jmmv
commented
5 years ago Huh... actually what I said is probably nonsensical. I was somehow thinking in terms of I/O syscalls all this time and got carried away by the coolness factor of that run_as function... but oh well, sete[gu]id are syscalls too, and we have to issue a bunch of them. Plus oh the complexity.
I'll try the chown approach separately to see how it looks like. Keeping this PR open just in case, but removing review request for now.
When
--allow=otheris enabled, this ensures that files created in underlying paths have the right ownerships. The need for this has come up in the context of remote execution, where the environment there is... special for historical reasons.I'm not sure if what I did here is the best way to achieve this, but it seems convoluted. I could think of two approaches: first, the one I went with (changing euid/egid at creation time), and, second, using
chownright after creating the files. I went with the former approach under the assumption that the global lock is less costly than the doubled number of system calls... but I could be wrong.