retitle 729757 Overwrites default group and ACLs on files stored to .git/annex severity 729757 normal found 729757 5.20140405 thanks
also sprach martin f krafft <madd...@debian.org> [2013-11-19 11:18 +0100]:
> It seems thus that git-annex creates the temporary file in some
> other way that causes the group not to be inherited (and umask to be
> honoured, rather than core.sharedRepository).
This is also the case for default ACLs, which I defined on
.git/annex/tmp.
I further inspected strace output and found these lines:
open("…/shared.git/annex/tmp/SHA256E-s30--bb74298554ebb52bf0474214f95decb7aec84a7217037a66ea5798d5383744bd",
O_WRONLY|O_CREAT|O_EXCL, 0400) = 4
fstat(4, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0
ioctl(4, 0x40049409, 0x3) = -1 ENOTTY (Inappropriate ioctl for
device)
fadvise64(3, 0, 0, POSIX_FADV_SEQUENTIAL) = 0
read(3, "Sun Apr 6 12:41:24 CEST 2014\n", 65536) = 30
write(4, "Sun Apr 6 12:41:24 CEST 2014\n", 30) = 30
read(3, "", 65536) = 0
utimensat(4, NULL, {{1396780884, 975370872}, {1396780884, 947370827}}, 0) = 0
* fchown(4, 1000, 1000) = 0
geteuid() = 1000
* fchmod(4, 0600) = 0
flistxattr(3, (nil), 0) = 0
flistxattr(3, 0x7fff50e6a9a0, 0) = 0
* fchmod(4, 0400) = 0
fgetxattr(3, "system.posix_acl_access", 0x7fff50e6a8a0, 132) = -1 ENODATA
(No data available)
fstat(3, {st_mode=S_IFREG|0440, st_size=30, ...}) = 0
* fsetxattr(4, "system.posix_acl_access",
"\x02\x00\x00\x00\x01\x00\x04\x00\xff\xff\xff\xff\x04\x00\x04\x00\xff\xff\xff\xff
\x00\x00\x00\xff\xff\xff\xff", 28, 0) = 0
close(4) = 0
Take note of the asterisk-prefixed lines! git-annex creates a file
in the tmp/ directory (FD==4), then effectively chgrp's (fchown) and
does two chmods (both of which are wrong¹), and finally seems to
rewrite the ACLs (seems like that is what the fsetxattr() is for.
¹) core.sharedRepository is set to "group" on the repository, and
somehow, git-annex later changes the mode on the file (see this
bug report), but why does it fchmod() the file twice wrongly in
the first place?
It seems that git-annex (or something called by git-annex) copies
the ACLs and the group from the source file, but not the
permissions. This is inconsistent, and the ACL setting may not even
work depending on transport.
More importantly, however, I think that it's wrong to do so. File
modes, group ownership and ACLs should be determined by the repo,
not by the process writing to the repo. As such, +s should be
honoured (and not overwritten), and default ACLs should be kept.
To fix, I suggest:
a. to lose the fchown() call
b. to lose one of the fchmod() calls
c. to fix the other fchmod() call to set the file to the right
permissions, honouring git's core.sharedRepository
d. to lose the fsetxattr() call
It would be really cool if this could be fixed, because — I don't
know how other people work around this — this is a showstopper for
the use of git-annex for a shared repo if people are not all sharing
the same UID.
--
.''`. martin f. krafft <madduck@d.o> Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduck http://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
"der besitz der wahrheit ist nicht schrecklich,
sondern langweilig, wie jeder besitz."
- friedrich nietzsche
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
