diff options
4 files changed, 42 insertions, 6 deletions
diff --git a/Annex/Content.hs b/Annex/Content.hs index 612a96a6b..289a4f1b3 100644 --- a/Annex/Content.hs +++ b/Annex/Content.hs @@ -699,18 +699,21 @@ preseedTmp key file = go =<< inAnnex key ) ) -{- Blocks writing to an annexed file, and modifies file permissions to - - allow reading it, per core.sharedRepository setting. -} +{- Normally, blocks writing to an annexed file, and modifies file + - permissions to allow reading it. + - + - When core.sharedRepository is set, the write bits are not removed from + - the file, but instead the appropriate group write bits are set. This is + - necessary to let other users in the group lock the file. + -} freezeContent :: FilePath -> Annex () freezeContent file = unlessM crippledFileSystem $ withShared go where go GroupShared = liftIO $ modifyFileMode file $ - removeModes writeModes . - addModes [ownerReadMode, groupReadMode] + addModes [ownerReadMode, groupReadMode, ownerWriteMode, groupWriteMode] go AllShared = liftIO $ modifyFileMode file $ - removeModes writeModes . - addModes readModes + addModes (readModes ++ writeModes) go _ = liftIO $ modifyFileMode file $ removeModes writeModes . addModes [ownerReadMode] diff --git a/debian/changelog b/debian/changelog index 9c9b2c7c9..55f195dc4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,9 @@ git-annex (5.20151117) UNRELEASED; urgency=medium * Display progress meter in -J mode when downloading from the web. * map: Improve display of git remotes with non-ssh urls, including http and gcrypt. + * When core.sharedRepository is set, annex object files are not made mode + 444, since that prevents a user other than the file owner from locking + them. Instead, a mode such as 664 is used in this case. -- Joey Hess <id@joeyh.name> Mon, 16 Nov 2015 16:49:34 -0400 diff --git a/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others.mdwn b/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others.mdwn index 204e81221..f67d73ba4 100644 --- a/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others.mdwn +++ b/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others.mdwn @@ -247,3 +247,5 @@ git-annex: .git/annex/unused: openFile: permission denied (Permission denied) # End of transcript or log. """]] + +> [[fixed|done]] --[[Joey]] diff --git a/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others/comment_1_5c06ab75371237a263c836da45106707._comment b/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others/comment_1_5c06ab75371237a263c836da45106707._comment new file mode 100644 index 000000000..43b37c020 --- /dev/null +++ b/doc/bugs/Move_out_of_shared_repository_as___34__maintenance_user__34___gives_permission_denied_for_files_edited_by_others/comment_1_5c06ab75371237a263c836da45106707._comment @@ -0,0 +1,28 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2015-11-18T19:35:52Z" + content=""" +More simply stated, user A adds a file, which sets its perms to 444, and +user B can't change those perms to lock the file for removal. + +In sharedRepository mode, the object directory's perms are already +weakened, to eg 775 rather than the default 555, for the same reason; +another user with shared access can't chmod the object directory to allow +writing to it. That just needs to be extended from object directory to +object file to fix this. + +But, that means that the object file will be mode 664, rather than +444, and so git-annex can't prevent accidental direct modifications of the +content of objects when in sharedRepository mode, like it normally does. + +Since that's a belt and suspenders protection, and since the object +directory permissions weakening already lost a similar protection against +accidential deletion of object files, shrug, I guess we'll do that. + +I do feel that sharedRepository mode rarely ever makes sense to use. It's +very fiddely to get the permissions set up right and keep them right, and +there are much better ways to share a centralized repo between users, eg +use gitolite or a dedicated account that's locked down to only let +git/git-annex commands be run. +"""]] |