GNOME Bugzilla – Bug 747813
[regression] Permission issues in OSTree repos
Last modified: 2015-04-14 15:16:02 UTC
Since I think this past weekend I've been noticing at least files under "refs/heads" in an OSTree repo get created with mode 0600 instead of 0644. My umask is 0002, so that's not the cause. This is interfering with pulls, because a web server running as a different user can't read from the repo, and reports "403: Forbidden" back to the client. I haven't tracked it down the exact commit yet, but it seems to be related to glnx_file_replace_contents_with_perms_at() when the "mode" argument is -1 and so a new file's mode is left untouched. Is it possible creating the temp file under /proc/self is giving it tighter permissions than normal?
Created attachment 301499 [details] [review] Demo patch I don't know if this is correct or not but it gets me past the bug.
(In reply to Matthew Barnes from comment #0) > Is it possible creating the temp file under /proc/self is giving it tighter > permissions than normal? Not that, I see what it's doing now. More likely posix_fallocate() behavior.
Oops, yes 0600 is the mkostemp() default. Your patch looks about right to me. Sorry for the regression.
Thanks, pushed. https://git.gnome.org/browse/libglnx/commit/?id=02af92ffefda4251d894f0ec7a3aff9bc26af1cd
Looking at this more closely, that isn't quite right because we *do* want to honor umask - to maintain consistency with the Unix defaults. https://github.com/GNOME/libglnx/pull/5 Changes this, updates the docs, and also fixes other bugs.
Yeah I figured my patch was too simplistic.