From f2847f1266fc5f450e819ebe427c30cebda6843d Mon Sep 17 00:00:00 2001 From: chrislu Date: Wed, 12 Jan 2022 23:58:11 -0800 Subject: [PATCH] POSIX: check deletion permission --- weed/filesys/dir.go | 4 +++ weed/filesys/permission.go | 60 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 weed/filesys/permission.go diff --git a/weed/filesys/dir.go b/weed/filesys/dir.go index 53633b2f1..be140e8df 100644 --- a/weed/filesys/dir.go +++ b/weed/filesys/dir.go @@ -424,6 +424,10 @@ func findFileType(mode uint16) fuse.DirentType { func (dir *Dir) Remove(ctx context.Context, req *fuse.RemoveRequest) error { + if err := checkPermission(dir.entry, req.Uid, req.Gid, true); err != nil { + return err + } + if !req.Dir { return dir.removeOneFile(req) } diff --git a/weed/filesys/permission.go b/weed/filesys/permission.go new file mode 100644 index 000000000..a8c4cd891 --- /dev/null +++ b/weed/filesys/permission.go @@ -0,0 +1,60 @@ +package filesys + +import ( + "github.com/chrislusf/seaweedfs/weed/pb/filer_pb" + "github.com/seaweedfs/fuse" +) + +func checkPermission(entry *filer_pb.Entry, uid, gid uint32, isWrite bool) error { + if entry == nil { + return nil + } + if entry.Attributes == nil { + return nil + } + attr := entry.Attributes + if attr.Uid == uid { + if isWrite { + if attr.FileMode&0002 > 0 { + return nil + } else { + return fuse.EPERM + } + } else { + if attr.FileMode&0004 > 0 { + return nil + } else { + return fuse.EPERM + } + } + } else if attr.Gid == gid { + if isWrite { + if attr.FileMode&0020 > 0 { + return nil + } else { + return fuse.EPERM + } + } else { + if attr.FileMode&0040 > 0 { + return nil + } else { + return fuse.EPERM + } + } + } else { + if isWrite { + if attr.FileMode&0200 > 0 { + return nil + } else { + return fuse.EPERM + } + } else { + if attr.FileMode&0400 > 0 { + return nil + } else { + return fuse.EPERM + } + } + } + +}