safer vfs defaults

2025-08-17 09:02:15 -06:00 · 2019-06-06 08:47:01 +02:00 · 2019-06-06 08:47:01 +02:00 · a0ccd2b68f
parent 7cb3887996
commit a0ccd2b68f
2 changed files with 9 additions and 5 deletions
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@ -238,8 +238,12 @@ class AuthSrv(object):
                with open(cfg_fn, "rb") as f:
                    self._parse_config_file(f, user, mread, mwrite, mount)

+        if not mount:
            # -h says our defaults are CWD at root and read/write for everyone
            vfs = VFS(os.path.abspath("."), "", ["*"], ["*"])
+        elif not "" in mount:
+            # there's volumes but no root; make root inaccessible
+            vfs = VFS(os.path.abspath("."), "", [], [])

        maxdepth = 0
        for dst in sorted(mount.keys(), key=lambda x: (x.count("/"), len(x))):
--- a/tests/test_vfs.py
+++ b/tests/test_vfs.py
@ -225,11 +225,11 @@ class TestVFS(unittest.TestCase):
        self.assertEqual(au.user["a"], "123")
        self.assertEqual(au.user["asd"], "fgh:jkl")
        n = au.vfs
-        # root was not defined, so PWD with everyone r/w
+        # root was not defined, so PWD with no access to anyone
        self.assertEqual(n.vpath, "")
        self.assertEqual(n.realpath, td)
-        self.assertEqual(n.uread, ["*"])
-        self.assertEqual(n.uwrite, ["*"])
+        self.assertEqual(n.uread, [])
+        self.assertEqual(n.uwrite, [])
        self.assertEqual(len(n.nodes), 1)
        n = n.nodes["dst"]
        self.assertEqual(n.vpath, "dst")