All of lore.kernel.org
 help / color / mirror / Atom feed
From: Junio C Hamano <gitster@pobox.com>
To: Eric Sunshine <sunshine@sunshineco.com>
Cc: Tobias Klauser <tklauser@distanz.ch>,
	Christian Couder <chriscool@tuxfamily.org>,
	Matthieu Moy <Matthieu.Moy@grenoble-inp.fr>,
	Git List <git@vger.kernel.org>
Subject: Re: [PATCH v4 2/2] interpret-trailers: add option for in-place editing
Date: Tue, 19 Jan 2016 12:58:12 -0800	[thread overview]
Message-ID: <xmqqfuxt9ti3.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <CAPig+cRozqCKdC2+nyG-UM6xFo_sSqa7OhGgcycyyDQujZHtHA@mail.gmail.com> (Eric Sunshine's message of "Tue, 19 Jan 2016 13:10:49 -0500")

Eric Sunshine <sunshine@sunshineco.com> writes:

> My understanding is that SANITY is an expectation that directory
> permissions work in an expected POSIXy way: that is, a file can't be
> deleted when its containing directory lacks 'write', and a file can't
> be read/accessed when the directory has neither 'read' nor 'execute'.
> This doesn't say anything about root not being allowed to read a file
> when the file itself lacks 'read'.

In short, SANITY is "does looking at permission bits sufficient to
anticipate what the filesystem would do?" while POSIXPERM is "can
chmod be used to tweak permission bits of the filesystem" (a
filesystem that lacks permission bits support would qualify as
!POSIXPERM, as there is nothing to tweak in the first place).

I suspect the comment added by f400e51c and its patch description
stressed too much about permission of a directory affecting what we
can do to files inside the directory, and failed to describe another
criteria for a sane environment: "files whose permission bits say
you shouldn't be able to read or write cannot be read or written".
Traditionally, running tests as root was one major way to break
SANITY, but as f400e51c noticed, "can we write to '/'?", which was
an old-fashioned way to catch the only case where SANITY does not
hold on POSIX systems [*1*], cannot catch insanity on non-POSIX
system like Cygwin.

POSIXPERM is more about "if we do chmod, does filesystem remember it
so that ls -l reports the same?"  Output from "git grep POSIXPERM t"
shows that some users of it also assume that it requires "we can
make something executable by doing chmod +x and unexecutable by
doing chmod -x" (and that is fine--running tests as root would not
make an unexecutable file executable).  The tests that require
POSIXPERM but not SANITY can be run by root (I am not saying that
running tests as root is safe or sane, though) and are expected to
produce the same result as they were run by a non-root user.


[Footnote]

*1* This is an old-fashioned way back when everybody on UNIX was
    sane and / had 0755 permission bits everywhere.  Some people
    make their / owned by sysadmin group and give 0775 bits, and
    "test -w /" would incorrectly say that the environment lacks
    SANITY when run by non-root users in the sysadmin group, even
    though our tests like "chmod -r file && ! cat file" (drop
    readable bit, expect it to become unreadable) guarded by SANITY
    can correctly run by them.

    Back when f400e51c was written, checking `whoami` was suggested
    as an alternative as a workaround for this "/ may be writable by
    a non-root person and not a good SANITY check" issue, but that
    was rejected because it obviously would not work on Cygwin.

  reply	other threads:[~2016-01-19 20:58 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-01-14 16:57 [PATCH v4 0/2] Add in-place editing support to git interpret-trailers Tobias Klauser
2016-01-14 16:57 ` [PATCH v4 1/2] trailer: allow to write to files other than stdout Tobias Klauser
2016-01-14 16:57 ` [PATCH v4 2/2] interpret-trailers: add option for in-place editing Tobias Klauser
2016-01-14 20:45   ` Junio C Hamano
2016-01-15 10:34     ` Tobias Klauser
2016-01-15 17:24       ` Junio C Hamano
2016-01-15 17:45         ` Tobias Klauser
2016-01-18 21:11     ` Eric Sunshine
     [not found]       ` <CAPc5daWpnReWJzeTJjvZap78H0oZKG-YGEP19Neusyahu5A6cQ@mail.gmail.com>
2016-01-18 22:13         ` Eric Sunshine
2016-01-19  8:28           ` Tobias Klauser
2016-01-19 17:52       ` Junio C Hamano
2016-01-19 17:56         ` Eric Sunshine
2016-01-19 18:10           ` Eric Sunshine
2016-01-19 20:58             ` Junio C Hamano [this message]
2016-01-19 21:45               ` Eric Sunshine
2016-01-19 22:09                 ` Junio C Hamano
2016-01-20  0:20                   ` Eric Sunshine

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqfuxt9ti3.fsf@gitster.mtv.corp.google.com \
    --to=gitster@pobox.com \
    --cc=Matthieu.Moy@grenoble-inp.fr \
    --cc=chriscool@tuxfamily.org \
    --cc=git@vger.kernel.org \
    --cc=sunshine@sunshineco.com \
    --cc=tklauser@distanz.ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.