annex object file mode for core.sharedRepository
When core.sharedRepository is set, annex object files are not made mode 444, since that prevents a user other than the file owner from locking them. Instead, a mode such as 664 is used in this case.
This commit is contained in:
parent
e624ff9900
commit
0d432dd1a4
4 changed files with 42 additions and 6 deletions
|
@ -699,18 +699,21 @@ preseedTmp key file = go =<< inAnnex key
|
|||
)
|
||||
)
|
||||
|
||||
{- Blocks writing to an annexed file, and modifies file permissions to
|
||||
- allow reading it, per core.sharedRepository setting. -}
|
||||
{- Normally, blocks writing to an annexed file, and modifies file
|
||||
- permissions to allow reading it.
|
||||
-
|
||||
- When core.sharedRepository is set, the write bits are not removed from
|
||||
- the file, but instead the appropriate group write bits are set. This is
|
||||
- necessary to let other users in the group lock the file.
|
||||
-}
|
||||
freezeContent :: FilePath -> Annex ()
|
||||
freezeContent file = unlessM crippledFileSystem $
|
||||
withShared go
|
||||
where
|
||||
go GroupShared = liftIO $ modifyFileMode file $
|
||||
removeModes writeModes .
|
||||
addModes [ownerReadMode, groupReadMode]
|
||||
addModes [ownerReadMode, groupReadMode, ownerWriteMode, groupWriteMode]
|
||||
go AllShared = liftIO $ modifyFileMode file $
|
||||
removeModes writeModes .
|
||||
addModes readModes
|
||||
addModes (readModes ++ writeModes)
|
||||
go _ = liftIO $ modifyFileMode file $
|
||||
removeModes writeModes .
|
||||
addModes [ownerReadMode]
|
||||
|
|
3
debian/changelog
vendored
3
debian/changelog
vendored
|
@ -6,6 +6,9 @@ git-annex (5.20151117) UNRELEASED; urgency=medium
|
|||
* Display progress meter in -J mode when downloading from the web.
|
||||
* map: Improve display of git remotes with non-ssh urls, including http
|
||||
and gcrypt.
|
||||
* When core.sharedRepository is set, annex object files are not made mode
|
||||
444, since that prevents a user other than the file owner from locking
|
||||
them. Instead, a mode such as 664 is used in this case.
|
||||
|
||||
-- Joey Hess <id@joeyh.name> Mon, 16 Nov 2015 16:49:34 -0400
|
||||
|
||||
|
|
|
@ -247,3 +247,5 @@ git-annex: .git/annex/unused: openFile: permission denied (Permission denied)
|
|||
|
||||
# End of transcript or log.
|
||||
"""]]
|
||||
|
||||
> [[fixed|done]] --[[Joey]]
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
[[!comment format=mdwn
|
||||
username="joey"
|
||||
subject="""comment 1"""
|
||||
date="2015-11-18T19:35:52Z"
|
||||
content="""
|
||||
More simply stated, user A adds a file, which sets its perms to 444, and
|
||||
user B can't change those perms to lock the file for removal.
|
||||
|
||||
In sharedRepository mode, the object directory's perms are already
|
||||
weakened, to eg 775 rather than the default 555, for the same reason;
|
||||
another user with shared access can't chmod the object directory to allow
|
||||
writing to it. That just needs to be extended from object directory to
|
||||
object file to fix this.
|
||||
|
||||
But, that means that the object file will be mode 664, rather than
|
||||
444, and so git-annex can't prevent accidental direct modifications of the
|
||||
content of objects when in sharedRepository mode, like it normally does.
|
||||
|
||||
Since that's a belt and suspenders protection, and since the object
|
||||
directory permissions weakening already lost a similar protection against
|
||||
accidential deletion of object files, shrug, I guess we'll do that.
|
||||
|
||||
I do feel that sharedRepository mode rarely ever makes sense to use. It's
|
||||
very fiddely to get the permissions set up right and keep them right, and
|
||||
there are much better ways to share a centralized repo between users, eg
|
||||
use gitolite or a dedicated account that's locked down to only let
|
||||
git/git-annex commands be run.
|
||||
"""]]
|
Loading…
Add table
Add a link
Reference in a new issue