Files
Nexus/server/utils/files_chmod_policy.py
T

30 lines
702 B
Python

"""Safety policy for recursive remote chmod."""
from __future__ import annotations
# Paths that must never receive chmod -R / chown -R via the UI.
FORBIDDEN_RECURSIVE_CHMOD_PATHS = frozenset({
"/",
"/bin",
"/boot",
"/dev",
"/etc",
"/lib",
"/lib64",
"/proc",
"/run",
"/sbin",
"/sys",
"/usr",
"/var",
})
RECURSIVE_CHMOD_TIMEOUT_SEC = 300
SINGLE_CHMOD_TIMEOUT_SEC = 15
def assert_recursive_chmod_allowed(remote_path: str) -> None:
"""Raise ValueError if recursive chmod must be rejected for this path."""
if remote_path in FORBIDDEN_RECURSIVE_CHMOD_PATHS:
raise ValueError(f"禁止对系统路径递归修改权限: {remote_path}")