From ba4dea01f7b51316e3ed2bee9478ed50a4f4db4a Mon Sep 17 00:00:00 2001
From: Luca Bertagna <lbertag@sandia.gov>
Date: Wed, 18 Sep 2024 09:24:59 -0600
Subject: [PATCH] EAMxx: add checks on permissions for input files at buildnml
 time

---
 .../eamxx/cime_config/eamxx_buildnml.py       | 34 +++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/components/eamxx/cime_config/eamxx_buildnml.py b/components/eamxx/cime_config/eamxx_buildnml.py
index 3e8c4abe9e9..14c9cf76bea 100644
--- a/components/eamxx/cime_config/eamxx_buildnml.py
+++ b/components/eamxx/cime_config/eamxx_buildnml.py
@@ -4,7 +4,7 @@
 Used by buildnml. See buildnml for documetation.
 """
 
-import os, sys, re
+import os, sys, re, pwd, grp, stat, getpass
 from collections import OrderedDict
 
 import xml.etree.ElementTree as ET
@@ -953,7 +953,37 @@ def create_input_data_list_file(case,caseroot):
             # Only add files whose full path starts with the CIME's input data location
             if file_path.startswith(din_loc_root):
                 fd.write("scream_dl_input_{} = {}\n".format(idx, file_path))
-
+                if os.path.exists(file_path):
+                    if os.path.isdir(file_path):
+                        raise IsADirectoryError(f"Input file '{file_path}' is a directory, not a regular file.")
+                    if not os.path.isfile(file_path):
+                        raise OSError(f"Input file '{file_path}' exists but is not a regular file.")
+                    if not os.access(file_path,os.R_OK):
+                        try:
+                            file_stat = os.stat(file_path)
+
+                            # Get owner and group names
+                            owner = pwd.getpwuid(file_stat.st_uid).pw_name
+                            group = grp.getgrgid(file_stat.st_gid).gr_name
+
+                            # Get file permissions
+                            permissions = stat.filemode(file_stat.st_mode)
+
+                        except Exception as e:
+                            raise RuntimeError(f"Error retrieving file info for '{file_path}': {e}")
+
+                        curr_user = getpass.getuser()
+                        user_info = pwd.getpwnam(curr_user)
+                        group_ids = os.getgrouplist(curr_user, user_info.pw_gid)
+                        curr_groups = [grp.getgrgid(gid).gr_name for gid in group_ids]
+
+                        raise PermissionError ("Input file exists but it is not readable for current user\n"
+                            f" - file name: {file_path}\n"
+                            f" - file owner: {owner}\n"
+                            f" - file group: {group}\n"
+                            f" - permissions: {permissions}\n"
+                            f" - current user: {curr_user}\n"
+                            f" - current user groups: {curr_groups}\n")
 
 ###############################################################################
 def do_cime_vars_on_yaml_output_files(case, caseroot):