfigFileCheck(rcfg.CliArgs["configfile"])
if err != nil {
cclog.Error(err.Error())
return 1
}
// Load and check configuration // Load and check configuration
err = LoadCentralConfiguration(rcfg.CliArgs["configfile"], &rcfg.ConfigFile) err = LoadCentralConfiguration(rcfg.CliArgs["configfile"], &rcfg.ConfigFile)
if err != nil { if err != nil {
@ -208,16 +236,31 @@ func mainFunc() int {
cclog.Error("Metric router configuration file must be set") cclog.Error("Metric router configuration file must be set")
return 1 return 1
} }
err = ConfigFileCheck(rcfg.ConfigFile.RouterConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
if len(rcfg.ConfigFile.SinkConfigFile) == 0 { if len(rcfg.ConfigFile.SinkConfigFile) == 0 {
cclog.Error("Sink configuration file must be set") cclog.Error("Sink configuration file must be set")
return 1 return 1
} }
err = ConfigFileCheck(rcfg.ConfigFile.SinkConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
if len(rcfg.ConfigFile.CollectorConfigFile) == 0 { if len(rcfg.ConfigFile.CollectorConfigFile) == 0 {
cclog.Error("Metric collector configuration file must be set") cclog.Error("Metric collector configuration file must be set")
return 1 return 1
} }
err = ConfigFileCheck(rcfg.ConfigFile.CollectorConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
// Set log file // Set log file
if logfile := rcfg.CliArgs["logfile"]; logfile != "stderr" { if logfile := rcfg.CliArgs["logfile"]; logfile != "stderr" {
@ -260,6 +303,11 @@ func mainFunc() int {
// Create new receive manager // Create new receive manager
if len(rcfg.ConfigFile.ReceiverConfigFile) > 0 { if len(rcfg.ConfigFile.ReceiverConfigFile) > 0 {
err = ConfigFileCheck(rcfg.ConfigFile.ReceiverConfigFile)
if err != nil {
cclog.Error(err.Error())
return 1
}
rcfg.ReceiveManager, err = receivers.New(&rcfg.Sync, rcfg.ConfigFile.ReceiverConfigFile) rcfg.ReceiveManager, err = receivers.New(&rcfg.Sync, rcfg.ConfigFile.ReceiverConfigFile)
if err != nil { if err != nil {
cclog.Error(err.Error()) cclog.Error(err.Error())