If mode changes set perms["cmode"] in file.check_perms

This mirrors the user/group checks which set `perms["cuser"]` etc when there are changes expected. These values are used to determine if we need to return changes in `ret["changes"]`. Before this commit `file.chec_perms` was returning `mode` changes for new files which didn't match the original behaviour.
2025-04-16 01:30:20 +00:00 · 2022-10-02 11:20:56 +01:00 · 2022-10-02 11:20:56 +01:00 · 95ba6566b1
commit 95ba6566b1
parent 405d48bd28
4 changed files with 15 additions and 11 deletions
--- a/changelog/62818.fixed
+++ b/changelog/62818.fixed
@ -0,0 +1,2 @@
+Include UID and GID checks in modules.file.check_perms as well as comparing
+ownership by username and group name.
--- a/salt/modules/file.py
+++ b/salt/modules/file.py
@ -5169,13 +5169,12 @@ def check_perms(

    # Mode changes if needed
    if mode is not None:
-        # File is a symlink, ignore the mode setting
-        # if follow_symlinks is False
-        if not (is_link and not follow_symlinks):
-            if __opts__["test"] is True:
-                ret["changes"]["mode"] = mode
-            else:
+        if not __opts__["test"] is True:
+            # File is a symlink, ignore the mode setting
+            # if follow_symlinks is False
+            if not (is_link and not follow_symlinks):
                if not mode == cur["mode"]:
+                    perms["cmode"] = mode
                    set_mode(name, mode)

    # verify user/group/mode changes
@ -5217,9 +5216,12 @@ def check_perms(
        # if follow_symlinks is False
        if not (is_link and not follow_symlinks):
            if not mode == post["mode"]:
-                ret["result"] = False
-                ret["comment"].append("Failed to change mode to {}".format(mode))
-            else:
+                if __opts__["test"] is True:
+                    ret["changes"]["mode"] = mode
+                else:
+                    ret["result"] = False
+                    ret["comment"].append("Failed to change mode to {}".format(mode))
+            elif "cmode" in perms:
                ret["changes"]["mode"] = mode

    # Modify attributes of file if needed
--- a/salt/states/file.py
+++ b/salt/states/file.py
@ -755,7 +755,7 @@ def _check_directory(
                    if (
                        group is not None
                        and not group == stats.get("group")
-                        and not user == stats.get("gid")
+                        and not group == stats.get("gid")
                    ):
                        fchange["group"] = group
                    smode = salt.utils.files.normalize_mode(stats.get("mode"))
--- a/tests/pytests/unit/modules/file/test_file_selinux.py
+++ b/tests/pytests/unit/modules/file/test_file_selinux.py
@ -112,7 +112,7 @@ def test_file_check_perms(tfile3):
            "name": tfile3,
            "result": True,
        },
-        {"luser": "root", "lmode": "0644", "lgroup": "root"},
+        {"cmode": "0664", "luser": "root", "lmode": "0644", "lgroup": "root"},
    )

    # Disable lsattr calls