After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 747813 - [regression] Permission issues in OSTree repos
[regression] Permission issues in OSTree repos
Status: RESOLVED FIXED
Product: ostree
Classification: Infrastructure
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: OSTree maintainer(s)
OSTree maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2015-04-14 01:31 UTC by Matthew Barnes
Modified: 2015-04-14 15:16 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Demo patch (606 bytes, patch)
2015-04-14 01:58 UTC, Matthew Barnes
none Details | Review

Description Matthew Barnes 2015-04-14 01:31:42 UTC
Since I think this past weekend I've been noticing at least files under "refs/heads" in an OSTree repo get created with mode 0600 instead of 0644.

My umask is 0002, so that's not the cause.

This is interfering with pulls, because a web server running as a different user can't read from the repo, and reports "403: Forbidden" back to the client.

I haven't tracked it down the exact commit yet, but it seems to be related to glnx_file_replace_contents_with_perms_at() when the "mode" argument is -1 and so a new file's mode is left untouched.

Is it possible creating the temp file under /proc/self is giving it tighter permissions than normal?
Comment 1 Matthew Barnes 2015-04-14 01:58:40 UTC
Created attachment 301499 [details] [review]
Demo patch

I don't know if this is correct or not but it gets me past the bug.
Comment 2 Matthew Barnes 2015-04-14 02:01:58 UTC
(In reply to Matthew Barnes from comment #0)
> Is it possible creating the temp file under /proc/self is giving it tighter
> permissions than normal?

Not that, I see what it's doing now.  More likely posix_fallocate() behavior.
Comment 3 Colin Walters 2015-04-14 12:15:01 UTC
Oops, yes 0600 is the mkostemp() default.  Your patch looks about right to me.  Sorry for the regression.
Comment 5 Colin Walters 2015-04-14 13:22:29 UTC
Looking at this more closely, that isn't quite right because we *do* want to honor umask - to maintain consistency with the Unix defaults.

https://github.com/GNOME/libglnx/pull/5

Changes this, updates the docs, and also fixes other bugs.
Comment 6 Matthew Barnes 2015-04-14 13:51:25 UTC
Yeah I figured my patch was too simplistic.