'error: unable to set permission to './objects/...'

'error: unable to set permission to './objects/...'

[Rafal Rusin]

[-- Attachment #1: Type: text/plain, Size: 557 bytes --]

Hello,

I'm hosting git repository on filesystem with 'chmod <some-file>'
causing permission denied error (it's smbfs mounted directory),
When I was doing push to such repo using file:// protocol, I got
following error:
error: unable to set permission to './objects/...'

I did a small fix to sha1_file.c (patch in attachment) and git now
warns when unable to chmod, and continues push. This resolved problem.
What do you think about applying it?

Regards,
-- 
Rafał Rusin
http://rrusin.blogspot.com
http://www.touk.pl
http://top.touk.pl

[-- Attachment #2: permission.patch --]
[-- Type: text/x-diff, Size: 449 bytes --]

diff --git a/sha1_file.c b/sha1_file.c
index 4ea0b18..305e751 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2272,8 +2272,9 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
 	}
 
 out:
-	if (set_shared_perm(filename, (S_IFREG|0444)))
-		return error("unable to set permission to '%s'", filename);
+	if (set_shared_perm(filename, (S_IFREG|0444))) {
+		warning("unable to set permission to '%s'", filename);
+    }
 	return 0;
 }
 

Re: 'error: unable to set permission to './objects/...'

[Miklos Vajna]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

On Sun, Nov 22, 2009 at 09:02:12PM +0100, Rafal Rusin <rafal.rusin@gmail.com> wrote:
> I did a small fix to sha1_file.c (patch in attachment) and git now
> warns when unable to chmod, and continues push. This resolved problem.
> What do you think about applying it?

Please read Documentation/SubmittingPatches, patches should be sent
inline and with a Signed-off-by line.

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: 'error: unable to set permission to './objects/...'

[Junio C Hamano]

Rafal Rusin <rafal.rusin@gmail.com> writes:

> I'm hosting git repository on filesystem with 'chmod <some-file>'
> causing permission denied error (it's smbfs mounted directory),
> When I was doing push to such repo using file:// protocol, I got
> following error:
> error: unable to set permission to './objects/...'
>
> I did a small fix to sha1_file.c (patch in attachment) and git now
> warns when unable to chmod, and continues push. This resolved problem.
> What do you think about applying it?

Suppose the user wanted to use this as a shared public repository and
configured core.sharedrepository.  If we try to set shared-perm and notice
a failure but keep going, what happens to the resulting repository?  

For example, the umask of the user who is pushing objects, causing this
codepath to run, might be too tight to be usable for the purpose of making
the file readable for other members of the group.  And the chmod() fails
in this codepath.  Then what?  Wouldn't it make the resulting repository
unusable?

I think a _fix_ needs to first know why chmod is failing for you and
either

 (1) make it not to fail; or

 (2) Perhaps your filesystem is lying and the result of chmod happens to
     be Ok (iow, the resulting file may be readable/writable by people who
     are supposed to be able to, accoring to the core.sharedrepository
     settings), in which case make the code notice the situation and keep
     going _only when_ it is safe to do so.

I do not think your change to _unconditionally_ keep going is a fix.

Re: 'error: unable to set permission to './objects/...'

[Rafal Rusin]

2009/11/23 Junio C Hamano <gitster@pobox.com>:
> Rafal Rusin <rafal.rusin@gmail.com> writes:
>
>> I'm hosting git repository on filesystem with 'chmod <some-file>'
>> causing permission denied error (it's smbfs mounted directory),
>> When I was doing push to such repo using file:// protocol, I got
>> following error:
>> error: unable to set permission to './objects/...'
>>
>> I did a small fix to sha1_file.c (patch in attachment) and git now
>> warns when unable to chmod, and continues push. This resolved problem.
>> What do you think about applying it?
>
> Suppose the user wanted to use this as a shared public repository and
> configured core.sharedrepository.  If we try to set shared-perm and notice
> a failure but keep going, what happens to the resulting repository?
>
> For example, the umask of the user who is pushing objects, causing this
> codepath to run, might be too tight to be usable for the purpose of making
> the file readable for other members of the group.  And the chmod() fails
> in this codepath.  Then what?  Wouldn't it make the resulting repository
> unusable?
>
> I think a _fix_ needs to first know why chmod is failing for you and
> either
>
>  (1) make it not to fail; or
>
>  (2) Perhaps your filesystem is lying and the result of chmod happens to
>     be Ok (iow, the resulting file may be readable/writable by people who
>     are supposed to be able to, accoring to the core.sharedrepository
>     settings), in which case make the code notice the situation and keep
>     going _only when_ it is safe to do so.
>
> I do not think your change to _unconditionally_ keep going is a fix.

