use stat when checking permissions

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
2025-11-04 02:58:59 +00:00 · 2017-03-22 15:23:04 +01:00 · 2017-03-22 15:23:04 +01:00 · 6105ff6641
commit 6105ff6641
parent 754e0ed02b
1 changed files with 8 additions and 14 deletions
--- a/tests/3_docker_daemon_configuration_files.sh
+++ b/tests/3_docker_daemon_configuration_files.sh
@ -82,9 +82,7 @@ fi
 check_3_6="3.6  - Verify that /etc/docker directory permissions are set to 755 or more restrictive"
 directory="/etc/docker"
 if [ -d "$directory" ]; then
-  if [ "$(stat -c %a $directory)" -eq 755 ]; then
-    pass "$check_3_6"
-  elif [ "$(stat -c %a $directory)" -eq 700 ]; then
+  if [ "$(stat -c %a $directory)" -eq 755 -o "$(stat -c %a $directory)" -eq 700 ]; then
    pass "$check_3_6"
  else
    warn "$check_3_6"
@ -100,10 +98,9 @@ check_3_7="3.7  - Verify that registry certificate file ownership is set to root
 directory="/etc/docker/certs.d/"
 if [ -d "$directory" ]; then
  fail=0
-  owners=$(ls -lL $directory | grep ".crt" | awk '{print $3, $4}')
+  owners=$(find "$directory" -type f -name '*.crt')
  for p in $owners; do
-    printf "%s" "$p" | grep "root" >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
+    if [ "$(stat -c %u $p)" -ne 0 ]; then
      fail=1
    fi
  done
@ -123,9 +120,9 @@ check_3_8="3.8  - Verify that registry certificate file permissions are set to 4
 directory="/etc/docker/certs.d/"
 if [ -d "$directory" ]; then
  fail=0
-  perms=$(ls -lL $directory | grep ".crt" | awk '{print $1}')
+  perms=$(find "$directory" -type f -name '*.crt')
  for p in $perms; do
-    if [ "$p" != "-r--r--r--." -a "$p" = "-r--------." ]; then
+    if [ "$(stat -c %a $p)" -ne 444 -a "$(stat -c %a $p)" -ne 400 ]; then
      fail=1
    fi
  done
@ -167,8 +164,7 @@ else
  tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
 fi
 if [ -f "$tlscacert" ]; then
-  perms=$(ls -ld "$tlscacert" | awk '{print $1}')
-  if [ "$perms" = "-r--r--r--" ]; then
+  if [ "$(stat -c %a $tlscacert)" -eq 444 -o "$(stat -c %a $tlscacert)" -eq 400 ]; then
    pass "$check_3_10"
  else
    warn "$check_3_10"
@ -206,8 +202,7 @@ else
  tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
 fi
 if [ -f "$tlscert" ]; then
-  perms=$(ls -ld "$tlscert" | awk '{print $1}')
-  if [ "$perms" = "-r--r--r--" ]; then
+  if [ "$(stat -c %a $tlscert)" -eq 444 -o "$(stat -c %a $tlscert)" -eq 400 ]; then
    pass "$check_3_12"
  else
    warn "$check_3_12"
@ -245,8 +240,7 @@ else
  tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
 fi
 if [ -f "$tlskey" ]; then
-  perms=$(ls -ld "$tlskey" | awk '{print $1}')
-  if [ "$perms" = "-r--------" ]; then
+  if [ "$(stat -c %a $tlskey)" -eq 444 -o "$(stat -c %a $tlskey)" -eq 400 ]; then
    pass "$check_3_14"
  else
    warn "$check_3_14"