From: Matthieu Moy <Matthieu.Moy@imag.fr>
To: git@vger.kernel.org, gitster@pobox.com
Cc: Matthieu Moy <Matthieu.Moy@imag.fr>
Subject: [PATCH 4/6 v2] Use git_mkstemp_mode and xmkstemp_mode in odb_mkstemp, not chmod later.
Date: Sat, 20 Feb 2010 00:21:56 +0100 [thread overview]
Message-ID: <1266621718-4879-4-git-send-email-Matthieu.Moy@imag.fr> (raw)
In-Reply-To: <vpq7hq8stjt.fsf@bauges.imag.fr>
We used to create 0600 files, and then use chmod to set the group and
other permission bits to the umask. This usually has the same effect
as a normal file creation with a umask.
But in the presence of ACLs, the group permission plays the role of
the ACL mask: the "g" bits of newly created files are chosen according
to default ACL mask of the directory, not according to the umask, and
doing a chmod() on these "g" bits affect the ACL's mask instead of
actual group permission.
In other words, creating files with 0600 and then doing a chmod to the
umask creates files which are unreadable by users allowed in the
default ACL. To create the files without breaking ACLs, we let the
umask do it's job at the file's creation time, and get rid of the
later chmod.
Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
---
Change since v1:
+ /*
+ * we let the umask do its job, don't try to be more
+ * restrictive except to remove write permission.
+ */
+ int mode = 0444;
=> the 0666 became a 0444 to create the file read-only (+typo in comment).
builtin-pack-objects.c | 18 ++----------------
t/t1304-default-acl.sh | 2 +-
wrapper.c | 10 +++++++---
3 files changed, 10 insertions(+), 20 deletions(-)
diff --git a/builtin-pack-objects.c b/builtin-pack-objects.c
index e1d3adf..539e75d 100644
--- a/builtin-pack-objects.c
+++ b/builtin-pack-objects.c
@@ -464,9 +464,6 @@ static int write_one(struct sha1file *f,
return 1;
}
-/* forward declaration for write_pack_file */
-static int adjust_perm(const char *path, mode_t mode);
-
static void write_pack_file(void)
{
uint32_t i = 0, j;
@@ -523,21 +520,17 @@ static void write_pack_file(void)
}
if (!pack_to_stdout) {
- mode_t mode = umask(0);
struct stat st;
const char *idx_tmp_name;
char tmpname[PATH_MAX];
- umask(mode);
- mode = 0444 & ~mode;
-
idx_tmp_name = write_idx_file(NULL, written_list,
nr_written, sha1);
snprintf(tmpname, sizeof(tmpname), "%s-%s.pack",
base_name, sha1_to_hex(sha1));
free_pack_by_name(tmpname);
- if (adjust_perm(pack_tmp_name, mode))
+ if (adjust_shared_perm(pack_tmp_name))
die_errno("unable to make temporary pack file readable");
if (rename(pack_tmp_name, tmpname))
die_errno("unable to rename temporary pack file");
@@ -565,7 +558,7 @@ static void write_pack_file(void)
snprintf(tmpname, sizeof(tmpname), "%s-%s.idx",
base_name, sha1_to_hex(sha1));
- if (adjust_perm(idx_tmp_name, mode))
+ if (adjust_shared_perm(idx_tmp_name))
die_errno("unable to make temporary index file readable");
if (rename(idx_tmp_name, tmpname))
die_errno("unable to rename temporary index file");
@@ -2125,13 +2118,6 @@ static void get_object_list(int ac, const char **av)
loosen_unused_packed_objects(&revs);
}
-static int adjust_perm(const char *path, mode_t mode)
-{
- if (chmod(path, mode))
- return -1;
- return adjust_shared_perm(path);
-}
-
int cmd_pack_objects(int argc, const char **argv, const char *prefix)
{
int use_internal_rev_list = 0;
diff --git a/t/t1304-default-acl.sh b/t/t1304-default-acl.sh
index 4ee44a1..b8e9c34 100755
--- a/t/t1304-default-acl.sh
+++ b/t/t1304-default-acl.sh
@@ -27,7 +27,7 @@ modebits () {
ls -l "$1" | sed -e 's|^\(..........\).*|\1|'
}
-test_expect_failure 'git gc does not break ACLs with restrictive umask' '
+test_expect_success 'git gc does not break ACLs with restrictive umask' '
umask 077 &&
git gc &&
actual=$(modebits .git/objects/pack/*.pack) &&
diff --git a/wrapper.c b/wrapper.c
index 673762f..9c71b21 100644
--- a/wrapper.c
+++ b/wrapper.c
@@ -277,10 +277,14 @@ int git_inflate(z_streamp strm, int flush)
int odb_mkstemp(char *template, size_t limit, const char *pattern)
{
int fd;
-
+ /*
+ * we let the umask do its job, don't try to be more
+ * restrictive except to remove write permission.
