Re: odb_mkstemp's 0444 permission broke write/delete access on AFP

["Torsten Bögershausen" <tboegi@web.de>]

On 02/17/2015 04:22 AM, Fairuzan Roslan wrote:
>> On Feb 17, 2015, at 3:08 AM, Matthieu Moy <Matthieu.Moy@grenoble-inp.fr> wrote:
>>
>> [ Please, don't top post on this list ]
>>
>> Fairuzan Roslan <fairuzan.roslan@gmail.com> writes:
>>
>>> I don’t see the issue for the owner of his/her own file to have write
>>> access.
>> Object and pack files are not meant to be modified. Hence, they are
>> read-only so that an (accidental) attempt to modify them fails.
>>
>>> Setting tmp idx & pack files to read-only even for the file owner is
>>> not a safety feature.
>> Yes it is. If you do not think so, then please give some arguments.
>>
>>> You should at least give the user the option to set the permission in
>>> the config file and not hardcoded the permission in the binary.
>> This is the kind of thing I meant by "investigate alternate solutions".
>> I have no AFP share to test, so it would help if you answered the
>> question I asked in my previous message:
>>
>>>> On Feb 17, 2015, at 2:23 AM, Matthieu Moy <Matthieu.Moy@grenoble-inp.fr> wrote:
>>>>
>>>> Fairuzan Roslan <fairuzan.roslan@gmail.com> writes:
>>>>
>>>>> Hi,
>>>>>
>>>>> Somehow the “int mode = 0444;” in odb_mkstemp (environment.c) are
>>>>> causing a lot of issues (unable to unlink/write/rename) to those
>>>>> people who use AFP shares.
>>>> Is it a problem when using Git (like "git gc" failing to remove old
>>>> packs), or when trying to remove files outside Git?
>> (BTW, why did you try to write/rename pack files?)
>>
>> --
>> Matthieu Moy
>> http://www-verimag.imag.fr/~moy/
> I think its easier if I just show you…
>
> OS : OS X 10.10.0 - 10.10.2
> Client :  git version 1.9.3 (Apple Git-50) and git version 2.2.1
> AFP share : //user@hostname._afpovertcp._tcp.local/installer on /Volumes/installer (afpfs, nodev, nosuid, mounted by user)
>
> 1. git clone example
>
> $ git clone https://github.com/robbyrussell/oh-my-zsh.git
> Cloning into 'oh-my-zsh'...
> remote: Counting objects: 11830, done.
> remote: Total 11830 (delta 0), reused 0 (delta 0)
> Receiving objects: 100% (11830/11830), 2.12 MiB | 481.00 KiB/s, done.
> Resolving deltas: 100% (6510/6510), done.
> warning: unable to unlink /Volumes/installer/oh-my-zsh/.git/objects/pack/tmp_pack_zjPxuc: Operation not permitted
> error: unable to write sha1 filename /Volumes/installer/oh-my-zsh/.git/objects/pack/pack-cceafdc9ef02bc58844138ba543ec6cc38252bb1.pack: Operation not permitted
> fatal: cannot store pack file
> fatal: index-pack failed
>
> $ ls -l oh-my-zsh/.git/objects/pack
> total 5008
> -rw-------  1 user  staff       32 Feb 17 09:59 pack-cceafdc9ef02bc58844138ba543ec6cc38252bb1.keep
> -r--r--r--  1 user  staff   332312 Feb 17 09:59 tmp_idx_oUN1sb
> -r--r--r--  1 user  staff  2223007 Feb 17 09:59 tmp_pack_zjPxuc
>
> $ rm -rf oh-my-zsh/.git/objects/pack/tmp_*
> rm: oh-my-zsh/.git/objects/pack/tmp_idx_oUN1sb: Operation not permitted
> rm: oh-my-zsh/.git/objects/pack/tmp_pack_zjPxuc: Operation not permitted
>
> Detail Errors:
> 1. delete_ref_loose (refs.c) -> unlink_or_msg (wrapper.c) -> "unable to unlink %s: %s"
> 2. move_temp_to_file (sha1_file.c ) -> “unable to write sha1 filename %s: %s”
>
> 2. git pull example
>
> Textual git:master $ git pull
> remote: Counting objects: 435, done.
> remote: Compressing objects: 100% (398/398), done.
> remote: Total 435 (delta 219), reused 18 (delta 12)
> Receiving objects: 100% (435/435), 1.22 MiB | 756.00 KiB/s, done.
> Resolving deltas: 100% (219/219), done.
> warning: unable to unlink .git/objects/pack/tmp_pack_vDaIZa: Operation not permitted
> error: unable to write sha1 filename .git/objects/pack/pack-977a2dc0f4be3996dc1186e565a30d55d14b5e87.pack: Operation not permitted
I'm somewhat unsure how this is connected to 0444 ?

It seems as if you don't have write permissions for some reasons.
(on the higher directory), what does
ls -ld  .git/objects/pack/
ls -ld  .git/objects/
give ?

can you run
rm .git/objects/pack/pack-977a2dc0f4be3996dc1186e565a30d55d14b5e87.pack

on the command line ?