Re: directory permissions on AFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jaime Frey <jfrey@xxxxxxxxxxx> writes:

> Stracing git revealed that it successfully recreated the ./objects/fb 
> and then failed to chmod() it. It failed because it tried to set the
> S_ISGID bit, which mere mortals cannot do on AFS. Manually recreating 
> all of these directories solves the problem. 

We fix directory permissions after creating any directory under .git
with the same code, so that in a repository shared by group, new
subdirectories created by a random somebody who belongs to that
group will belong to that group (we also chmod to g+wx in case such
a random somebody has overly strict umask).  Instead of running
chown(2) on every new file created by us, we let the filesystem to
take care of it by telling the directories we create that new files
in them should inherit their group ownership.

What we were worried about back when we decided to use S_ISGID was a
scenario like this:

 * A repository is shared by group "src".

 * A user belongs to the group "src".  That group may or may not be
   his primary group (i.e. "mkdir foo" done at random place by him
   may not belong to the "src" group).

 * The user attempts to create a new branch "foo/bar" by pushing
   from outside.  There is no other branch whose name is
   "foo/anything" when this happens.

 * An equivalent of "mkdir -p .git/refs/heads/foo" needs to be done
   before an equivalent of "echo $sha >.git/refs/heads/foo/bar"
   happens to accept this push.  We want "foo" and "bar" to belong
   to "src" group and they get appropriate permission bits suitable
   to be accessed by the members of the "src" group.

The story is the same for loose objects and their fan-out directory.
Storing a commit object fb/012345... may need to create the leading
fan-out ".git/objects/fb" and we want that directory and any future
files created in it to belong to the "src" group.

Any alternative implementation that achieves the same result that
works on AFS can be substituted with the current code, or made
conditionally activated on AFS.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]