search

conda-forge / miniforge

A conda-forge distribution.
https://conda-forge.org/miniforge
Other
5.76k stars 306 forks source link

miniforge should respect umask when installing #506

Open j3mdamas opened 8 months ago

j3mdamas commented 8 months ago

Solution to issue cannot be found in the documentation.

Issue

I have posted my issue initially as a comment on this issue from conda: https://github.com/conda/conda/issues/12829.

My comment: https://github.com/conda/conda/issues/12829#issuecomment-1781169987

In short, I have the following umask:

$ umask -S
u=rwx,g=rx,o=rx

Yet, when creating an installation for miniforge from the installer, the group has write permissions:

$ ls -lgG $(find miniforge/ -perm /022 ! -type l | head)
-rw-rw-r-- 1  322 Aug 20 20:38 miniforge/pkgs/.constructor-build.info
-rw-rw-r-- 2 2594 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/cp1140.cpython-310.pyc
-rw-rw-r-- 2 8759 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/cp850.cpython-310.pyc
-rw-rw-r-- 2 2601 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/cp875.cpython-310.pyc
-rw-rw-r-- 2 2603 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/iso8859_4.cpython-310.pyc
-rw-rw-r-- 2 2644 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/mac_turkish.cpython-310.pyc
-rw-rw-r-- 2 2571 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/quopri_codec.cpython-310.pyc
-rw-rw-r-- 2 1640 Jun 24 00:59 miniforge/pkgs/python-3.10.12-hd12c33a_0_cpython/lib/python3.10/encodings/__pycache__/shift_jisx0213.cpython-310.pyc
-rw-rw-r-- 1 8610 Aug 20 20:38 miniforge/pkgs/urls
-rw-rw-r-- 1 6135 Aug 20 20:38 miniforge/pkgs/urls.txt

On an answer to my comment (https://github.com/conda/conda/issues/12829#issuecomment-1781213953), they suggested it has not to do with conda-package-streaming/handling, where they have fixed this, but with miniforge. Hence I am reporting it here. For the moment, I can always rewrite the permissions after installation, but I thought it would be worth it to report it.

Installed packages

This is a bug from a fresh install of miniforge. But here's the output of `conda list`:

