Add warning for risky permissions on user credentials file on Unix sy…

…stems Add a warning on Unix systems when the ~/.mongo_credentials file is readable by either the group or others
PLPeeters · May 19, 2017 · 3d8ef36 · 3d8ef36
1 parent cc77fa6
commit 3d8ef36
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/pymongo_smart_auth/MongoConnection.py b/pymongo_smart_auth/MongoConnection.py
@@ -1,4 +1,7 @@
+import logging
 import os
+import stat
+import sys
 
 from pymongo import MongoClient
 from pymongo.errors import ConfigurationError
@@ -7,6 +10,19 @@
 class MongoConnection(MongoClient):
     USER_CREDENTIALS = '%s/.mongo_credentials' % os.path.expanduser('~')
 
+    # On Unix systems, check the permissions of the credentials file
+    if sys.platform in ('linux', 'linux2', 'darwin') and os.path.exists(USER_CREDENTIALS):
+        # Get the file stats
+        cred_file_stats = os.stat(USER_CREDENTIALS)
+
+        # Issue a warning if the file is group readable
+        if bool(cred_file_stats.st_mode & stat.S_IRGRP):
+            logging.warn("{0} is readable by the group. It should only be readable by the user. Fix by running:\nchmod 600 \"{0}\"".format(USER_CREDENTIALS))
+
+        # Issue a warning if the file is readable by others
+        if bool(cred_file_stats.st_mode & stat.S_IROTH):
+            logging.warn("{0} is readable by others. It should only be readable by the user. Fix by running:\nchmod 600 \"{0}\"".format(USER_CREDENTIALS))
+
     def __new__(cls, *args, **kwargs):
         """Create or return the singleton for the provided arguments."""
 

diff --git a/setup.py b/setup.py
@@ -1,7 +1,7 @@
 from setuptools import setup
 
 setup(name='pymongo_smart_auth',
-      version='0.1.5',
+      version='0.1.6',
       description='This package extends PyMongo to provide built-in smart authentication.',
       url='https://github.com/PLPeeters/PyMongo-Smart-Auth',
       author='Pierre-Louis Peeters',