From 87d61326da175b97ea3e9dda61224a44492c0f66 Mon Sep 17 00:00:00 2001
From: Matt Lord <mattalord@gmail.com>
Date: Wed, 29 Jan 2025 17:02:08 -0500
Subject: [PATCH] Add permissions check to Backup tests

Signed-off-by: Matt Lord <mattalord@gmail.com>
---
 .../backup/vtctlbackup/backup_utils.go         | 12 ++++++++++++
 go/test/endtoend/cluster/cluster_util.go       | 18 ++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/go/test/endtoend/backup/vtctlbackup/backup_utils.go b/go/test/endtoend/backup/vtctlbackup/backup_utils.go
index afa5023a047..3c6627dc9fe 100644
--- a/go/test/endtoend/backup/vtctlbackup/backup_utils.go
+++ b/go/test/endtoend/backup/vtctlbackup/backup_utils.go
@@ -425,6 +425,18 @@ func TestBackup(t *testing.T, setupType int, streamMode string, stripes int, cDe
 			return vterrors.Errorf(vtrpc.Code_UNKNOWN, "test failure: %s", test.name)
 		}
 	}
+
+	t.Run("check for files created with global permissions", func(t *testing.T) {
+		t.Logf("Confirming that none of the MySQL data directories that we've created have files with global permissions")
+		for _, ks := range localCluster.Keyspaces {
+			for _, shard := range ks.Shards {
+				for _, tablet := range shard.Vttablets {
+					cluster.ConfirmDataDirHasNoGlobalPerms(t, tablet)
+				}
+			}
+		}
+	})
+
 	return nil
 }
 
diff --git a/go/test/endtoend/cluster/cluster_util.go b/go/test/endtoend/cluster/cluster_util.go
index 18f78dcb3d0..3fcb8da22c7 100644
--- a/go/test/endtoend/cluster/cluster_util.go
+++ b/go/test/endtoend/cluster/cluster_util.go
@@ -18,8 +18,10 @@ package cluster
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
+	"os/exec"
 	"path"
 	"reflect"
 	"strings"
@@ -509,3 +511,19 @@ func PrintFiles(t *testing.T, dir string, files ...string) {
 		}
 	}
 }
+
+// ConfirmDataDirHasNoGlobalPerms confirms that no files in the tablet's data directory
+// have any global/other permissions set.
+func ConfirmDataDirHasNoGlobalPerms(t *testing.T, tablet *Vttablet) {
+	datadir := tablet.VttabletProcess.Directory
+	if _, err := os.Stat(datadir); errors.Is(err, os.ErrNotExist) {
+		t.Logf("Data directory %s no longer exists, skipping permissions check", datadir)
+		return
+	}
+	// List any files which have any of the other bits set.
+	cmd := exec.Command("find", datadir, "-perm", "+00007")
+	out, err := cmd.CombinedOutput()
+	require.NoError(t, err, "Error running find command: %s", string(out))
+	so := string(out)
+	require.Empty(t, so, "Found files with global permissions: %s", so)
+}