编程测试的任意用户是否可以访问的任意文件 [英] Programmatically test whether an arbitrary user has access to an arbitrary file

问题描述

我希望能够编写规定用户测试或规格 soandso 可以阅读或编辑文件 such_and_such 。虽然我最终会像这是RSpec的，我假设它要么全部归结为猛砸命令（整齐地裹在Ruby方法，当然），因为它似乎并没有在Ruby中的File类可用，或别的我看着。我一直在四处狩猎的东西在Bash中做到这一点，并不能找到任何东西（并没有什么File类看起来不是很有用）。 （注：File.owned做的不的做我想做的，因为它只能检测是否运行Ruby的code的过程是主人，如果不是任意用户有权修改或阅读，所以它在两个方面显著不同。）

I'd like to be able to write tests or specs that state that user soandso can read or edit file such_and_such. Although I would ultimately like this to be in RSpec, I'm assuming it will either all boil down to Bash commands (neatly wrapped in Ruby methods, of course), since it doesn't seem to be available in Ruby's File class, or anything else I've looked at. I've been hunting around for something in Bash to do this, and can't find anything (and nothing in the File class looks useful either). (Note: File.owned? does not do what I want, as it only tests if the process running the Ruby code is the owner, not if any arbitrary user has rights to edit or read, so it's significantly different on two counts.)

有没有办法做到这一点，内置击？ （或Ruby，或一些红宝石的宝石，我错过了吗？）或者我需要建立一个系统的自己，通过获取所有者和组信息的文件，以及读，写，并为每个执行位，然后期待了该组的成员（如果 so_and_so 是不是所有者），如果所需的权限可用于 soandso 无论是通过所有权或组成员？

Is there any way to do this, built into Bash? (Or Ruby, or some Ruby gem, that I missed?) Or do I need to build a system myself, by getting owner and group info for the file, as well as read, write, and execute bits for each, and then looking up members of the group (in case so_and_so is not the owner), and seeing if the desired permissions are available to soandso either through ownership or group membership?

我目前只关注于类Unix系统这样做，虽然不是依赖于Unix外壳的东西，这也将在Windows上运行将是一个不错的奖金。

I'm currently only concerned about doing this on Unix-like systems, although something not dependent on a Unix shell that would also run on Windows would be a nice bonus.

另外，我感兴趣的是测试的实际的文件，所以像FakeFS不是（据我可以看到）对我有用。我并不想测试我的红宝石code将如何与文件系统进行交互，我试图验证所有必要的操作都可以在实际的文件和目录进行。 （再次）我希望能够指定 soandso 可编辑（或读）文件 such_and_such ，<强>的不的指定的文件 such_and_such 是 soandso 拥有。这样做的整点的不的指定所有权（因为这是一个实现细节，可能需要改变，以适应其他要求，如安全性），但只有指定的内容我的应用程序和用户的实际的需要能够做/文件系统。

Also, I'm interested in testing actual files, so something like FakeFS is not (as far as I can see) useful to me. I'm not trying to test how my Ruby code will interact with a file system, I'm trying to verify that all the necessary operations can be performed on actual files and directories. (Again,) I want to be able to specify that soandso can edit (or read) file such_and_such, NOT specify that file such_and_such is owned by soandso. The whole point of this is not specifying ownership (since that's an implementation detail and may need to change to accommodate other requirements, such as security) but only specify what my application and users actually need to be able to do to/in the file system.

推荐答案

如果用户在运行你的Ruby脚本有必要的权限，你可以尝试运行测试用须藤。

If the user running your Ruby script has the necessary permissions, you could try running a test with the specific user with sudo.

sudo -u soandso test -r such_and_such

-r 测试可读性， -w 可写。返回code是 0 如果测试通过。

-r tests readability, -w writability. The return code is 0 if the test is passed.

顺便说一句，我觉得，既然功能，您正在寻找可能只适用于超级用户（因为搞清楚别人是否有足够的权限，需要你至少拥有读权限），这是有道理的这不是在Ruby中File类一应俱全。

By the way, I think that since the feature you are looking for could only be available for the super-user (since figuring out whether someone else has enough permissions would need you to have read permissions at least), it makes sense that it is not readily available in Ruby File class.

这篇关于编程测试的任意用户是否可以访问的任意文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！