Text file src/k8s.io/kubernetes/test/images/agnhost/mounttest/filePermissions.ps1

Documentation: k8s.io/kubernetes/test/images/agnhost/mounttest

     1# Copyright 2019 The Kubernetes Authors.
     2#
     3# Licensed under the Apache License, Version 2.0 (the "License");
     4# you may not use this file except in compliance with the License.
     5# You may obtain a copy of the License at
     6#
     7#     http://www.apache.org/licenses/LICENSE-2.0
     8#
     9# Unless required by applicable law or agreed to in writing, software
    10# distributed under the License is distributed on an "AS IS" BASIS,
    11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12# See the License for the specific language governing permissions and
    13# limitations under the License.
    14
    15Param(
    16  [string]$FileName = $(throw "-FileName is required.")
    17 )
    18
    19
    20# read = read data | read attributes
    21$READ_PERMISSIONS = 0x0001 -bor 0x0080
    22
    23# write = write data | append data | write attributes | write EA
    24$WRITE_PERMISSIONS = 0x0002 -bor 0x0004 -bor 0x0100 -bor  0x0010
    25
    26# execute = read data | file execute
    27$EXECUTE_PERMISSIONS = 0x0001 -bor 0x0020
    28
    29
    30function GetFilePermissions($path) {
    31    $fileAcl = Get-Acl -Path $path
    32    $fileOwner = $fileAcl.Owner
    33    $fileGroup = $fileAcl.Group
    34
    35    $userMask = 0
    36    $groupMask = 0
    37    $otherMask = 0
    38
    39    foreach ($rule in $fileAcl.Access) {
    40        if ($rule.AccessControlType -ne [Security.AccessControl.AccessControlType]::Allow) {
    41            # not an allow rule, skipping.
    42            continue
    43        }
    44
    45        $mask = 0
    46        $rights = $rule.FileSystemRights.value__
    47        # convert mask.
    48        if ( ($rights -band $READ_PERMISSIONS) -eq $READ_PERMISSIONS ) {
    49            $mask = $mask -bor 4
    50        }
    51        if ( ($rights -band $WRITE_PERMISSIONS) -eq $WRITE_PERMISSIONS ) {
    52            $mask = $mask -bor 2
    53        }
    54        if ( ($rights -band $EXECUTE_PERMISSIONS) -eq $EXECUTE_PERMISSIONS ) {
    55            $mask = $mask -bor 1
    56        }
    57
    58        # detect mask type.
    59        if ($rule.IdentityReference.Value.Equals($fileOwner)) {
    60            $userMask = $mask
    61        }
    62        if ($rule.IdentityReference.Value.Equals($fileGroup)) {
    63            $groupMask = $mask
    64        }
    65        if ($rule.IdentityReference.Value.ToLower().Contains("users")) {
    66            $otherMask = $mask
    67        }
    68    }
    69
    70    return "$userMask$groupMask$otherMask"
    71}
    72
    73$mask = GetFilePermissions($FileName)
    74if (-not $?) {
    75    exit 1
    76}
    77
    78# print the permission mask Linux-style.
    79echo "0$mask"

View as plain text