Lmod icon indicating copy to clipboard operation
Lmod copied to clipboard

Published 20 hours ago verified publisher icon TACC

installed files have wrong permissions

Open dirtyharrycallahan opened this issue 2 years ago • 8 comments

Describe the bug Installation seems to use cp in some places resulting in installation that is influenced by installer's environment/umask

To Reproduce set umask to 077 and run ./configure --prefix=/... && make install check permissions on libexec/term/colors.lua, ... init/fish_tab_completion/module.fish

Expected behavior The assumption is that the install is usable by everyone.

Desktop (please complete the following information):

  • Linux distribution: Red Hat Enterprise Linux 7
  • Lmod Version: 8.7.4

Additional context Add any other context about the problem here.

dirtyharrycallahan avatar Jun 23 '22 13:06 dirtyharrycallahan

I'm not sure that this should be "fixed". I am willing to add a test that is part of make install that says that the permissions are not useable by everyone. But I can see cases where some site might test Lmod that way.

Comments?

rtmclay avatar Jun 23 '22 23:06 rtmclay

Also many times a user installs Lmod in their own account and a umask 077 should definitely be allowed in that case.

rtmclay avatar Jun 23 '22 23:06 rtmclay

Having the installer's umask control the final permissions of the installed files does make sense, especially in the context of user-specific installations.

But it may also be counter-intuitive compared to things like make install, which often use install to deploy compiled files with pre-defined permissions and ownership.

kcgthb avatar Jul 27 '22 22:07 kcgthb

I believe that the problem I had is because my umask was 077 when I extracted the tar ball but 022 when I performed the install but inside the install there may be a 'cp -p'. When using the install command permissions are usually explicit and the end result is not impacted by the environment.

dirtyharrycallahan avatar Jul 28 '22 14:07 dirtyharrycallahan

Lmod 8.7.10 now has the following feature. It uses the user's umask as long as the id -u is greater or equal to 500. For user id's less than 500 it uses a umask of 022. Sites can override this default value by configuring with: --with-mode=MODE where MODE is the permissions with the execute bit set. So setting MODE to 755, or 750 or 700 would be appropriate. Lmod strips the execute bit off to set permissions on non-executable files.

This change should allow regular users to know what they are getting when doing personal installed and system installs should work like many sysadmin's expect.

Please test Lmod 8.7.10 to see if this change works for you.

rtmclay avatar Jul 31 '22 00:07 rtmclay

There were some issues with Lmod 8.7.10 that I fixed. Please test Lmod 8.7.11 instead.

rtmclay avatar Jul 31 '22 17:07 rtmclay

Note that adds a build requirement on bc which I guess I'll need to add to the Fedora package.

opoplawski avatar Aug 02 '22 03:08 opoplawski

While this goes above and beyond my original observation it appears to install files with appropriate permissions by default. I did not test the --with-mode option.

dirtyharrycallahan avatar Aug 02 '22 17:08 dirtyharrycallahan

I am closing this issue. Feel free to re-open if there is a problem.

rtmclay avatar Aug 18 '22 21:08 rtmclay