certbot.compat.filesystem module¶
Compat module to handle files security on Windows and Linux
- certbot.compat.filesystem.chmod(file_path: str, mode: int) None [source]¶
Apply a POSIX mode on given file_path:
for Linux, the POSIX mode will be directly applied using chmod,
for Windows, the POSIX mode will be translated into a Windows DACL that make sense for Certbot context, and applied to the file using kernel calls.
The definition of the Windows DACL that correspond to a POSIX mode, in the context of Certbot, is explained at https://github.com/certbot/certbot/issues/6356 and is implemented by the method
_generate_windows_flags()
.
- certbot.compat.filesystem.umask(mask: int) int [source]¶
Set the current numeric umask and return the previous umask. On Linux, the built-in umask method is used. On Windows, our Certbot-side implementation is used.
- certbot.compat.filesystem.temp_umask(mask: int) Generator[None, None, None] [source]¶
Apply a umask temporarily, meant to be used in a
with
block. Uses the Certbot implementation of umask.- Parameters
mask (int) – The user file-creation mode mask to apply temporarily
- certbot.compat.filesystem.copy_ownership_and_apply_mode(src: str, dst: str, mode: int, copy_user: bool, copy_group: bool) None [source]¶
Copy ownership (user and optionally group on Linux) from the source to the destination, then apply given mode in compatible way for Linux and Windows. This replaces the os.chown command.
- certbot.compat.filesystem.copy_ownership_and_mode(src: str, dst: str, copy_user: bool = True, copy_group: bool = True) None [source]¶
Copy ownership (user and optionally group on Linux) and mode/DACL from the source to the destination.
- certbot.compat.filesystem.check_mode(file_path: str, mode: int) bool [source]¶
Check if the given mode matches the permissions of the given file. On Linux, will make a direct comparison, on Windows, mode will be compared against the security model.
- certbot.compat.filesystem.check_owner(file_path: str) bool [source]¶
Check if given file is owned by current user.
- certbot.compat.filesystem.check_permissions(file_path: str, mode: int) bool [source]¶
Check if given file has the given mode and is owned by current user.
- certbot.compat.filesystem.open(file_path: str, flags: int, mode: int = 511) int [source]¶
Wrapper of original os.open function, that will ensure on Windows that given mode is correctly applied.
- Parameters
- Returns
the file descriptor to the opened file
- Return type
- Raise
OSError(errno.EEXIST) if the file already exists and os.O_CREAT & os.O_EXCL are set, OSError(errno.EACCES) on Windows if the file already exists and is a directory, and os.O_CREAT is set.
- certbot.compat.filesystem.makedirs(file_path: str, mode: int = 511) None [source]¶
Rewrite of original os.makedirs function, that will ensure on Windows that given mode is correctly applied.
- certbot.compat.filesystem.mkdir(file_path: str, mode: int = 511) None [source]¶
Rewrite of original os.mkdir function, that will ensure on Windows that given mode is correctly applied.
- certbot.compat.filesystem.replace(src: str, dst: str) None [source]¶
Rename a file to a destination path and handles situations where the destination exists.
- certbot.compat.filesystem.realpath(file_path: str) str [source]¶
Find the real path for the given path. This method resolves symlinks, including recursive symlinks, and is protected against symlinks that creates an infinite loop.
- certbot.compat.filesystem.readlink(link_path: str) str [source]¶
Return a string representing the path to which the symbolic link points.
- Parameters
link_path (str) – The symlink path to resolve
- Returns
The path the symlink points to
- Returns
str
- Raise
ValueError if a long path (260> characters) is encountered on Windows
- certbot.compat.filesystem.has_world_permissions(path: str) bool [source]¶
Check if everybody/world has any right (read/write/execute) on a file given its path.
- certbot.compat.filesystem.compute_private_key_mode(old_key: str, base_mode: int) int [source]¶
Calculate the POSIX mode to apply to a private key given the previous private key.
- certbot.compat.filesystem.has_same_ownership(path1: str, path2: str) bool [source]¶
Return True if the ownership of two files given their respective path is the same. On Windows, ownership is checked against owner only, since files do not have a group owner.