smart_proxy_remote_execution_ssh 0.11.6 → 0.11.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 83470cf5e5dfecb60b6de7c930b1c2ce3c9a72f6e72ff2899a0b6ff45e070f40
-  data.tar.gz: c7f4238e8afeae5b736fb875a126fd9f8f02cea13592d735405423372a312ac0
+  metadata.gz: 946788d46f25e8418f94cc49bef39dbfe926007ab4ff3e267715dd8050f3d09e
+  data.tar.gz: 512b5546a2b45adde95543bf3cd34149115e0ae3782958a7de6d2c6e695557e8
 SHA512:
-  metadata.gz: 1eed8cca586ce7ae3a492c4a3140a67775b4f3e258e3c33d76c06f5451cfc7a107c51be82dfcb703ef9de9b318ed48ba18982208e2b6640042a54c72cbe261cf
-  data.tar.gz: 8f5de27b24ea041026f011e07eeab377cb2733f05e8338ff147f82fc2900106ecaf5a7272a899d5c675b17aca9a99c036467523048c12c666a6a32680acb599e
+  metadata.gz: 01f22953e94eb55a52d96e91e49889a26708e3a0d2d6b4020ab8d3ee2a8924b5936e78c3d4b6d031e68fb02099de9bcdc03be4bf5c627a876915b5e8f8791bbe
+  data.tar.gz: b905fb0c16e1bc6708e242be564dfd70289d6f0ab20fdc78affa64edd1e099070a449367e55151dd11a099ec80d9c91893aac78c6fdb0a797cd3fb0191437d9b

data/lib/smart_proxy_remote_execution_ssh/runners/script_runner.rb

@@ -168,6 +168,7 @@ module Proxy::RemoteExecution::Ssh::Runners
         error: 'Failed to execute script on remote machine, exit code: %{exit_code}.'
       )
       unless @user_method.is_a? NoopUserMethod
+        ensure_effective_user_access(script)
         ensure_remote_command("#{@user_method.cli_command_prefix} #{script}",
                               error: 'Failed to change to effective user, exit code: %{exit_code}',
                               tty: true,
@@ -206,8 +207,11 @@ module Proxy::RemoteExecution::Ssh::Runners
       SCRIPT
       @remote_script_wrapper = upload_data(
         wrapper,
-        File.join(File.dirname(@remote_script), 'script-wrapper'),
-        555)
+        File.join(File.dirname(@remote_script), 'script-wrapper'))
+      ensure_effective_user_access(@remote_script_wrapper, @remote_script)
+      upload_data('', @output_path, 600)
+      ensure_effective_user_access(@output_path, mode: 'rw')
+      @remote_script_wrapper
     end
 
     # the script that initiates the execution
@@ -354,10 +358,10 @@ module Proxy::RemoteExecution::Ssh::Runners
     def cp_script_to_remote(script = @script, name = 'script')
       path = remote_command_file(name)
       @logger.debug("copying script to #{path}:\n#{indent_multiline(script)}")
-      upload_data(sanitize_script(script), path, 555)
+      upload_data(sanitize_script(script), path)
     end
 
-    def upload_data(data, path, permissions = 555)
+    def upload_data(data, path, permissions = 500)
       ensure_remote_directory File.dirname(path)
       # We use tee here to pipe stdin coming from ssh to a file at $path, while silencing its output
       # This is used to write to $path with elevated permissions, solutions using cat and output redirection
@@ -414,5 +418,11 @@ module Proxy::RemoteExecution::Ssh::Runners
         @expecting_disconnect = true
       end
     end
+
+    def ensure_effective_user_access(*paths, mode: 'rx')
+      unless @user_method.is_a? NoopUserMethod
+        ensure_remote_command("setfacl -m u:#{@user_method.effective_user}:#{mode} #{paths.join(' ')}")
+      end
+    end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/version.rb

@@ -1,7 +1,7 @@
 module Proxy
   module RemoteExecution
     module Ssh
-      VERSION = '0.11.6'
+      VERSION = '0.11.7'
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_remote_execution_ssh
 version: !ruby/object:Gem::Version
-  version: 0.11.6
+  version: 0.11.7
 platform: ruby
 authors:
 - Ivan Nečas
@@ -236,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Ssh remote execution provider for Foreman Smart-Proxy
 test_files: []