Create a helper function to unify permission and ownership setting in a cross-platform way

Author: h2zh

config/init_server_creds.go

@@ -708,19 +708,8 @@ func GeneratePEM(dir string) (key jwk.Key, err error) {
 		return nil, errors.Wrap(err, "failed to get pelican user for setting ownership")
 	}
 
-	// Windows does not have "chown", has to work differently
-	currentOS := runtime.GOOS
-	if currentOS == "windows" {
-		cmd := exec.Command("icacls", fname, "/grant", user.Username+":F")
-		output, err := cmd.CombinedOutput()
-		if err != nil {
-			return nil, errors.Wrapf(err, "failed to chown generated key %v to daemon group %v: %s",
-				fname, user.Groupname, string(output))
-		}
-	} else { // Else we are running on linux/mac
-		if err = os.Chown(fname, user.Uid, user.Gid); err != nil {
-			return nil, errors.Wrapf(err, "failed to chown key file %s", fname)
-		}
+	if err = SetOwnershipAndPermissions(fname, 0640, user); err != nil {
+		return nil, errors.Wrapf(err, "failed to set ownership and permissions for %s", fname)
 	}
 
 	if err = generatePrivateKeyToFile(keyFile, elliptic.P256()); err != nil {

config/mkdirall.go

@@ -28,6 +28,28 @@ import (
 	"github.com/pkg/errors"
 )
 
+// Apply the given permission bits and ownership to path in a cross-platform way.
+//   - On Windows it runs “icacls path /grant username:F”
+//   - On Linux/macOS it does os.Chmod(path, perm) then os.Chown(path, uid, gid)
+func SetOwnershipAndPermissions(path string, perm os.FileMode, user User) error {
+	if runtime.GOOS == "windows" {
+		cmd := exec.Command("icacls", path, "/grant", user.Username+":F")
+		if out, err := cmd.CombinedOutput(); err != nil {
+			return errors.Wrapf(err, "unable to modify ACLs on %q: %s", path, string(out))
+		}
+		return nil
+	}
+
+	// Assume macOS or Linux
+	if err := os.Chmod(path, perm); err != nil {
+		return errors.Wrapf(err, "unable to chmod %q to %v", path, perm)
+	}
+	if err := os.Chown(path, user.Uid, user.Gid); err != nil {
+		return errors.Wrapf(err, "unable to chown %q to %d:%d", path, user.Uid, user.Gid)
+	}
+	return nil
+}
+
 // This is the pelican version of `MkdirAll`; ensures that any created directory
 // is owned by a given uid/gid.  This allows the created directory to be owned by
 // the xrootd user.
@@ -76,27 +98,12 @@ func MkdirAll(path string, perm os.FileMode, uid int, gid int) error {
 	}
 
 	// Set ownership on the directory that we just created.
-	if runtime.GOOS == "windows" {
-		username, err := GetDaemonUser() // FIXME (brianaydemir): This is not the correct user.
-		if err != nil {
-			return err
-		}
-		cmd := exec.Command("icacls", path, "/grant", username+":F")
-		output, err := cmd.CombinedOutput()
-		if err != nil {
-			return errors.Wrapf(err, "unable to modify discretionary ACLs on directory %v: %s", path, string(output))
-		}
-	} else { // Assume macOS or Linux.
-		// Any default system umask may prevent previous application of the permissions
-		// from taking effect. To override this, set the permissions explicitly
-		// after creation.
-		if err = os.Chmod(path, perm); err != nil {
-			return errors.Wrapf(err, "unable to chmod on directory %v to %v", path, perm)
-		}
-
-		if err = os.Chown(path, uid, gid); err != nil {
-			return errors.Wrapf(err, "unable to chown on directory %v to %v:%v", path, uid, gid)
-		}
+	user, err := GetPelicanUser()
+	if err != nil {
+		return errors.Wrap(err, "failed to get pelican user")
+	}
+	if err = SetOwnershipAndPermissions(path, perm, User{Uid: uid, Gid: gid, Username: user.Username}); err != nil {
+		return errors.Wrapf(err, "failed to set ownership and permissions for %s", path)
 	}
 	return nil
 }