k8s.io/kubernetes@v1.29.3/test/images/agnhost/mounttest/filePermissions.ps1

k8s.io/kubernetes@v1.29.3/test/images/agnhost/mounttest/filePermissions.ps1 (about)

     1  # Copyright 2019 The Kubernetes Authors.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  Param(
    16    [string]$FileName = $(throw "-FileName is required.")
    17   )
    18  
    19  
    20  # read = read data | read attributes
    21  $READ_PERMISSIONS = 0x0001 -bor 0x0080
    22  
    23  # write = write data | append data | write attributes | write EA
    24  $WRITE_PERMISSIONS = 0x0002 -bor 0x0004 -bor 0x0100 -bor  0x0010
    25  
    26  # execute = read data | file execute
    27  $EXECUTE_PERMISSIONS = 0x0001 -bor 0x0020
    28  
    29  
    30  function GetFilePermissions($path) {
    31      $fileAcl = Get-Acl -Path $path
    32      $fileOwner = $fileAcl.Owner
    33      $fileGroup = $fileAcl.Group
    34  
    35      $userMask = 0
    36      $groupMask = 0
    37      $otherMask = 0
    38  
    39      foreach ($rule in $fileAcl.Access) {
    40          if ($rule.AccessControlType -ne [Security.AccessControl.AccessControlType]::Allow) {
    41              # not an allow rule, skipping.
    42              continue
    43          }
    44  
    45          $mask = 0
    46          $rights = $rule.FileSystemRights.value__
    47          # convert mask.
    48          if ( ($rights -band $READ_PERMISSIONS) -eq $READ_PERMISSIONS ) {
    49              $mask = $mask -bor 4
    50          }
    51          if ( ($rights -band $WRITE_PERMISSIONS) -eq $WRITE_PERMISSIONS ) {
    52              $mask = $mask -bor 2
    53          }
    54          if ( ($rights -band $EXECUTE_PERMISSIONS) -eq $EXECUTE_PERMISSIONS ) {
    55              $mask = $mask -bor 1
    56          }
    57  
    58          # detect mask type.
    59          if ($rule.IdentityReference.Value.Equals($fileOwner)) {
    60              $userMask = $mask
    61          }
    62          if ($rule.IdentityReference.Value.Equals($fileGroup)) {
    63              $groupMask = $mask
    64          }
    65          if ($rule.IdentityReference.Value.ToLower().Contains("users")) {
    66              $otherMask = $mask
    67          }
    68      }
    69  
    70      return "$userMask$groupMask$otherMask"
    71  }
    72  
    73  $mask = GetFilePermissions($FileName)
    74  if (-not $?) {
    75      exit 1
    76  }
    77  
    78  # print the permission mask Linux-style.
    79  echo "0$mask"