check auth before trying to own a file

fix #1157
2026-01-14 11:09:11 +08:00 · 2015-12-28 12:33:54 +01:00 · 2015-12-28 12:33:54 +01:00 · c805bd2960
commit c805bd2960
parent d199e76cea
2 changed files with 21 additions and 2 deletions
--- a/gunicorn/glogging.py
+++ b/gunicorn/glogging.py
@ -338,8 +338,9 @@ class Logger(object):
                util.check_is_writeable(output)
                h = logging.FileHandler(output)
                # make sure the user can reopen the file
-                os.chown(h.baseFilename, self.cfg.user, self.cfg.group)
-
+                if not util.is_writable(h.baseFilename, self.cfg.user,
+                        self.cfg.group):
+                    os.chown(h.baseFilename, self.cfg.user, self.cfg.group)
            h.setFormatter(fmt)
            h._gunicorn = True
            log.addHandler(h)
--- a/gunicorn/util.py
+++ b/gunicorn/util.py
@ -7,12 +7,15 @@ from __future__ import print_function

 import email.utils
 import fcntl
+import grp
 import io
 import os
 import pkg_resources
+import pwd
 import random
 import resource
 import socket
+import stat
 import sys
 import textwrap
 import time
@ -159,6 +162,21 @@ def chown(path, uid, gid):
    gid = abs(gid) & 0x7FFFFFFF  # see note above.
    os.chown(path, uid, gid)

+def is_writable(path, uid, gid):
+    gid = abs(gid) & 0x7FFFFFFF
+    st = os.stat(path)
+
+    if st.st_uid == uid:
+        return st.st_mode & st.S_IWUSR != 0
+
+    user = pwd.getpwuid(uid)[0]
+    groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
+    groups.append(gid)
+
+    if st.st_gid in groups:
+        return st.st_mode & stat.S_IWGRP != 0
+
+    return st.st_mode & stat.S_IWOTH != 0

 if sys.platform.startswith("win"):
    def _waitfor(func, pathname, waitall=False):