linux git init/clone on Netapp NTFS security style volumes

linux git init/clone on Netapp NTFS security style volumes

[github]

Hello,
 
I'm trying to execute git init and git clone operations on a linux client that mounts a Netapp volume with NTFS Security Style. Meaning the client is Linux based but the filesystem is managed from Windows side - especially linux chmod operations are not permitted.
 
Maybe a new CLI option might be helpful to skip those chmod operations.
 
 
$ git version
git version 2.34.1
 
 
ERROR git clone
$ git clone https://github.com/git/git.git
Cloning into 'git'...
error: chmod on /mnt/git-clone-test/git/.git/config.lock failed: Operation not permitted
fatal: could not set 'core.filemode' to 'false'
 
$ git config --global --replace-all core.fileMode false
 
$ git clone https://github.com/git/git.git
Cloning into 'git'...
error: chmod on /mnt/git-clone-test/git/.git/config.lock failed: Operation not permitted
fatal: could not set 'core.filemode' to 'false'
 
 
ERROR git init
$ git init
hint: Using 'master' as the name for the initial branch. This default branch name
hint: is subject to change. To configure the initial branch name to use in all
hint: of your new repositories, which will suppress this warning, call:
hint:
hint:   git config --global init.defaultBranch <name>
hint:
hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
hint: 'development'. The just-created branch can be renamed via this command:
hint:
hint:   git branch -m <name>
error: chmod on /mnt/git-init-test/.git/config.lock failed: Operation not permitted
fatal: could not set 'core.filemode' to 'false'
 
$ git config --global --replace-all core.fileMode false
$ git init
error: chmod on /mnt/git-init-test/.git/config.lock failed: Operation not permitted
fatal: could not set 'core.repositoryformatversion' to '0'
 
$ cat .git/config
[core]
        repositoryformatversion = 0
 
$ git status
fatal: not a git repository (or any parent up to mount point /data/care)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
 
 
Thanks&Best
 
JH

Re: linux git init/clone on Netapp NTFS security style volumes

[brian m. carlson]

[-- Attachment #1: Type: text/plain, Size: 1007 bytes --]

On 2024-07-06 at 19:35:30, github@online.ms wrote:
> Hello,
>  
> I'm trying to execute git init and git clone operations on a linux
> client that mounts a Netapp volume with NTFS Security Style. Meaning
> the client is Linux based but the filesystem is managed from Windows
> side - especially linux chmod operations are not permitted.
>  
> Maybe a new CLI option might be helpful to skip those chmod operations.

I'm not surprised by this, because Windows volumes under WSL also have
the same problem.  However, I don't see the behaviour you describe when
creating a new file system with NTFS on Linux and using ntfs-3g to
mount with default options.  In my case, everything works just fine.

Note that I didn't try using the old non-FUSE driver because that's
deprecated and I don't believe it's available anymore in Debian sid.

What OS (including version) are you using and how are you mounting the
file system?
-- 
brian m. carlson (they/them or he/him)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Aw: Re: linux git init/clone on Netapp NTFS security style volumes

[github]

> Gesendet: Sonntag, 07. Juli 2024 um 21:54 Uhr
> Von: "brian m. carlson" <sandals@crustytoothpaste.net>
> An: github@online.ms
> Cc: git@vger.kernel.org
> Betreff: Re: linux git init/clone on Netapp NTFS security style volumes
>
> On 2024-07-06 at 19:35:30, github@online.ms wrote:
> > Hello,
> >  
> > I'm trying to execute git init and git clone operations on a linux
> > client that mounts a Netapp volume with NTFS Security Style. Meaning
> > the client is Linux based but the filesystem is managed from Windows
> > side - especially linux chmod operations are not permitted.
> >  
> > Maybe a new CLI option might be helpful to skip those chmod operations.
> 
> I'm not surprised by this, because Windows volumes under WSL also have
> the same problem.  However, I don't see the behaviour you describe when
> creating a new file system with NTFS on Linux and using ntfs-3g to
> mount with default options.  In my case, everything works just fine.
> 
> Note that I didn't try using the old non-FUSE driver because that's
> deprecated and I don't believe it's available anymore in Debian sid.
> 
> What OS (including version) are you using and how are you mounting the
> file system?
> -- 
> brian m. carlson (they/them or he/him)
> Toronto, Ontario, CA
> 

The feature is very specific to Netapp. The (Netapp) volume is mounted using NFSv4, but chmod operations are not allowed as permissions have to be managed using Windows.
Currently, OS is ubuntu 22.04. I'm confident that the distribution does not make a difference.

Following section of the code should be skipped for given case.
https://github.com/git/git/blob/master/config.c#L3434-L3438

		if (chmod(get_lock_file_path(&lock), st.st_mode & 07777) < 0) {
			error_errno(_("chmod on %s failed"), get_lock_file_path(&lock));
			ret = CONFIG_NO_WRITE;
			goto out_free;
		}

I'm looking for some advice how to best skip or catch this section.

In addition, I came across this Netapp setting which might just ignore the chmod operations without Client side failure. I haven't tested it yet.
https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Can_I_set_UNIX_style_permissions_from_an_NFS_mount_on_an_NTFS_qtree


Thank You

Josef

Re: Aw: Re: linux git init/clone on Netapp NTFS security style volumes

[brian m. carlson]

[-- Attachment #1: Type: text/plain, Size: 2460 bytes --]

On 2024-07-08 at 16:50:58, github@online.ms wrote:
> The feature is very specific to Netapp. The (Netapp) volume is mounted using NFSv4, but chmod operations are not allowed as permissions have to be managed using Windows.
> Currently, OS is ubuntu 22.04. I'm confident that the distribution does not make a difference.

Okay, then I think the answer is that your NFS server is considered to
be broken, and there are a variety of NFS breakages that violate POSIX
that we don't work around, including the very common one where
open(file, O_RDWR, 0444) doesn't work.

I will tell you that this configuration will break a lot of other tools,
not just Git.  Git LFS and its testsuite will be broken; the Perl,
Python, and Ruby testsuites will also be broken; and there's various
other software I know of that simply will not work on such a file system
(and a simple search turns up yet more). chmod is a really fundamental
piece of Unix functionality, and even if you patch this in Git, you're
going to see a bunch of breakage and most upstreams and distros won't
care.

> Following section of the code should be skipped for given case.
> https://github.com/git/git/blob/master/config.c#L3434-L3438
> 
> 		if (chmod(get_lock_file_path(&lock), st.st_mode & 07777) < 0) {
> 			error_errno(_("chmod on %s failed"), get_lock_file_path(&lock));
> 			ret = CONFIG_NO_WRITE;
> 			goto out_free;
> 		}
> 
> I'm looking for some advice how to best skip or catch this section.

We have core.filemode, but according to the documentation, that only
takes into consideration the executable bit.  So I suppose you could add
a third option, "none" (or "broken"), that is the equivalent of false
but also means that chmod is broken altogether and shouldn't be used.
The documentation would need to be updated as well.

Someone else might prefer a different option for this altogether, but
you may not get that feedback until you send a patch.

> In addition, I came across this Netapp setting which might just ignore the chmod operations without Client side failure. I haven't tested it yet.
> https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Can_I_set_UNIX_style_permissions_from_an_NFS_mount_on_an_NTFS_qtree

That might be also be a viable approach.  I don't see an option to
disable this functionality in the Linux NFS client, which is where I
would have looked.
-- 
brian m. carlson (they/them or he/him)
Toronto, Ontario, CA

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]