fix permission

2018-08-10 09:33:29 +08:00 · 2018-08-10 09:33:29 +08:00 · 8b43f60acd
parent b62c76c5c5
commit 8b43f60acd
4 changed files with 11 additions and 6 deletions
--- a/2
+++ b/2
@ -10,7 +10,7 @@ RUN buildDeps='software-properties-common git libtool cmake python-dev python3-p
    mkdir build && cd build && cmake .. && make && make install && cd ../bindings/Python && python3 setup.py install && \
    apt-get purge -y --auto-remove $buildDeps && \
    apt-get clean && rm -rf /var/lib/apt/lists/* && \
-    mkdir -p /code && useradd -r compiler
+    mkdir -p /code && useradd -r compiler && useradd -r code

 HEALTHCHECK --interval=5s --retries=3 CMD python3 /code/service.py
 ADD server /code
--- a/server/config.py
+++ b/server/config.py
@ -10,8 +10,8 @@ COMPILER_LOG_PATH = os.path.join(LOG_BASE, "compile.log")
 JUDGER_RUN_LOG_PATH = os.path.join(LOG_BASE, "judger.log")
 SERVER_LOG_PATH = os.path.join(LOG_BASE, "judge_server.log")

-RUN_USER_UID = pwd.getpwnam("nobody").pw_uid
-RUN_GROUP_GID = grp.getgrnam("nogroup").gr_gid
+RUN_USER_UID = pwd.getpwnam("code").pw_uid
+RUN_GROUP_GID = grp.getgrnam("code").gr_gid

 COMPILER_USER_UID = pwd.getpwnam("compiler").pw_uid
 COMPILER_GROUP_GID = grp.getgrnam("compiler").gr_gid
--- a/server/entrypoint.sh
+++ b/server/entrypoint.sh
@ -2,6 +2,7 @@
 rm -rf /judger/*
 mkdir -p /judger/run /judger/spj
 chown compiler:compiler /judger/spj
+chmod 771 /judger/spj
 core=$(grep --count ^processor /proc/cpuinfo)
 n=$(($core*2))
 exec gunicorn --workers $n --threads $n --error-logfile /log/gunicorn.log --time 600 --bind 0.0.0.0:8080 server:app
--- a/server/server.py
+++ b/server/server.py
@ -102,10 +102,14 @@ class JudgeServer:
        if not os.path.exists(spj_src_path):
            with open(spj_src_path, "w", encoding="utf-8") as f:
                f.write(src)
+            os.chown(spj_src_path, 0, COMPILER_GROUP_GID)
+            os.chmod(spj_src_path, 0o660)
+
        try:
-            Compiler().compile(compile_config=spj_compile_config,
-                               src_path=spj_src_path,
-                               output_dir=SPJ_EXE_DIR)
+            exe_path = Compiler().compile(compile_config=spj_compile_config,
+                                          src_path=spj_src_path,
+                                          output_dir=SPJ_EXE_DIR)
+            os.chmod(exe_path, 0o771)
        # turn common CompileError into SPJCompileError
        except CompileError as e:
            raise SPJCompileError(e.message)