Merge pull request #1167 from benoitc/fix/gh1157

check auth before trying to own a file
benoitc · Dec 28, 2015 · 94c6dfe · 94c6dfe
2 parents 3fdc113 + c805bd2
commit 94c6dfe
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/gunicorn/glogging.py b/gunicorn/glogging.py
@@ -338,8 +338,9 @@ def _set_handler(self, log, output, fmt):
                 util.check_is_writeable(output)
                 h = logging.FileHandler(output)
                 # make sure the user can reopen the file
-                os.chown(h.baseFilename, self.cfg.user, self.cfg.group)
-
+                if not util.is_writable(h.baseFilename, self.cfg.user,
+                        self.cfg.group):
+                    os.chown(h.baseFilename, self.cfg.user, self.cfg.group)
             h.setFormatter(fmt)
             h._gunicorn = True
             log.addHandler(h)

diff --git a/gunicorn/util.py b/gunicorn/util.py
@@ -7,12 +7,15 @@
 
 import email.utils
 import fcntl
+import grp
 import io
 import os
 import pkg_resources
+import pwd
 import random
 import resource
 import socket
+import stat
 import sys
 import textwrap
 import time
@@ -159,6 +162,21 @@ def chown(path, uid, gid):
     gid = abs(gid) & 0x7FFFFFFF  # see note above.
     os.chown(path, uid, gid)
 
+def is_writable(path, uid, gid):
+    gid = abs(gid) & 0x7FFFFFFF
+    st = os.stat(path)
+
+    if st.st_uid == uid:
+        return st.st_mode & st.S_IWUSR != 0
+
+    user = pwd.getpwuid(uid)[0]
+    groups = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem]
+    groups.append(gid)
+
+    if st.st_gid in groups:
+        return st.st_mode & stat.S_IWGRP != 0
+
+    return st.st_mode & stat.S_IWOTH != 0
 
 if sys.platform.startswith("win"):
     def _waitfor(func, pathname, waitall=False):