1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import errno 6import grp 7import logging 8import os 9import pwd 10import stat 11 12from autotest_lib.client.bin import test, utils 13from autotest_lib.client.common_lib import error 14 15class security_SysLogPermissions(test.test): 16 version = 1 17 18 def run_once(self, baseline='suid'): 19 syslog_uid = pwd.getpwnam('syslog').pw_uid 20 syslog_gid = grp.getgrnam('syslog').gr_gid 21 st = os.stat('/var/log') 22 if not (st.st_mode & stat.S_ISVTX): 23 raise error.TestFail('/var/log is not sticky') 24 if st.st_gid != syslog_gid: 25 raise error.TestFail('/var/log is not group syslog') 26 27 # The /var/log/messages file might be rotated while this test runs. 28 # Be a bit forgiving when it comes to slightly-off settings. 29 try: 30 st = os.stat('/var/log/messages') 31 except OSError as e: 32 # Ignore missing (middle of rotation) files. 33 if e.errno == errno.ENOENT: 34 return 35 raise 36 if st.st_uid == 0 and st.st_size == 0: 37 # Ignore freshly created files. 38 pass 39 elif st.st_uid != syslog_uid: 40 raise error.TestFail('/var/log/messages is not user syslog') 41