1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
//go:build !windows
// +build !windows
package fsutil
import (
"fmt"
"os"
)
// EnsureMaxPermissions tests the provided file info, returning an error if the
// file's permission bits contain excess permissions not set in maxPerms.
//
// For example, a file with permissions -rw------- will successfully validate
// with maxPerms -rw-r--r-- or -rw-rw-r--, but will not validate with maxPerms
// -r-------- (due to excess --w------- permission) or --w------- (due to
// excess -r-------- permission).
//
// Only permission bits of the file modes are considered.
func EnsureMaxPermissions(fi os.FileInfo, maxPerms os.FileMode) error {
gotPerm := fi.Mode().Perm()
forbiddenPerms := (^maxPerms).Perm()
excessPerms := gotPerm & forbiddenPerms
if excessPerms != 0 {
return fmt.Errorf("permission bits for file %v failed validation: want at most %v, got %v with excess perms %v", fi.Name(), maxPerms.Perm(), gotPerm, excessPerms)
}
return nil
}
|
