mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

bug report

Browse source
This commit is contained in:
Joey Hess 2013-08-21 11:43:32 -04:00
parent 552e1d5262
commit cc64c94a65
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
doc/bugs/400_mode_leakage.mdwn Normal file
View file

@ -0,0 +1,17 @@
git-annex tends to preserve files that are added to an annex with
a mode such as 400. (Happens to me sometimes with email attachments.)
As these files are rsynced around, and end up on eg, a
publically visible repo with a webserver frontend, or a repo that is
acessible to a whole group of users, they will not be readable.
I think it would make sense for git-annex to normalize file permissions
when adding them. Of course, there's some tension here with generally
storing file metadata when possible. Perhaps the normalization should only
ensure that group and other have read access?
(Security: We can assume that a repo that is not intended to be public is
in a 700 directory. And since git-annex cannot preserve file modes when
files transit through a special remote, using modes to limit access to
individual files is not wise.)
--[[Joey]]