+ */
+ int mode = 0444;
snprintf(template, limit, "%s/%s",
get_object_directory(), pattern);
- fd = mkstemp(template);
+ fd = git_mkstemp_mode(template, mode);
if (0 <= fd)
return fd;
@@ -289,7 +293,7 @@ int odb_mkstemp(char *template, size_t limit, const char *pattern)
snprintf(template, limit, "%s/%s",
get_object_directory(), pattern);
safe_create_leading_directories(template);
- return xmkstemp(template);
+ return xmkstemp_mode(template, mode);
}
int odb_pack_keep(char *name, size_t namesz, unsigned char *sha1)
--
1.7.0.rc2.92.gb6a04
next prev parent reply other threads:[~2010-02-19 23:22 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-19 16:33 [PATCH 0/4] Allow Git repositories to be shared using POSIX ACLs Matthieu Moy
2010-02-19 16:33 ` [PATCH 1/4] Add a testcase for ACL with restrictive umask Matthieu Moy
2010-02-19 16:33 ` [PATCH 2/4] Move gitmkstemps to path.c Matthieu Moy
2010-02-19 16:33 ` [PATCH 3/4] git_mkstemp_mode, xmkstemp_mode: variants of gitmkstemps with mode argument Matthieu Moy
2010-02-19 16:33 ` [PATCH 4/4] Use git_mkstemp_mode and xmkstemp_mode in odb_mkstemp, not chmod later Matthieu Moy
2010-02-19 23:19 ` Matthieu Moy
2010-02-19 23:21 ` [PATCH 1/6] Add a testcase for ACL with restrictive umask Matthieu Moy
2010-02-19 23:21 ` [PATCH 2/6] Move gitmkstemps to path.c Matthieu Moy
2010-02-19 23:21 ` [PATCH 3/6] git_mkstemp_mode, xmkstemp_mode: variants of gitmkstemps with mode argument Matthieu Moy
2010-02-20 19:22 ` Junio C Hamano
2010-02-19 23:21 ` Matthieu Moy [this message]
2010-02-19 23:21 ` [PATCH 5/6] git_mkstemps_mode: don't set errno to EINVAL for any error Matthieu Moy
2010-02-20 18:13 ` Junio C Hamano
2010-02-22 7:36 ` Matthieu Moy
2010-02-22 19:56 ` Junio C Hamano
2010-02-19 23:21 ` [PATCH 6/6] Use git_mkstemp_mode instead of plain mkstemp to create object files Matthieu Moy
2010-02-20 20:01 ` [PATCH 4/4] Use git_mkstemp_mode and xmkstemp_mode in odb_mkstemp, not chmod later Junio C Hamano
2010-02-22 7:55 ` Matthieu Moy
2010-02-22 20:33 ` Junio C Hamano
2010-02-22 20:36 ` Junio C Hamano
2010-02-22 22:11 ` Matthieu Moy
2010-02-19 17:52 ` [PATCH 0/4] Allow Git repositories to be shared using POSIX ACLs Junio C Hamano
2010-02-22 22:32 ` [PATCH 0/6 v3] " Matthieu Moy
2010-02-22 22:32 ` [PATCH 1/6] Add a testcase for ACL with restrictive umask Matthieu Moy
2010-02-22 22:32 ` [PATCH 2/6] Move gitmkstemps to path.c Matthieu Moy
2010-02-22 22:32 ` [PATCH 3/6] git_mkstemp_mode, xmkstemp_mode: variants of gitmkstemps with mode argument Matthieu Moy
2010-02-22 22:32 ` [PATCH 4/6] Use git_mkstemp_mode and xmkstemp_mode in odb_mkstemp, not chmod later Matthieu Moy
2010-02-22 22:32 ` [PATCH 5/6] git_mkstemps_mode: don't set errno to EINVAL on exit Matthieu Moy
2010-02-22 22:32 ` [PATCH 6/6] Use git_mkstemp_mode instead of plain mkstemp to create object files Matthieu Moy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1266621718-4879-4-git-send-email-Matthieu.Moy@imag.fr \
--to=matthieu.moy@imag.fr \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).