user/dev discussion of public-inbox itself
 help / Atom feed
* Umask and xapian db file permissions
@ 2018-05-24 17:09 Konstantin Ryabitsev
  2018-05-30  2:54 ` [PATCH] respect umask if core.sharedRepository is not set Eric Wong
  0 siblings, 1 reply; 3+ messages in thread
From: Konstantin Ryabitsev @ 2018-05-24 17:09 UTC (permalink / raw)
  To: meta

[-- Attachment #1.1: Type: text/plain, Size: 1645 bytes --]

Hello:

For some reason, when public-inbox-mda reindexes the repository
past-delivery, it creates some files as 0660, even though umask is
specifically set to 0002:

$ ls -al public-inbox/xapian15/
total 21932
drwxrwxr-x. 2 archiver archiver    4096 May 24 16:52 .
drwxrwxr-x. 3 archiver archiver      42 May 24 16:52 ..
-rw-rw-r--. 1 archiver archiver       0 May 24 16:52 flintlock
-rw-rw-r--. 1 archiver archiver      28 May 24 15:56 iamchert
-rw-rw-r--. 1 archiver archiver 1190912 May 24 16:52 over.sqlite3
-rw-rw-r--. 1 archiver archiver       0 May 24 16:52 over.sqlite3-journal
-rw-rw----. 1 archiver archiver     150 May 24 16:48 position.baseA
-rw-rw----. 1 archiver archiver     150 May 24 16:52 position.baseB
-rw-rw-r--. 1 archiver archiver 8626176 May 24 16:52 position.DB
-rw-rw----. 1 archiver archiver     149 May 24 16:48 postlist.baseA
-rw-rw----. 1 archiver archiver     149 May 24 16:52 postlist.baseB
-rw-rw-r--. 1 archiver archiver 8642560 May 24 16:52 postlist.DB
-rw-rw----. 1 archiver archiver      20 May 24 16:48 record.baseA
-rw-rw----. 1 archiver archiver      20 May 24 16:52 record.baseB
-rw-rw-r--. 1 archiver archiver  368640 May 24 16:52 record.DB
-rw-rw----. 1 archiver archiver      71 May 24 16:48 termlist.baseA
-rw-rw----. 1 archiver archiver      71 May 24 16:52 termlist.baseB
-rw-rw-r--. 1 archiver archiver 3579904 May 24 16:52 termlist.DB

Since the daemon is running as user "publicinbox", this causes the web
interface to break due to not being able to access the index.

Best,
-- 
Konstantin Ryabitsev
Director, IT Infrastructure Security
The Linux Foundation


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] respect umask if core.sharedRepository is not set
  2018-05-24 17:09 Umask and xapian db file permissions Konstantin Ryabitsev
@ 2018-05-30  2:54 ` Eric Wong
  2018-05-30 17:57   ` Konstantin Ryabitsev
  0 siblings, 1 reply; 3+ messages in thread
From: Eric Wong @ 2018-05-30  2:54 UTC (permalink / raw)
  To: Konstantin Ryabitsev; +Cc: meta

Konstantin Ryabitsev <konstantin@linuxfoundation.org> wrote:
> Hello:
> 
> For some reason, when public-inbox-mda reindexes the repository
> past-delivery, it creates some files as 0660, even though umask is
> specifically set to 0002:

(sorry for the late reply, haven't been well)

Oops, I misread/misunderstood how git handles the
core.sharedRepository unset case :x

The following should fix it:

------8<------
Subject: [PATCH] respect umask if core.sharedRepository is not set

This is consistent with git itself and the previous behavior
was a result of misunderstanding of how git interprets this.
And adjust tests slightly to match the new behavior.

Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
	<38873789-ab42-65a1-20c9-12c30b171f4f@linuxfoundation.org>
---
 lib/PublicInbox/InboxWritable.pm | 2 +-
 t/search.t                       | 5 +++--
 t/v2writable.t                   | 1 +
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/PublicInbox/InboxWritable.pm b/lib/PublicInbox/InboxWritable.pm
index 5c11a36..9b0cdfd 100644
--- a/lib/PublicInbox/InboxWritable.pm
+++ b/lib/PublicInbox/InboxWritable.pm
@@ -175,7 +175,7 @@ sub _read_git_config_perm {
 sub _git_config_perm {
 	my $self = shift;
 	my $perm = scalar @_ ? $_[0] : _read_git_config_perm($self);
-	return PERM_GROUP if (!defined($perm) || $perm eq '');
+	return PERM_UMASK if (!defined($perm) || $perm eq '');
 	return PERM_UMASK if ($perm eq 'umask');
 	return PERM_GROUP if ($perm eq 'group');
 	if ($perm =~ /\A(?:all|world|everybody)\z/) {
diff --git a/t/search.t b/t/search.t
index 9a90fd5..c971fe3 100644
--- a/t/search.t
+++ b/t/search.t
@@ -11,7 +11,7 @@ my $tmpdir = tempdir('pi-search-XXXXXX', TMPDIR => 1, CLEANUP => 1);
 my $git_dir = "$tmpdir/a.git";
 my ($root_id, $last_id);
 
-is(0, system(qw(git init -q --bare), $git_dir), "git init (main)");
+is(0, system(qw(git init --shared -q --bare), $git_dir), "git init (main)");
 eval { PublicInbox::Search->new($git_dir) };
 ok($@, "exception raised on non-existent DB");
 
@@ -422,11 +422,12 @@ $ibx->with_umask(sub {
 });
 
 foreach my $f ("$git_dir/public-inbox/msgmap.sqlite3",
+		"$git_dir/public-inbox",
 		glob("$git_dir/public-inbox/xapian*/"),
 		glob("$git_dir/public-inbox/xapian*/*")) {
 	my @st = stat($f);
 	my ($bn) = (split(m!/!, $f))[-1];
-	is($st[2] & 07777, -f _ ? 0660 : 0770,
+	is($st[2] & 07777, -f _ ? 0660 : 02770,
 		"sharedRepository respected for $bn");
 }
 
diff --git a/t/v2writable.t b/t/v2writable.t
index 00b08e0..9e3bb75 100644
--- a/t/v2writable.t
+++ b/t/v2writable.t
@@ -11,6 +11,7 @@ foreach my $mod (qw(DBD::SQLite Search::Xapian)) {
 	plan skip_all => "$mod missing for nntpd.t" if $@;
 }
 use_ok 'PublicInbox::V2Writable';
+umask 007;
 my $mainrepo = tempdir('pi-v2writable-XXXXXX', TMPDIR => 1, CLEANUP => 1);
 my $ibx = {
 	mainrepo => $mainrepo,
-- 
EW

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] respect umask if core.sharedRepository is not set
  2018-05-30  2:54 ` [PATCH] respect umask if core.sharedRepository is not set Eric Wong
@ 2018-05-30 17:57   ` Konstantin Ryabitsev
  0 siblings, 0 replies; 3+ messages in thread
From: Konstantin Ryabitsev @ 2018-05-30 17:57 UTC (permalink / raw)
  To: Eric Wong; +Cc: meta

On Wed, May 30, 2018 at 02:54:48AM +0000, Eric Wong wrote:
>> For some reason, when public-inbox-mda reindexes the repository
>> past-delivery, it creates some files as 0660, even though umask is
>> specifically set to 0002:
>
>(sorry for the late reply, haven't been well)

Eh, no worries!

>Oops, I misread/misunderstood how git handles the
>core.sharedRepository unset case :x
>
>The following should fix it:

It does, thanks!