# packages in environment at $HOME/test_conda_permissions/miniforge:
#
# Name                    Version                   Build  Channel
_libgcc_mutex             0.1                 conda_forge    conda-forge
_openmp_mutex             4.5                       2_gnu    conda-forge
boltons                   23.0.0             pyhd8ed1ab_0    conda-forge
brotli-python             1.0.9           py310hd8f1fbe_9    conda-forge
bzip2                     1.0.8                h7f98852_4    conda-forge
c-ares                    1.19.1               hd590300_0    conda-forge
ca-certificates           2023.7.22            hbcca054_0    conda-forge
certifi                   2023.7.22          pyhd8ed1ab_0    conda-forge
cffi                      1.15.1          py310h255011f_3    conda-forge
charset-normalizer        3.2.0              pyhd8ed1ab_0    conda-forge
colorama                  0.4.6              pyhd8ed1ab_0    conda-forge
conda                     23.3.1          py310hff52083_0    conda-forge
conda-libmamba-solver     23.3.0             pyhd8ed1ab_0    conda-forge
conda-package-handling    2.2.0              pyh38be061_0    conda-forge
conda-package-streaming   0.9.0              pyhd8ed1ab_0    conda-forge
cryptography              41.0.3          py310h75e40e8_0    conda-forge
fmt                       9.1.0                h924138e_0    conda-forge
icu                       72.1                 hcb278e6_0    conda-forge
idna                      3.4                pyhd8ed1ab_0    conda-forge
jsonpatch                 1.32               pyhd8ed1ab_0    conda-forge
jsonpointer               2.0                        py_0    conda-forge
keyutils                  1.6.1                h166bdaf_0    conda-forge
krb5                      1.21.2               h659d440_0    conda-forge
ld_impl_linux-64          2.40                 h41732ed_0    conda-forge
libarchive                3.6.2                h039dbb9_1    conda-forge
libcurl                   8.2.1                hca28451_0    conda-forge
libedit                   3.1.20191231         he28a2e2_2    conda-forge
libev                     4.33                 h516909a_1    conda-forge
libffi                    3.4.2                h7f98852_5    conda-forge
libgcc-ng                 13.1.0               he5830b7_0    conda-forge
libgomp                   13.1.0               he5830b7_0    conda-forge
libiconv                  1.17                 h166bdaf_0    conda-forge
libmamba                  1.4.2                hcea66bb_0    conda-forge
libmambapy                1.4.2           py310h1428755_0    conda-forge
libnghttp2                1.52.0               h61bc06f_0    conda-forge
libnsl                    2.0.0                h7f98852_0    conda-forge
libsolv                   0.7.24               hfc55251_1    conda-forge
libsqlite                 3.42.0               h2797004_0    conda-forge
libssh2                   1.11.0               h0841786_0    conda-forge
libstdcxx-ng              13.1.0               hfd8a6a1_0    conda-forge
libuuid                   2.38.1               h0b41bf4_0    conda-forge
libxml2                   2.11.5               h0d562d8_0    conda-forge
libzlib                   1.2.13               hd590300_5    conda-forge
lz4-c                     1.9.4                hcb278e6_0    conda-forge
lzo                       2.10              h516909a_1000    conda-forge
mamba                     1.4.2           py310h51d5547_0    conda-forge
ncurses                   6.4                  hcb278e6_0    conda-forge
openssl                   3.1.2                hd590300_0    conda-forge
packaging                 23.1               pyhd8ed1ab_0    conda-forge
pip                       23.2.1             pyhd8ed1ab_0    conda-forge
pluggy                    1.2.0              pyhd8ed1ab_0    conda-forge
pybind11-abi              4                    hd8ed1ab_3    conda-forge
pycosat                   0.6.4           py310h5764c6d_1    conda-forge
pycparser                 2.21               pyhd8ed1ab_0    conda-forge
pyopenssl                 23.2.0             pyhd8ed1ab_1    conda-forge
pysocks                   1.7.1              pyha2e5f31_6    conda-forge
python                    3.10.12         hd12c33a_0_cpython    conda-forge
python_abi                3.10                    3_cp310    conda-forge
readline                  8.2                  h8228510_1    conda-forge
reproc                    14.2.4               h0b41bf4_0    conda-forge
reproc-cpp                14.2.4               hcb278e6_0    conda-forge
requests                  2.31.0             pyhd8ed1ab_0    conda-forge
ruamel.yaml               0.17.32         py310h2372a71_0    conda-forge
ruamel.yaml.clib          0.2.7           py310h1fa729e_1    conda-forge
setuptools                68.1.2             pyhd8ed1ab_0    conda-forge
tk                        8.6.12               h27826a3_0    conda-forge
toolz                     0.12.0             pyhd8ed1ab_0    conda-forge
tqdm                      4.66.1             pyhd8ed1ab_0    conda-forge
tzdata                    2023c                h71feb2d_0    conda-forge
urllib3                   2.0.4              pyhd8ed1ab_0    conda-forge
wheel                     0.41.1             pyhd8ed1ab_0    conda-forge
xz                        5.2.6                h166bdaf_0    conda-forge
yaml-cpp                  0.7.0                h27087fc_2    conda-forge
zstandard                 0.19.0          py310h1275a96_2    conda-forge
zstd                      1.5.2                hfc55251_7    conda-forge

### Environment info

```shell
active environment : base
    active env location : $HOME/test_conda_permissions/miniforge
            shell level : 1
       user config file : $HOME/.condarc
 populated config files : $HOME/test_conda_permissions/miniforge/.condarc
          conda version : 23.3.1
    conda-build version : not installed
         python version : 3.10.12.final.0
       virtual packages : __archspec=1=x86_64
                          __glibc=2.17=0
                          __linux=3.10.0=0
                          __unix=0=0
       base environment : $HOME/test_conda_permissions/miniforge  (writable)
      conda av data dir : $HOME/test_conda_permissions/miniforge/etc/conda
  conda av metadata url : None
           channel URLs : https://conda.anaconda.org/conda-forge/linux-64
                          https://conda.anaconda.org/conda-forge/noarch
          package cache : $HOME/test_conda_permissions/miniforge/pkgs
                          $HOME/.conda/pkgs
       envs directories : $HOME/test_conda_permissions/miniforge/envs
                          $HOME/.conda/envs
               platform : linux-64
             user-agent : conda/23.3.1 requests/2.31.0 CPython/3.10.12 Linux/3.10.0-957.el7.x86_64 centos/7.6.1810 glibc/2.17
                UID:GID : 16133:1000
             netrc file : None
           offline mode : False
jaimergp commented 1 month ago

This might be more of a constructor problem, or a micromamba one. Let me double check and I'll get back to you.

jaimergp commented 1 month ago

See this comment, I think it's related: https://github.com/conda/conda/issues/13953#issuecomment-2149649371