Thanks for reply. You are right about sharedrepository argument.
As for detecting this particular case, I think it's not possible.
I think the best solution is to add repository config switch like
'usefilepermissions' true by default. If set to false, git would skip
chmod during push.
Does that make sense to you?

Regards,
-- 
Rafał Rusin
http://rrusin.blogspot.com
http://www.touk.pl
http://top.touk.pl

Re: 'error: unable to set permission to './objects/...'

[Martin Langhoff]

On Mon, Nov 23, 2009 at 12:27 AM, Junio C Hamano <gitster@pobox.com> wrote:
> And the chmod() fails
> in this codepath.  Then what?  Wouldn't it make the resulting repository
> unusable?

Slightly off-topic: I keep encountering hosts where
core.sharedrepository doesn't always work with git+ssh. It may be
related to old git versions (I see 1.5.8 in a host where I've seen it
happen recently), but I never fails to baffle me.

Been sysadmin'ing and developing on linux  since '98 and there is
nothing to prevent git from chmod'ing things right. And I know a few
things about git's plumbing :-) -- don't think it should be
mysteriously failing.

(And in several git repo servers I've spotted a cronjob doing chmod -R
g+rwx, applied by sysadmins to make the devs STFU about it ;-) ).

Is there a shortlist somewhere of reasons for it to be ignored?
Perhaps it is a known bug in old versions? -- the repo servers are
often behind...

Puzzled minds want to know.



m
-- 
 martin.langhoff@gmail.com
 martin@laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff

Re: 'error: unable to set permission to './objects/...'

[Junio C Hamano]

Rafal Rusin <rafal.rusin@gmail.com> writes:

> As for detecting this particular case, I think it's not possible.

Why not?

> I think the best solution is to add repository config switch like
> 'usefilepermissions' true by default. If set to false, git would skip
> chmod during push.
> Does that make sense to you?

Not at all.  That is like creating an "allow broken behaviour" option and
hoping for the best.

You shouldn't have to invent such a configuration variable to begin with,
as "let umask set whatever permission and leave it be" should already be
the case for !core.sharedrepository.  There is something wrong in your
set up and you need to get to the bottom of it, instead of coming up with
an even worse breakage as a unworkable workaround.

There are some things I noticed while looking at the codepaths that are
involved.

move_temp_to_file() is designed to move a temporary file that was created
by odb_mkstemp().  As the latter eventually uses mkstemp(), some
implementations of which ignore umask and create a file that is readable
only by the user, move_temp_to_file() must loosen the permission, even in
a private repository that honors umask (i.e. not in a shared repository)..

    Side note.  The creation of the temporary files in http.c that are
    given to move_temp_to_file() is not quite correct; they are created by
    fopen() without proper locking with mkstemp().  But that is a separate
    issue.

But the codepath tries to loosen it a bit too much.  Even if user's umask
is 077, files created in this codepath end up with world-readable because
we pretend that lstat() on the file returned 0444 (that is what a non-zero
value given as the second parameter to set_shared_perm() means).  We
should tighten it perhaps like the attached patch does.

In case it is not obvious, this patch is _not_ meant to help you work
around the chmod() failure you are seeing on your filesystem.  You need to
first see _why_ it fails for you, in order to come closer to the real
solution.

-- >8 --
Subject: [PATCH] move_temp_to_file(): don't loosen permission too much

We always feed 0444 as the second parameter to set_shared_perm() when
finalizing a temporary file we created using mkstemp(), as some versions
of glibc creates a temporary file with too tight a permission, ignoring
the user's umask.  As the second parameter tells set_shared_perm() to
pretend that it is the permission bits the file currently has (i.e. what
should have been set by the user's umask), we should make it just as
restrictive as user's umask suggests.

---
 sha1_file.c |   19 ++++++++++++++++---
 1 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/sha1_file.c b/sha1_file.c
index 63981fb..f0b8969 100644
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -2233,6 +2233,21 @@ static void write_sha1_file_prepare(const void *buf, unsigned long len,
 	git_SHA1_Final(sha1, &c);
 }
 
+static int fix_tempfile_mode(const char *filename)
+{
+	static mode_t user_mode;
+
+	if (!user_mode) {
+		user_mode = umask(0);
+		umask(user_mode);
+		user_mode = S_IFREG | ((user_mode ^ 0777) & 0666);
+	}
+
+	if (!set_shared_perm(filename, user_mode))
+		return 0;
+	return error("unable to set permission to '%s'", filename);
+}
+
 /*
  * Move the just written object into its final resting place.
  * NEEDSWORK: this should be renamed to finalize_temp_file() as
@@ -2274,9 +2289,7 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
 	}
 
 out:
-	if (set_shared_perm(filename, (S_IFREG|0444)))
-		return error("unable to set permission to '%s'", filename);
-	return 0;
+	return fix_tempfile_mode(filename);
 }
 
 static int write_buffer(int fd, const void *buf, size_t len)

Re: 'error: unable to set permission to './objects/...'

