alibuild icon indicating copy to clipboard operation
alibuild copied to clipboard

Published 20 hours ago verified publisher icon alisw

Local remote-store folders have no group write permission

Open rqwa opened this issue 8 years ago • 5 comments

Folders created locally by alibuild via --remote-store have no group write permission. The permissions are the same as the user default options. This could cause problems when a multi-user setup will be used. A change of the of permission rights during creation would solve the issue.

ll store/TARS/slc6_x86-64/ total 26 drwxr-xr-x 25 marquard aliceexp 25 Jun 2 12:57 dist drwxr-xr-x 25 marquard aliceexp 25 Jun 2 12:57 dist-direct drwxr-xr-x 25 marquard aliceexp 25 Jun 2 12:57 dist-runtime<

rqwa avatar Jun 02 '16 11:06 rqwa

As discussed separately, I think this should be done by changing the umask of your users, wouldn't you agree?

ktf avatar Jun 07 '16 07:06 ktf

I think it depends on the use case and how a multi-user system is managed. In principal I assume two different use cases, either an administrator who manages the base packages and users which rely on them or a group of users which just want to share the compiled packages. In the first case a change of umask probably would not be necessary, also no user will be able to provide a new package. In the second case a change of umask could be fine, but the user will not be able to limit the umask setting to the store, also his own installation directory will have the same permissions. As rsync provides the option --chmod to change the permissions on syncing, I would prefer a flag which provides this option (eg ::rwg for group and ::rwa for all).

rqwa avatar Jun 07 '16 10:06 rqwa

How do you enforce that everyone uses ::rwa?

alibuild avatar Jun 07 '16 10:06 alibuild

There should not be any force to use ::rwa. It should just be an option that every user on a server can update the store directory. This would not change the permissions for the folders mentioned in the initial posting, as all the dist folders are created via mkdir instead of rsync.

rqwa avatar Jun 07 '16 13:06 rqwa

After some more code study, it seems for me that the issue is more versatile then I thought. I would use rsync --chmod a+r for the sync process, to be sure that all synced TARS are readable and no option as suggested above. Instead the mkdir commands can be preceded with umask 0002 to make them group writeable, for new links, subfolders etc. If you agree I can try to provide a patch.

rqwa avatar Jun 21 '16 13:06 rqwa