On Mon, Feb 10, 2025 at 10:32:24PM +0000, brian m. carlson wrote: > > This is an issue for active/passive HA file servers. Since NFSv4 evaluates file permissions at the time of opening a file, this FD will always get an access denied error if a failover occurs during git clone. > > I'm not sure there's even a good way to solve this problem on the Git > side, since I suspect that if we opened the file as 0644 and then > immediately did an fchmod to 0444, if you'd still fail here if the file > is reopened. Is that correct? We could probably create and write the tempfile as 0644, and then switch it to 0444 before renaming it into place. We already do something similar with adjust_shared_perm(), I think. I don't know if it's worth doing it that way or not. It should just work even on systems that are happy with the current code, so I think the only downside would be a few extra lines of code and an extra chmod() syscall. -Peff
