59 lines
1.5 KiB
Python
59 lines
1.5 KiB
Python
"""Safety policy for recursive remote chmod."""
|
|
|
|
from __future__ import annotations
|
|
|
|
# Paths that must never receive chmod -R / chown -R via the UI.
|
|
#
|
|
# ``script_service`` is the explicit administrator shell feature and may run
|
|
# arbitrary commands by design. File-manager permission changes are safer UI
|
|
# actions, so recursive chmod/chown should not be able to accidentally rewrite
|
|
# operating-system trees.
|
|
FORBIDDEN_RECURSIVE_CHMOD_PATHS = frozenset({
|
|
"/",
|
|
"/bin",
|
|
"/boot",
|
|
"/dev",
|
|
"/etc",
|
|
"/lib",
|
|
"/lib64",
|
|
"/proc",
|
|
"/run",
|
|
"/sbin",
|
|
"/sys",
|
|
"/usr",
|
|
"/var",
|
|
})
|
|
|
|
# Block descendants of critical system trees too. ``/var`` is handled more
|
|
# narrowly so common web roots like ``/var/www`` can still be managed, while
|
|
# state/log/package-manager trees remain protected.
|
|
FORBIDDEN_RECURSIVE_CHMOD_PREFIXES = (
|
|
"/bin/",
|
|
"/boot/",
|
|
"/dev/",
|
|
"/etc/",
|
|
"/lib/",
|
|
"/lib64/",
|
|
"/proc/",
|
|
"/run/",
|
|
"/sbin/",
|
|
"/sys/",
|
|
"/usr/",
|
|
"/var/cache/",
|
|
"/var/lib/",
|
|
"/var/log/",
|
|
"/var/run/",
|
|
"/var/spool/",
|
|
)
|
|
|
|
RECURSIVE_CHMOD_TIMEOUT_SEC = 300
|
|
SINGLE_CHMOD_TIMEOUT_SEC = 15
|
|
|
|
|
|
def assert_recursive_chmod_allowed(remote_path: str) -> None:
|
|
"""Raise ValueError if recursive chmod must be rejected for this path."""
|
|
if remote_path in FORBIDDEN_RECURSIVE_CHMOD_PATHS or remote_path.startswith(
|
|
FORBIDDEN_RECURSIVE_CHMOD_PREFIXES
|
|
):
|
|
raise ValueError(f"禁止对系统路径递归修改权限: {remote_path}")
|