HealthCheck-Diagnostic-FilePermissions

 view release on metacpan or  search on metacpan

lib/HealthCheck/Diagnostic/FilePermissions.pm  view on Meta::CPAN

    my ($self, $file, $access) = @_;

    # Run the tests and construct the error messages, identifying which
    # access operation failed.
    my $info = "Permissions for '$file':";
    my @access_errors;
    my %actual = (
        read    => -r $file,
        write   => -w $file,
        execute => -x $file,
    );
    foreach ( sort keys %$access ) {
        push @{ $access_errors[ $access->{$_} ] }, $_
            if $access->{$_} xor $actual{$_};
    }

    # Return a default success access permission info message if it found
    # no errors.
    return {
        status => 'OK',
        info   => qq{Have correct access for '$file'},
    } unless @access_errors;

    # Summarize the failed info messages in the results.
    my @info;
    push @info, 'Must have permission to '.
        $self->pretty_join( @{ $access_errors[1] } ).qq{ '$file'}
        if @{ $access_errors[1] || [] };
    push @info, 'Must not have permission to '.
        $self->pretty_join( @{ $access_errors[0] } ).qq{ '$file'}
        if @{ $access_errors[0] || [] };
    return {
        status => 'CRITICAL',
        info   => join( '; ', @info ),
    };
}

sub check_permissions {
    my ($self, $file, $permissions) = @_;

    # Stringify the expected and actual permissions so that they can be
    # easily understood.
    my $actual   = sprintf( '%04o', ( stat($file) )[2] & 07777 );
    my $expected = sprintf( '%04o', $permissions & 07777 );

    return {
        status => 'CRITICAL',
        info   => "Permissions should be $expected but ".
            "are $actual for '$file'",
    } if $expected != $actual;

    return {
        status => 'OK',
        info   => qq{Permissions are $actual for '$file'},
    };
}

sub check_owner {
    my ($self, $file, $owner) = @_;

    my $actual = getpwuid( ( stat $file )[4] );
    return {
        status => 'CRITICAL',
        info   => qq{Owner should be $owner but is $actual for '$file'},
    } unless $actual eq $owner;

    return {
        status => 'OK',
        info   => qq{Owner is $owner for '$file'},
    };
}

sub check_group {
    my ($self, $file, $group) = @_;

    my $actual = getgrgid( ( stat $file )[5] );
    return {
        status => 'CRITICAL',
        info   => qq{Group should be $group but is $actual for '$file'},
    } unless $actual eq $group;

    return {
        status => 'OK',
        info   => qq{Group is $group for '$file'},
    };
}

1;

__END__

=pod

=encoding UTF-8

=head1 NAME

HealthCheck::Diagnostic::FilePermissions - Check the paths for expected permissions in a HealthCheck

=head1 VERSION

version v1.4.8

=head1 SYNOPSIS

    use HealthCheck::Diagnostic::FilePermissions;

    # Just check that a file exists, without instantiating anything.
    HealthCheck::Diagnostic::FilePermissions->check(
        files => [ '/tmp', '/other_directory' ],
    );

    # Check that some files have certain permissions.
    my $d = HealthCheck::Diagnostic::FilePermissions->new(
        files => [ '/tmp', '/var/nfs' ],
    );
    $d->check( permissions => 0777 );

    # Check that it has access to the file(s).
    $d->check( access => 'x' );    # Can execute files.
    $d->check( access => 'rw' );   # Can read and write files.



( run in 0.773 second using v1.01-cache-2.11-cpan-6aa56a78535 )