Issue #3052541 by heddn, mbaynton, catch: Checker: File owner and php script user are different

866db2e7 · Lucas Hedding · Lucas Hedding · 74c95e01 · 866db2e7 · 866db2e7
Commit 866db2e7 authored 5 years ago by Lucas Hedding Committed by Lucas Hedding 5 years ago
--- a/automatic_updates.services.yml
+++ b/automatic_updates.services.yml
@@ -55,3 +55,9 @@ services:
      - '@automatic_updates.drupal_finder'
    tags:
      - { name: readiness_checker, category: warning}
+  automatic_updates.file_ownership:
+    class: Drupal\automatic_updates\ReadinessChecker\FileOwnership
+    arguments:
+      - '@automatic_updates.drupal_finder'
+    tags:
+      - { name: readiness_checker, category: warning}
--- a/src/ReadinessChecker/FileOwnership.php
+++ b/src/ReadinessChecker/FileOwnership.php
+<?php
+namespace Drupal\automatic_updates\ReadinessChecker;
+use Drupal\Core\StringTranslation\StringTranslationTrait;
+use DrupalFinder\DrupalFinder;
+/**
+ * File ownership checker.
+ */
+class FileOwnership extends Filesystem {
+  use StringTranslationTrait;
+  /**
+   * FileOwnership constructor.
+   *
+   * @param \DrupalFinder\DrupalFinder $drupal_finder
+   *   The Drupal finder.
+   */
+  public function __construct(DrupalFinder $drupal_finder) {
+    $this->drupalFinder = $drupal_finder;
+  }
+  /**
+   * {@inheritdoc}
+   */
+  protected function doCheck() {
+    $file_path = $this->getRootPath() . '/core/core.api.php';
+    return $this->ownerIsScriptUser($file_path);
+  }
+  /**
+   * Check if file is owned by the same user as which is running the script.
+   *
+   * Helps identify scenarios when the check is run by web user and the files
+   * are owned by a non-web user.
+   *
+   * @param string $file_path
+   *   The file path to check.
+   *
+   * @return array
+   *   An array of translatable strings if there are file ownership issues.
+   */
+  protected function ownerIsScriptUser($file_path) {
+    $messages = [];
+    if (function_exists('posix_getuid')) {
+      $file_owner_uid = fileowner($file_path);
+      $script_uid = posix_getuid();
+      if ($file_owner_uid !== $script_uid) {
+        $messages[] = $this->t('Files are owned by uid "@owner" but PHP is running as uid "@actual". The file owner and PHP user should be the same during an update.', [
+          '@owner' => $file_owner_uid,
+          '@file' => $file_path,
+          '@actual' => $script_uid,
+        ]);
+      }
+    }
+    return $messages;
+  }
+}
--- a/tests/src/Kernel/ReadinessChecker/FileOwnershipTest.php
+++ b/tests/src/Kernel/ReadinessChecker/FileOwnershipTest.php
+<?php
+namespace Drupal\Tests\automatic_updates\Kernel\ReadinessChecker;
+use Drupal\automatic_updates\ReadinessChecker\FileOwnership;
+use Drupal\KernelTests\KernelTestBase;
+use org\bovigo\vfs\vfsStream;
+/**
+ * Tests modified code readiness checking.
+ *
+ * @group automatic_updates
+ */
+class FileOwnershipTest extends KernelTestBase {
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = [
+    'automatic_updates',
+  ];
+  /**
+   * Tests the functionality of modified code readiness checks.
+   */
+  public function testFileOwnership() {
+    // No ownership problems.
+    $file_ownership = new FileOwnership($this->container->get('automatic_updates.drupal_finder'));
+    $messages = $file_ownership->run();
+    $this->assertEmpty($messages);
+    // Ownership problems.
+    $file_ownership = new TestFileOwnership($this->container->get('automatic_updates.drupal_finder'));
+    $messages = $file_ownership->run();
+    $this->assertCount(1, $messages);
+    $this->assertStringStartsWith('Files are owned by uid "23"', (string) $messages[0]);
+    $this->assertStringEndsWith('The file owner and PHP user should be the same during an update.', (string) $messages[0]);
+  }
+}
+/**
+ * Class TestFileOwnership.
+ */
+class TestFileOwnership extends FileOwnership {
+  /**
+   * {@inheritdoc}
+   */
+  protected function doCheck() {
+    $file_stream = vfsStream::setup('core', '755', ['core.api.php' => 'contents']);
+    $file = $file_stream->getChild('core.api.php');
+    $file->chown(23)->chgrp(23);
+    return $this->ownerIsScriptUser($file->url());
+  }
+}
--- a/tests/src/Kernel/ReadinessChecker/ModifiedCodeTest.php
+++ b/tests/src/Kernel/ReadinessChecker/ModifiedCodeTest.php
@@ -3,7 +3,6 @@
 namespace Drupal\Tests\automatic_updates\Kernel\ReadinessChecker;
 use Drupal\automatic_updates\ReadinessChecker\ModifiedCode;
-use Drupal\Core\StringTranslation\StringTranslationTrait;
 use Drupal\KernelTests\KernelTestBase;
 /**
@@ -12,7 +11,6 @@ use Drupal\KernelTests\KernelTestBase;
 * @group automatic_updates
 */
 class ModifiedCodeTest extends KernelTestBase {
-  use StringTranslationTrait;
  /**
   * {@inheritdoc}