Port #53681 to master

saltstack · May 7, 2020 · 09c5d8b · 09c5d8b
1 parent 42dccb8
commit 09c5d8b
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 4 deletions.
diff --git a/salt/utils/user.py b/salt/utils/user.py
@@ -254,18 +254,24 @@ def chugid_and_umask(runas, umask, group=None):
     set_grp = False
 
     current_user = getpass.getuser()
+    current_grp = grp.getgrgid(pwd.getpwnam(getpass.getuser()).pw_gid).gr_name
+
     if runas and runas != current_user:
         set_runas = True
         runas_user = runas
     else:
         runas_user = current_user
 
-    current_grp = grp.getgrgid(pwd.getpwnam(getpass.getuser()).pw_gid).gr_name
-    if group and group != current_grp:
-        set_grp = True
+    if group:
         runas_grp = group
+        if group != current_grp:
+            set_grp = True
     else:
-        runas_grp = current_grp
+        if runas and runas != current_user:
+            runas_grp = grp.getgrgid(pwd.getpwnam(runas_user).pw_gid).gr_name
+            set_grp = True
+        else:
+            runas_grp = current_grp
 
     if set_runas or set_grp:
         chugid(runas_user, runas_grp)

diff --git a/tests/unit/utils/test_user.py b/tests/unit/utils/test_user.py
@@ -0,0 +1,61 @@
+# -*- coding: utf-8 -*-
+
+# Import python libs
+from __future__ import absolute_import, print_function, unicode_literals
+
+import grp
+import os
+import pwd
+
+# Import salt libs
+import salt.utils.platform
+import salt.utils.user
+from tests.support.mock import patch
+from tests.support.runtests import this_user
+
+# Import Salt Testing libs
+from tests.support.unit import TestCase, skipIf
+
+
+class TestUser(TestCase):
+    @skipIf(salt.utils.platform.is_windows(), "Module not available on Windows")
+    def test_chugid_and_umask(self):
+
+        running_user = this_user()
+        running_group = grp.getgrgid(os.getgid()).gr_name
+
+        gids = {30: "expectedgroup", 20: running_group}
+        getgrnams = {
+            "expectedgroup": grp.struct_group(
+                ("expectedgroup", "*", 30, ["expecteduser"])
+            ),
+            running_group: grp.struct_group((running_group, "*", 20, [running_user])),
+        }
+        getpwnams = {
+            "expecteduser": pwd.struct_passwd(
+                ("expecteduser", "x", 30, 30, "-", "-", "-")
+            ),
+            running_user: pwd.struct_passwd((running_user, "x", 20, 20, "-", "-", "-")),
+        }
+
+        def getgrnam(group):
+            return getgrnams[group]
+
+        def getpwnam(user):
+            return getpwnams[user]
+
+        def getgrgid(gid):
+            return getgrnams[gids[gid]]
+
+        with patch("grp.getgrgid", getgrgid):
+            with patch("grp.getgrnam", getgrnam):
+                with patch("pwd.getpwnam", getpwnam):
+                    with patch("salt.utils.user.chugid") as chugid_mock:
+                        salt.utils.user.chugid_and_umask(
+                            "expecteduser", umask=None, group=running_group
+                        )
+                        chugid_mock.assert_called_with("expecteduser", running_group)
+                        salt.utils.user.chugid_and_umask(
+                            "expecteduser", umask=None, group=None
+                        )
+                        chugid_mock.assert_called_with("expecteduser", "expectedgroup")