# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import errno
import grp
import logging
import os
import pwd
import stat

from autotest_lib.client.bin import test, utils
from autotest_lib.client.common_lib import error

class security_SysLogPermissions(test.test):
    version = 1

    def run_once(self, baseline='suid'):
        syslog_uid = pwd.getpwnam('syslog').pw_uid
        syslog_gid = grp.getgrnam('syslog').gr_gid
        st = os.stat('/var/log')
        if not (st.st_mode & stat.S_ISVTX):
            raise error.TestFail('/var/log is not sticky')
        if st.st_gid != syslog_gid:
            raise error.TestFail('/var/log is not group syslog')

        # The /var/log/messages file might be rotated while this test runs.
        # Be a bit forgiving when it comes to slightly-off settings.
        try:
            st = os.stat('/var/log/messages')
        except OSError as e:
            # Ignore missing (middle of rotation) files.
            if e.errno == errno.ENOENT:
                return
            raise
        if st.st_uid == 0 and st.st_size == 0:
            # Ignore freshly created files.
            pass
        elif st.st_uid != syslog_uid:
            raise error.TestFail('/var/log/messages is not user syslog')