search

astroband / ruby-stellar-base

The stellar-base library is the lowest-level stellar helper library. It consists of classes to read, write, hash, and sign the xdr structures that are used in stellar-core
Apache License 2.0
21 stars 19 forks source link

Gem file permissions are too strict #55

Closed meric426 closed 4 years ago

meric426 commented 4 years ago

What version are you using?

0.21.0

What did you do?

When installing the gem with root inside a docker container and running the rails server with a non-root user. The user has no permissions to load or read the gem files.

What did you expect to see?

chmod 0655 on gem files

What did you see instead?

chmod 0600

leighmcculloch commented 4 years ago

Hi @meric426, I believe the issue you're seeing is an issue with your specific ruby development environment and not an issue with ruby-stellar-base. If you sudo gem install, the files are likely owned by root. Can I suggest checking out StackOverflow or using a non-root gem install.

Please feel free to reopen if I've misunderstood and you believe this is a bug in ruby-stellar-base.

meric426 commented 4 years ago

Out of 50 gems stellar-base is the only gem with files with chmod 0600 installed with root or not

meric426 commented 4 years ago

Compare these outputs

$ bundle show stellar-base | xargs ls -al
drwxr-xr-x   19 meric426  staff    608 Mar 19 17:09 .
drwxr-xr-x  244 meric426  staff   7808 Mar 19 11:28 ..
-rw-------    1 meric426  staff    142 Mar  1 11:50 .gitignore
-rw-------    1 meric426  staff    427 Mar  1 11:50 .travis.yml
-rw-------    1 meric426  staff    119 Mar  1 11:50 .yardopts
-rw-------    1 meric426  staff   6183 Mar  1 11:50 CHANGELOG.md
-rw-------    1 meric426  staff   2197 Mar  1 11:50 CONTRIBUTING.md
-rw-------    1 meric426  staff    313 Mar  1 11:50 Gemfile
-rw-------    1 meric426  staff    188 Mar  1 11:50 Guardfile
-rw-------    1 meric426  staff  11360 Mar  1 11:50 LICENSE.txt
-rw-------    1 meric426  staff   3635 Mar  1 11:50 README.md
-rw-------    1 meric426  staff     83 Mar  1 11:50 Rakefile
drwxr-xr-x    9 meric426  staff    288 Mar  1 11:50 examples
drwxr-xr-x    4 meric426  staff    128 Mar  1 11:50 generated
drwxr-xr-x    4 meric426  staff    128 Mar  1 11:50 lib
-rw-------    1 meric426  staff   1307 Mar  1 11:50 ruby-stellar-base.gemspec
drwxr-xr-x    5 meric426  staff    160 Mar  1 11:50 spec
drwxr-xr-x    5 meric426  staff    160 Mar  1 11:50 tasks
drwxr-xr-x    8 meric426  staff    256 Mar  1 11:50 xdr
$ bundle show pry | xargs ls -al
drwxr-xr-x    7 meric426  staff    224 Jan 17 14:33 .
drwxr-xr-x  244 meric426  staff   7808 Mar 19 17:15 ..
-rw-r--r--    1 meric426  staff  46932 Jan 17 14:33 CHANGELOG.md
-rw-r--r--    1 meric426  staff   1092 Jan 17 14:33 LICENSE
-rw-r--r--    1 meric426  staff  14552 Jan 17 14:33 README.md
drwxr-xr-x    3 meric426  staff     96 Jan 17 14:33 bin
drwxr-xr-x    4 meric426  staff    128 Jan 17 14:33 lib
leighmcculloch commented 4 years ago

Thanks for providing more details. That does seem odd. Permissions of the files on disk when the gem was built are preserved (to a degree in combination with umask), and downloading the .gem file and untaring it shows the permissions match above.

It was probably accidental whoever previously released the gem had their own file system's umask configured rather strict.

I think to fix this we need to just rebuild the .gem file and re-release it as a new patch version.

leighmcculloch commented 4 years ago

In terms of people impacted, this will impact users of a system Ruby installed as root, or with Ruby or the gem installed by a different user than the user who will use the gem. Users of Ruby using a non-system Ruby or a single user Ruby installation like that with rvm are unlikely to see an issue because the gem's files will be installed as the current user and the same user has permissions to read. This is why not everyone sees this issue.

meric426 commented 4 years ago

This is why not everyone sees this issue.

Exactly. That's why I didn't discovered this until i built a docker image of my app and tried to run it in production

leighmcculloch commented 4 years ago

Until this is fixed you can move forward by chmoding the files. Obviously that's not a great long term solution, but should hold you over I think.

meric426 commented 4 years ago

Yep. That’s what I did. Thanks :)

On Thu, 19 Mar 2020 at 17:58, Leigh McCulloch notifications@github.com wrote:

Until this is fixed you can move forward by chmoding the files. Obviously that's not a great long term solution, but should hold you over I think.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/stellar/ruby-stellar-base/issues/55#issuecomment-601297792, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABQHY5G6QW3DUQYFT6E7UTRIJFJZANCNFSM4LPF4POQ .

abuiles commented 4 years ago

@meric426 hey, can you try again? we just published it with different permissions:

-rw-r--r--   1 adolfobuiles  staff  75264 Mar 26 15:04 stellar-base-0.22.0.gem
meric426 commented 4 years ago

@meric426 hey, can you try again? we just published it with different permissions:

-rw-r--r--   1 adolfobuiles  staff  75264 Mar 26 15:04 stellar-base-0.22.0.gem

Worked perfectly :) Thanks!