[Rafal Rusin]

OK, I solved problem by upgrading samba on server from 3.0.23c to
3.2.8 (it's old, because it's arm server). This newer version doesn't
have problem with chmod.
Junio, your idea to investigate why it fails was good :-)
Thanks for your time.

2009/11/23 Junio C Hamano <gitster@pobox.com>:
> Rafal Rusin <rafal.rusin@gmail.com> writes:
>
>> As for detecting this particular case, I think it's not possible.
>
> Why not?
>
>> I think the best solution is to add repository config switch like
>> 'usefilepermissions' true by default. If set to false, git would skip
>> chmod during push.
>> Does that make sense to you?
>
> Not at all.  That is like creating an "allow broken behaviour" option and
> hoping for the best.
>
> You shouldn't have to invent such a configuration variable to begin with,
> as "let umask set whatever permission and leave it be" should already be
> the case for !core.sharedrepository.  There is something wrong in your
> set up and you need to get to the bottom of it, instead of coming up with
> an even worse breakage as a unworkable workaround.
>
> There are some things I noticed while looking at the codepaths that are
> involved.
>
> move_temp_to_file() is designed to move a temporary file that was created
> by odb_mkstemp().  As the latter eventually uses mkstemp(), some
> implementations of which ignore umask and create a file that is readable
> only by the user, move_temp_to_file() must loosen the permission, even in
> a private repository that honors umask (i.e. not in a shared repository)..
>
>    Side note.  The creation of the temporary files in http.c that are
>    given to move_temp_to_file() is not quite correct; they are created by
>    fopen() without proper locking with mkstemp().  But that is a separate
>    issue.
>
> But the codepath tries to loosen it a bit too much.  Even if user's umask
> is 077, files created in this codepath end up with world-readable because
> we pretend that lstat() on the file returned 0444 (that is what a non-zero
> value given as the second parameter to set_shared_perm() means).  We
> should tighten it perhaps like the attached patch does.
>
> In case it is not obvious, this patch is _not_ meant to help you work
> around the chmod() failure you are seeing on your filesystem.  You need to
> first see _why_ it fails for you, in order to come closer to the real
> solution.
>
> -- >8 --
> Subject: [PATCH] move_temp_to_file(): don't loosen permission too much
>
> We always feed 0444 as the second parameter to set_shared_perm() when
> finalizing a temporary file we created using mkstemp(), as some versions
> of glibc creates a temporary file with too tight a permission, ignoring
> the user's umask.  As the second parameter tells set_shared_perm() to
> pretend that it is the permission bits the file currently has (i.e. what
> should have been set by the user's umask), we should make it just as
> restrictive as user's umask suggests.
>
> ---
>  sha1_file.c |   19 ++++++++++++++++---
>  1 files changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/sha1_file.c b/sha1_file.c
> index 63981fb..f0b8969 100644
> --- a/sha1_file.c
> +++ b/sha1_file.c
> @@ -2233,6 +2233,21 @@ static void write_sha1_file_prepare(const void *buf, unsigned long len,
>        git_SHA1_Final(sha1, &c);
>  }
>
> +static int fix_tempfile_mode(const char *filename)
> +{
> +       static mode_t user_mode;
> +
> +       if (!user_mode) {
> +               user_mode = umask(0);
> +               umask(user_mode);
> +               user_mode = S_IFREG | ((user_mode ^ 0777) & 0666);
> +       }
> +
> +       if (!set_shared_perm(filename, user_mode))
> +               return 0;
> +       return error("unable to set permission to '%s'", filename);
> +}
> +
>  /*
>  * Move the just written object into its final resting place.
>  * NEEDSWORK: this should be renamed to finalize_temp_file() as
> @@ -2274,9 +2289,7 @@ int move_temp_to_file(const char *tmpfile, const char *filename)
>        }
>
>  out:
> -       if (set_shared_perm(filename, (S_IFREG|0444)))
> -               return error("unable to set permission to '%s'", filename);
> -       return 0;
> +       return fix_tempfile_mode(filename);
>  }
>
>  static int write_buffer(int fd, const void *buf, size_t len)
>
>


Regards,
-- 
Rafał Rusin
http://rrusin.blogspot.com
http://www.touk.pl
http://top.touk.pl