func NewUidShiftingFilePermEditor(uidRange *user.UidRange) (FilePermissionsEditor, error) { if os.Geteuid() != 0 { return func(_ string, _, _ int, _ byte, _ os.FileInfo) error { // The files are owned by the current user on creation. // If we do nothing, they will remain so. return nil }, nil } return func(path string, uid, gid int, typ byte, fi os.FileInfo) error { shiftedUid, shiftedGid, err := uidRange.ShiftRange(uint32(uid), uint32(gid)) if err != nil { return err } if err := os.Lchown(path, int(shiftedUid), int(shiftedGid)); err != nil { return err } // lchown(2) says that, depending on the linux kernel version, it // can change the file's mode also if executed as root. So call // os.Chmod after it. if typ != tar.TypeSymlink { if err := os.Chmod(path, fi.Mode()); err != nil { return err } } return nil }, nil }
func CopyTree(src, dest string, uidRange *user.UidRange) error { cleanSrc := filepath.Clean(src) dirs := make(map[string][]syscall.Timespec) copyWalker := func(path string, info os.FileInfo, err error) error { if err != nil { return err } rootLess := path[len(cleanSrc):] target := filepath.Join(dest, rootLess) mode := info.Mode() switch { case mode.IsDir(): err := os.Mkdir(target, mode.Perm()) if err != nil { return err } dir, err := os.Open(target) if err != nil { return err } if err := dir.Chmod(mode); err != nil { dir.Close() return err } dir.Close() case mode.IsRegular(): if err := CopyRegularFile(path, target); err != nil { return err } case mode&os.ModeSymlink == os.ModeSymlink: if err := CopySymlink(path, target); err != nil { return err } case mode&os.ModeCharDevice == os.ModeCharDevice: stat := syscall.Stat_t{} if err := syscall.Stat(path, &stat); err != nil { return err } dev := device.Makedev(device.Major(stat.Rdev), device.Minor(stat.Rdev)) mode := uint32(mode) | syscall.S_IFCHR if err := syscall.Mknod(target, mode, int(dev)); err != nil { return err } case mode&os.ModeDevice == os.ModeDevice: stat := syscall.Stat_t{} if err := syscall.Stat(path, &stat); err != nil { return err } dev := device.Makedev(device.Major(stat.Rdev), device.Minor(stat.Rdev)) mode := uint32(mode) | syscall.S_IFBLK if err := syscall.Mknod(target, mode, int(dev)); err != nil { return err } case mode&os.ModeNamedPipe == os.ModeNamedPipe: if err := syscall.Mkfifo(target, uint32(mode)); err != nil { return err } default: return fmt.Errorf("unsupported mode: %v", mode) } var srcUid = info.Sys().(*syscall.Stat_t).Uid var srcGid = info.Sys().(*syscall.Stat_t).Gid shiftedUid, shiftedGid, err := uidRange.ShiftRange(srcUid, srcGid) if err != nil { return err } if err := os.Lchown(target, int(shiftedUid), int(shiftedGid)); err != nil { return err } // lchown(2) says that, depending on the linux kernel version, it // can change the file's mode also if executed as root. So call // os.Chmod after it. if mode&os.ModeSymlink != os.ModeSymlink { if err := os.Chmod(target, mode); err != nil { return err } } ts, err := pathToTimespec(path) if err != nil { return err } if mode.IsDir() { dirs[target] = ts } if mode&os.ModeSymlink != os.ModeSymlink { if err := syscall.UtimesNano(target, ts); err != nil { return err } } else { if err := LUtimesNano(target, ts); err != nil { return err } } return nil } if err := filepath.Walk(cleanSrc, copyWalker); err != nil { return err } // Restore dirs atime and mtime. This has to be done after copying // as a file copying will change its parent directory's times. for dirPath, ts := range dirs { if err := syscall.UtimesNano(dirPath, ts); err != nil { return err } } return nil }