From 22a291f703b2511daaa8e0d325ab48523e817558 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 17 Dec 2019 09:36:25 +0100 Subject: [PATCH] config: preserve ownership and permissions on configfile When running `docker login` or `docker logout`, the CLI updates the configuration file by creating a temporary file, to replace the old one (if exists). When using `sudo`, this caused the file to be created as `root`, making it inaccessible to the current user. This patch updates the CLI to fetch permissions and ownership of the existing configuration file, and applies those permissions to the new file, so that it has the same permissions as the existing file (if any). Currently, only done for "Unix-y" systems (Mac, Linux), but can be implemented for Windows in future if there's a need. Signed-off-by: Sebastiaan van Stijn --- cli/config/configfile/file.go | 3 +++ cli/config/configfile/file_unix.go | 35 +++++++++++++++++++++++++++ cli/config/configfile/file_windows.go | 5 ++++ 3 files changed, 43 insertions(+) create mode 100644 cli/config/configfile/file_unix.go create mode 100644 cli/config/configfile/file_windows.go diff --git a/cli/config/configfile/file.go b/cli/config/configfile/file.go index 388a5d54d69e..a4e97a5caa66 100644 --- a/cli/config/configfile/file.go +++ b/cli/config/configfile/file.go @@ -196,6 +196,9 @@ func (configFile *ConfigFile) Save() error { os.Remove(temp.Name()) return err } + // Try copying the current config file (if any) ownership and permissions + copyFilePermissions(configFile.Filename, temp.Name()) + return os.Rename(temp.Name(), configFile.Filename) } diff --git a/cli/config/configfile/file_unix.go b/cli/config/configfile/file_unix.go new file mode 100644 index 000000000000..3ca65c6140d6 --- /dev/null +++ b/cli/config/configfile/file_unix.go @@ -0,0 +1,35 @@ +// +build !windows + +package configfile + +import ( + "os" + "syscall" +) + +// copyFilePermissions copies file ownership and permissions from "src" to "dst", +// ignoring any error during the process. +func copyFilePermissions(src, dst string) { + var ( + mode os.FileMode = 0600 + uid, gid int + ) + + fi, err := os.Stat(src) + if err != nil { + return + } + if fi.Mode().IsRegular() { + mode = fi.Mode() + } + if err := os.Chmod(dst, mode); err != nil { + return + } + + uid = int(fi.Sys().(*syscall.Stat_t).Uid) + gid = int(fi.Sys().(*syscall.Stat_t).Gid) + + if uid > 0 && gid > 0 { + _ = os.Chown(dst, uid, gid) + } +} diff --git a/cli/config/configfile/file_windows.go b/cli/config/configfile/file_windows.go new file mode 100644 index 000000000000..42fffc39ad2e --- /dev/null +++ b/cli/config/configfile/file_windows.go @@ -0,0 +1,5 @@ +package configfile + +func copyFilePermissions(src, dst string) { + // TODO implement for Windows +}