Re: odb_mkstemp's 0444 permission broke write/delete access on AFP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> On Feb 17, 2015, at 1:34 PM, Torsten Bögershausen <tboegi@xxxxxx> wrote:
> 
> On 02/17/2015 04:22 AM, Fairuzan Roslan wrote:
>>> On Feb 17, 2015, at 3:08 AM, Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx> wrote:
>>> 
>>> [ Please, don't top post on this list ]
>>> 
>>> Fairuzan Roslan <fairuzan.roslan@xxxxxxxxx> writes:
>>> 
>>>> I don’t see the issue for the owner of his/her own file to have write
>>>> access.
>>> Object and pack files are not meant to be modified. Hence, they are
>>> read-only so that an (accidental) attempt to modify them fails.
>>> 
>>>> Setting tmp idx & pack files to read-only even for the file owner is
>>>> not a safety feature.
>>> Yes it is. If you do not think so, then please give some arguments.
>>> 
>>>> You should at least give the user the option to set the permission in
>>>> the config file and not hardcoded the permission in the binary.
>>> This is the kind of thing I meant by "investigate alternate solutions".
>>> I have no AFP share to test, so it would help if you answered the
>>> question I asked in my previous message:
>>> 
>>>>> On Feb 17, 2015, at 2:23 AM, Matthieu Moy <Matthieu.Moy@xxxxxxxxxxxxxxx> wrote:
>>>>> 
>>>>> Fairuzan Roslan <fairuzan.roslan@xxxxxxxxx> writes:
>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> Somehow the “int mode = 0444;” in odb_mkstemp (environment.c) are
>>>>>> causing a lot of issues (unable to unlink/write/rename) to those
>>>>>> people who use AFP shares.
>>>>> Is it a problem when using Git (like "git gc" failing to remove old
>>>>> packs), or when trying to remove files outside Git?
>>> (BTW, why did you try to write/rename pack files?)
>>> 
>>> --
>>> Matthieu Moy
>>> http://www-verimag.imag.fr/~moy/
>> I think its easier if I just show you…
>> 
>> OS : OS X 10.10.0 - 10.10.2
>> Client :  git version 1.9.3 (Apple Git-50) and git version 2.2.1
>> AFP share : //user@hostname._afpovertcp._tcp.local/installer on /Volumes/installer (afpfs, nodev, nosuid, mounted by user)
>> 
>> 1. git clone example
>> 
>> $ git clone https://github.com/robbyrussell/oh-my-zsh.git
>> Cloning into 'oh-my-zsh'...
>> remote: Counting objects: 11830, done.
>> remote: Total 11830 (delta 0), reused 0 (delta 0)
>> Receiving objects: 100% (11830/11830), 2.12 MiB | 481.00 KiB/s, done.
>> Resolving deltas: 100% (6510/6510), done.
>> warning: unable to unlink /Volumes/installer/oh-my-zsh/.git/objects/pack/tmp_pack_zjPxuc: Operation not permitted
>> error: unable to write sha1 filename /Volumes/installer/oh-my-zsh/.git/objects/pack/pack-cceafdc9ef02bc58844138ba543ec6cc38252bb1.pack: Operation not permitted
>> fatal: cannot store pack file
>> fatal: index-pack failed
>> 
>> $ ls -l oh-my-zsh/.git/objects/pack
>> total 5008
>> -rw-------  1 user  staff       32 Feb 17 09:59 pack-cceafdc9ef02bc58844138ba543ec6cc38252bb1.keep
>> -r--r--r--  1 user  staff   332312 Feb 17 09:59 tmp_idx_oUN1sb
>> -r--r--r--  1 user  staff  2223007 Feb 17 09:59 tmp_pack_zjPxuc
>> 
>> $ rm -rf oh-my-zsh/.git/objects/pack/tmp_*
>> rm: oh-my-zsh/.git/objects/pack/tmp_idx_oUN1sb: Operation not permitted
>> rm: oh-my-zsh/.git/objects/pack/tmp_pack_zjPxuc: Operation not permitted
>> 
>> Detail Errors:
>> 1. delete_ref_loose (refs.c) -> unlink_or_msg (wrapper.c) -> "unable to unlink %s: %s"
>> 2. move_temp_to_file (sha1_file.c ) -> “unable to write sha1 filename %s: %s”
>> 
>> 2. git pull example
>> 
>> Textual git:master $ git pull
>> remote: Counting objects: 435, done.
>> remote: Compressing objects: 100% (398/398), done.
>> remote: Total 435 (delta 219), reused 18 (delta 12)
>> Receiving objects: 100% (435/435), 1.22 MiB | 756.00 KiB/s, done.
>> Resolving deltas: 100% (219/219), done.
>> warning: unable to unlink .git/objects/pack/tmp_pack_vDaIZa: Operation not permitted
>> error: unable to write sha1 filename .git/objects/pack/pack-977a2dc0f4be3996dc1186e565a30d55d14b5e87.pack: Operation not permitted
> I'm somewhat unsure how this is connected to 0444 ?
> 
> It seems as if you don't have write permissions for some reasons.
> (on the higher directory), what does
> ls -ld  .git/objects/pack/
> ls -ld  .git/objects/
> give ?
> 
> can you run
> rm .git/objects/pack/pack-977a2dc0f4be3996dc1186e565a30d55d14b5e87.pack
> 
> on the command line ?

No. I have write permission on all of the folders.
drwxr-xr-x  1 user  staff       264 Feb 17 11:05 .
drwxr-xr-x  1 user  staff       264 Jan 30 12:52 ..

It has nothing to do with my folder permissions. Like I said earlier this only happened to people who use AFP shares.

When odb_mkstemp being called and sets the tmp idx & pack files to 0444 and later functions like unlink_or_msg or finish_tmp_packfile tries to unlink or rename those files, it will fail

It would be much faster and easier if you can try it on a AFP shares or I can talk you through it over irc @freenode #git (riaf^)

Regards,
Fairuzan

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]