#!/usr/share/ucs-test/runner python
## desc: Permissions for /etc/cyrus.secret
## tags: apttest
## exposure: safe
## packages: [cyrus-common]
## bugs: [23527]

#################
#  Infomartion  #
#################
# Permissions for /etc/cyrus.secret should be -rw------
# owner should be cyrus
# group should be root
#################

import grp
import os
import pwd
import stat
import univention.testing.utils as utils

def is_grouped_by(file_path, group):
	st = os.stat(file_path)
	return grp.getgrgid(st.st_gid)[0] == group

def is_owned_by(file_path, owner):
	st = os.stat(file_path)
	return pwd.getpwuid(st.st_uid)[0] == owner

def permissions_ok(file_path):
	st = os.stat(file_path)
	owner_rw = oct(st.st_mode & stat.S_IRWXU) == '0600'
	group_none = oct(st.st_mode & stat.S_IRWXG) == '0'
	others_none = oct(st.st_mode & stat.S_IRWXO) == '0'
	return owner_rw and group_none and others_none

def main():
	path = '/etc/cyrus.secret'
	if not permissions_ok(path) and is_owned_by(path, 'cyrus') and is_grouped_by(path, 'root'):
		utils.fail('Permissions for /etc/cyrus.secret are not correct')


if __name__ == '__main__':
	main()