-K

>
>------8<------
>Subject: [PATCH] respect umask if core.sharedRepository is not set
>
>This is consistent with git itself and the previous behavior
>was a result of misunderstanding of how git interprets this.
>And adjust tests slightly to match the new behavior.
>
>Reported-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
>	<38873789-ab42-65a1-20c9-12c30b171f4f@linuxfoundation.org>
>---
> lib/PublicInbox/InboxWritable.pm | 2 +-
> t/search.t                       | 5 +++--
> t/v2writable.t                   | 1 +
> 3 files changed, 5 insertions(+), 3 deletions(-)
>
>diff --git a/lib/PublicInbox/InboxWritable.pm b/lib/PublicInbox/InboxWritable.pm
>index 5c11a36..9b0cdfd 100644
>--- a/lib/PublicInbox/InboxWritable.pm
>+++ b/lib/PublicInbox/InboxWritable.pm
>@@ -175,7 +175,7 @@ sub _read_git_config_perm {
> sub _git_config_perm {
> 	my $self = shift;
> 	my $perm = scalar @_ ? $_[0] : _read_git_config_perm($self);
>-	return PERM_GROUP if (!defined($perm) || $perm eq '');
>+	return PERM_UMASK if (!defined($perm) || $perm eq '');
> 	return PERM_UMASK if ($perm eq 'umask');
> 	return PERM_GROUP if ($perm eq 'group');
> 	if ($perm =~ /\A(?:all|world|everybody)\z/) {
>diff --git a/t/search.t b/t/search.t
>index 9a90fd5..c971fe3 100644
>--- a/t/search.t
>+++ b/t/search.t
>@@ -11,7 +11,7 @@ my $tmpdir = tempdir('pi-search-XXXXXX', TMPDIR => 1, CLEANUP => 1);
> my $git_dir = "$tmpdir/a.git";
> my ($root_id, $last_id);
>
>-is(0, system(qw(git init -q --bare), $git_dir), "git init (main)");
>+is(0, system(qw(git init --shared -q --bare), $git_dir), "git init (main)");
> eval { PublicInbox::Search->new($git_dir) };
> ok($@, "exception raised on non-existent DB");
>
>@@ -422,11 +422,12 @@ $ibx->with_umask(sub {
> });
>
> foreach my $f ("$git_dir/public-inbox/msgmap.sqlite3",
>+		"$git_dir/public-inbox",
> 		glob("$git_dir/public-inbox/xapian*/"),
> 		glob("$git_dir/public-inbox/xapian*/*")) {
> 	my @st = stat($f);
> 	my ($bn) = (split(m!/!, $f))[-1];
>-	is($st[2] & 07777, -f _ ? 0660 : 0770,
>+	is($st[2] & 07777, -f _ ? 0660 : 02770,
> 		"sharedRepository respected for $bn");
> }
>
>diff --git a/t/v2writable.t b/t/v2writable.t
>index 00b08e0..9e3bb75 100644
>--- a/t/v2writable.t
>+++ b/t/v2writable.t
>@@ -11,6 +11,7 @@ foreach my $mod (qw(DBD::SQLite Search::Xapian)) {
> 	plan skip_all => "$mod missing for nntpd.t" if $@;
> }
> use_ok 'PublicInbox::V2Writable';
>+umask 007;
> my $mainrepo = tempdir('pi-v2writable-XXXXXX', TMPDIR => 1, CLEANUP => 1);
> my $ibx = {
> 	mainrepo => $mainrepo,
>-- 
>EW

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-24 17:09 Umask and xapian db file permissions Konstantin Ryabitsev
2018-05-30  2:54 ` [PATCH] respect umask if core.sharedRepository is not set Eric Wong
2018-05-30 17:57   ` Konstantin Ryabitsev

user/dev discussion of public-inbox itself

Archives are clonable:
	git clone --mirror https://public-inbox.org/meta
	git clone --mirror http://czquwvybam4bgbro.onion/meta
	git clone --mirror http://hjrcffqmbrq6wope.onion/meta
	git clone --mirror http://ou63pmih66umazou.onion/meta

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.mail.public-inbox.meta
	nntp://ou63pmih66umazou.onion/inbox.comp.mail.public-inbox.meta
	nntp://czquwvybam4bgbro.onion/inbox.comp.mail.public-inbox.meta
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.mail.public-inbox.meta
	nntp://news.gmane.org/gmane.mail.public-inbox.general

 note: .onion URLs require Tor: https://www.torproject.org/
       or Tor2web: https://www.tor2web.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox