annex object file mode for core.sharedRepository

When core.sharedRepository is set, annex object files are not made mode
444, since that prevents a user other than the file owner from locking
them. Instead, a mode such as 664 is used in this case.
This commit is contained in:
Joey Hess 2015-11-18 15:45:32 -04:00
parent e624ff9900
commit 0d432dd1a4
Failed to extract signature
4 changed files with 42 additions and 6 deletions

View file

@ -699,18 +699,21 @@ preseedTmp key file = go =<< inAnnex key
)
)
{- Blocks writing to an annexed file, and modifies file permissions to
- allow reading it, per core.sharedRepository setting. -}
{- Normally, blocks writing to an annexed file, and modifies file
- permissions to allow reading it.
-
- When core.sharedRepository is set, the write bits are not removed from
- the file, but instead the appropriate group write bits are set. This is
- necessary to let other users in the group lock the file.
-}
freezeContent :: FilePath -> Annex ()
freezeContent file = unlessM crippledFileSystem $
withShared go
where
go GroupShared = liftIO $ modifyFileMode file $
removeModes writeModes .
addModes [ownerReadMode, groupReadMode]
addModes [ownerReadMode, groupReadMode, ownerWriteMode, groupWriteMode]
go AllShared = liftIO $ modifyFileMode file $
removeModes writeModes .
addModes readModes
addModes (readModes ++ writeModes)
go _ = liftIO $ modifyFileMode file $
removeModes writeModes .
addModes [ownerReadMode]

3
debian/changelog vendored
View file

@ -6,6 +6,9 @@ git-annex (5.20151117) UNRELEASED; urgency=medium
* Display progress meter in -J mode when downloading from the web.
* map: Improve display of git remotes with non-ssh urls, including http
and gcrypt.
* When core.sharedRepository is set, annex object files are not made mode
444, since that prevents a user other than the file owner from locking
them. Instead, a mode such as 664 is used in this case.
-- Joey Hess <id@joeyh.name> Mon, 16 Nov 2015 16:49:34 -0400

View file

@ -247,3 +247,5 @@ git-annex: .git/annex/unused: openFile: permission denied (Permission denied)
# End of transcript or log.
"""]]
> [[fixed|done]] --[[Joey]]

View file

@ -0,0 +1,28 @@
[[!comment format=mdwn
username="joey"
subject="""comment 1"""
date="2015-11-18T19:35:52Z"
content="""
More simply stated, user A adds a file, which sets its perms to 444, and
user B can't change those perms to lock the file for removal.
In sharedRepository mode, the object directory's perms are already
weakened, to eg 775 rather than the default 555, for the same reason;
another user with shared access can't chmod the object directory to allow
writing to it. That just needs to be extended from object directory to
object file to fix this.
But, that means that the object file will be mode 664, rather than
444, and so git-annex can't prevent accidental direct modifications of the
content of objects when in sharedRepository mode, like it normally does.
Since that's a belt and suspenders protection, and since the object
directory permissions weakening already lost a similar protection against
accidential deletion of object files, shrug, I guess we'll do that.
I do feel that sharedRepository mode rarely ever makes sense to use. It's
very fiddely to get the permissions set up right and keep them right, and
there are much better ways to share a centralized repo between users, eg
use gitolite or a dedicated account that's locked down to only let
git/git-annex commands be run.
"""]]