Test permissions behaviour, fix write permissions check (might need further work)

3 files changed, 14 insertions, 1 deletions

diff --git a/netfs/daemon/daemonVolume.cpp b/netfs/daemon/daemonVolume.cpp
index e4c65bd..5064b5b 100644
--- a/netfs/daemon/daemonVolume.cpp
+++ b/netfs/daemon/daemonVolume.cpp
@@ -161,7 +161,7 @@ VolumeServer::chmod(const NetFS::ReqEnv & re, const std::string & path, Ice::Int
 	ModeCheck mc(re, root, userLookup, groupLookup);
 	errno = 0;
 	boost::filesystem::path p(resolvePath(path));
-	mc.AssertWrite(p);
+	mc.AssertWritePerms(p);
 	if (::chmod(p.c_str(), mode) != 0) {
 		throw NetFS::SystemError(errno);
 	}
diff --git a/netfs/daemon/modeCheck.cpp b/netfs/daemon/modeCheck.cpp
index dd1464c..df409bf 100644
--- a/netfs/daemon/modeCheck.cpp
+++ b/netfs/daemon/modeCheck.cpp
@@ -52,6 +52,18 @@ ModeCheck::AssertWrite(const boost::filesystem::path & p) const
 	}
 }
 
+void
+ModeCheck::AssertWritePerms(const boost::filesystem::path & p) const
+{
+	if (p != root) {
+		AssertRead(p.parent_path());
+	}
+	auto s = lstat(p);
+	if (s.st_uid != myu && !WritableBy(s, myu, myg)) {
+		throw NetFS::SystemError(EACCES);
+	}
+}
+
 struct stat
 ModeCheck::lstat(const boost::filesystem::path & p)
 {
diff --git a/netfs/daemon/modeCheck.h b/netfs/daemon/modeCheck.h
index 6c3ee2c..54a82e2 100644
--- a/netfs/daemon/modeCheck.h
+++ b/netfs/daemon/modeCheck.h
@@ -14,6 +14,7 @@ class ModeCheck {
 		void AssertRead(const boost::filesystem::path &) const;
 		void AssertWriteParent(const boost::filesystem::path &) const;
 		void AssertWrite(const boost::filesystem::path &) const;
+		void AssertWritePerms(const boost::filesystem::path &) const;
 
 		const uid_t myu;
 		const gid_t myg;