search

alisw / alibuild

A simple build tool for ALICE software
http://alisw.github.io/alibuild/
GNU General Public License v3.0
24 stars 46 forks source link

Local remote-store folders have no group write permission #301

Open rqwa opened 8 years ago

rqwa commented 8 years ago

Folders created locally by alibuild via --remote-store have no group write permission. The permissions are the same as the user default options. This could cause problems when a multi-user setup will be used. A change of the of permission rights during creation would solve the issue.

ll store/TARS/slc6_x86-64/ total 26 drwxr-xr-x 25 marquard aliceexp 25 Jun 2 12:57 dist drwxr-xr-x 25 marquard aliceexp 25 Jun 2 12:57 dist-direct drwxr-xr-x 25 marquard aliceexp 25 Jun 2 12:57 dist-runtime<

ktf commented 8 years ago

As discussed separately, I think this should be done by changing the umask of your users, wouldn't you agree?

rqwa commented 8 years ago

I think it depends on the use case and how a multi-user system is managed. In principal I assume two different use cases, either an administrator who manages the base packages and users which rely on them or a group of users which just want to share the compiled packages. In the first case a change of umask probably would not be necessary, also no user will be able to provide a new package. In the second case a change of umask could be fine, but the user will not be able to limit the umask setting to the store, also his own installation directory will have the same permissions. As rsync provides the option --chmod to change the permissions on syncing, I would prefer a flag which provides this option (eg ::rwg for group and ::rwa for all).

alibuild commented 8 years ago

How do you enforce that everyone uses ::rwa?

rqwa commented 8 years ago

There should not be any force to use ::rwa. It should just be an option that every user on a server can update the store directory. This would not change the permissions for the folders mentioned in the initial posting, as all the dist folders are created via mkdir instead of rsync.

rqwa commented 8 years ago

After some more code study, it seems for me that the issue is more versatile then I thought. I would use rsync --chmod a+r for the sync process, to be sure that all synced TARS are readable and no option as suggested above. Instead the mkdir commands can be preceded with umask 0002 to make them group writeable, for new links, subfolders etc. If you agree I can try to provide a patch.