From 0bf9bed776ee8a46d57c507b66c5bede0e0d363d Mon Sep 17 00:00:00 2001 From: virusdefender Date: Fri, 10 Aug 2018 09:33:29 +0800 Subject: [PATCH] fix permission --- Dockerfile | 2 +- server/config.py | 4 ++-- server/entrypoint.sh | 3 ++- server/server.py | 15 ++++++++++----- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 35ff25f..b2a8d9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN buildDeps='software-properties-common git libtool cmake python-dev python3-p mkdir build && cd build && cmake .. && make && make install && cd ../bindings/Python && python3 setup.py install && \ apt-get purge -y --auto-remove $buildDeps && \ apt-get clean && rm -rf /var/lib/apt/lists/* && \ - mkdir -p /code && useradd -r compiler + mkdir -p /code && useradd -r compiler && useradd -r code HEALTHCHECK --interval=5s --retries=3 CMD python3 /code/service.py ADD server /code diff --git a/server/config.py b/server/config.py index 1e8a1ea..ed04b83 100644 --- a/server/config.py +++ b/server/config.py @@ -10,8 +10,8 @@ COMPILER_LOG_PATH = os.path.join(LOG_BASE, "compile.log") JUDGER_RUN_LOG_PATH = os.path.join(LOG_BASE, "judger.log") SERVER_LOG_PATH = os.path.join(LOG_BASE, "judge_server.log") -RUN_USER_UID = pwd.getpwnam("nobody").pw_uid -RUN_GROUP_GID = grp.getgrnam("nogroup").gr_gid +RUN_USER_UID = pwd.getpwnam("code").pw_uid +RUN_GROUP_GID = grp.getgrnam("code").gr_gid COMPILER_USER_UID = pwd.getpwnam("compiler").pw_uid COMPILER_GROUP_GID = grp.getgrnam("compiler").gr_gid diff --git a/server/entrypoint.sh b/server/entrypoint.sh index 817642d..f21250f 100755 --- a/server/entrypoint.sh +++ b/server/entrypoint.sh @@ -1,7 +1,8 @@ #!/bin/bash rm -rf /judger/* mkdir -p /judger/run /judger/spj -chown compiler:compiler /judger/spj +chown -R compiler:compiler /judger/ +chmod -R 771 /judger/ core=$(grep --count ^processor /proc/cpuinfo) n=$(($core*2)) exec gunicorn --workers $n --threads $n --error-logfile /log/gunicorn.log --time 600 --bind 0.0.0.0:8080 server:app diff --git a/server/server.py b/server/server.py index c4fe300..5e70d11 100644 --- a/server/server.py +++ b/server/server.py @@ -6,7 +6,7 @@ import uuid from flask import Flask, request, Response from compiler import Compiler -from config import JUDGER_WORKSPACE_BASE, SPJ_SRC_DIR, SPJ_EXE_DIR +from config import JUDGER_WORKSPACE_BASE, SPJ_SRC_DIR, SPJ_EXE_DIR, COMPILER_GROUP_GID from exception import TokenVerificationFailed, CompileError, SPJCompileError, JudgeClientError from judge_client import JudgeClient from utils import server_info, logger, token @@ -23,7 +23,8 @@ class InitSubmissionEnv(object): def __enter__(self): try: os.mkdir(self.path) - os.chmod(self.path, 0o777) + os.chown(self.path, 0, COMPILER_GROUP_GID) + os.chmod(self.path, 0o771) except Exception as e: logger.exception(e) raise JudgeClientError("failed to create runtime dir") @@ -102,10 +103,14 @@ class JudgeServer: if not os.path.exists(spj_src_path): with open(spj_src_path, "w", encoding="utf-8") as f: f.write(src) + os.chown(spj_src_path, 0, COMPILER_GROUP_GID) + os.chmod(spj_src_path, 0o660) + try: - Compiler().compile(compile_config=spj_compile_config, - src_path=spj_src_path, - output_dir=SPJ_EXE_DIR) + exe_path = Compiler().compile(compile_config=spj_compile_config, + src_path=spj_src_path, + output_dir=SPJ_EXE_DIR) + os.chmod(exe_path, 0o771) # turn common CompileError into SPJCompileError except CompileError as e: raise SPJCompileError(e.message)