search

devops-works / binenv

One binary to rule them all. Manage all those pesky binaries (kubectl, helm, terraform, ...) easily.
MIT License
372 stars 44 forks source link

Binaries installed in BINENV_GLOBAL mode are not world executable #220

Closed letompouce closed 1 year ago

letompouce commented 1 year ago

When binenv is installed system-wide, the binaries it installs lacks of the world executable bit, so regular users can not use those.

Let's fire a brand new Debian stable container, install wget(1), then follow the System-wide installation instructions for Linux/Bash:

❯ docker run --rm -it --name binenv --entrypoint=/bin/bash debian:11
root@c4f2d497ef69:/# apt update -qqqqq && apt install -yqqqqq wget
[...]
root@c4f2d497ef69:/# wget -q https://github.com/devops-works/binenv/releases/latest/download/binenv_linux_amd64
root@c4f2d497ef69:/# mv binenv_linux_amd64 binenv
root@c4f2d497ef69:/# chmod +x ./binenv
root@c4f2d497ef69:/# ./binenv -g update
2022-11-01T11:39:31Z INF updating distribution list
2022-11-01T11:39:31Z INF retrieving distribution cache from https://raw.githubusercontent.com/devops-works/binenv/develop/distributions/cache.json
2022-11-01T11:39:31Z INF fetched updates for 276 distributions
root@c4f2d497ef69:/# ./binenv -g install binenv
2022-11-01T11:39:36Z WRN version for "binenv" not specified; using "0.19.6"
fetching binenv version 0.19.6 100% |████████████████████████████████████████████████████████████████████████████████████| (7.5/7.5 MB, 2.173 MB/s)
2022-11-01T11:39:40Z INF executing self install using bindir /var/lib/binenv
2022-11-01T11:39:40Z INF "binenv" (0.19.6) installed
root@c4f2d497ef69:/# rm ./binenv
root@c4f2d497ef69:/# if [[ -n $BASH ]]; then ZESHELL=bash; fi
root@c4f2d497ef69:/# echo $ZESHELL
bash
root@c4f2d497ef69:/# echo "source <(binenv completion ${ZESHELL})" >> ~/.${ZESHELL}rc
root@c4f2d497ef69:/# exec $SHELL
2022-11-01T11:40:12Z INF updating distribution list
root@c4f2d497ef69:/#

Ensure we're going global anyway, and install bat(1):

root@c4f2d497ef69:/# export BINENV_GLOBAL=true
root@c4f2d497ef69:/# binenv -g install bat
2022-11-01T11:42:43Z WRN version for "bat" not specified; using "0.22.1"
fetching bat version 0.22.1 100% |███████████████████████████████████████████████████████████████████████████████████████| (2.7/2.7 MB, 2.176 MB/s)
2022-11-01T11:42:45Z INF "bat" (0.22.1) installed
root@c4f2d497ef69:/# bat --version
bat 0.22.1 (e5d9579)
root@c4f2d497ef69:/#

Then, create a regular user and try to use bat(1):

root@c4f2d497ef69:/# adduser --disabled-password --gecos test user
Adding user `user' ...
Adding new group `user' (1000) ...
Adding new user `user' (1000) with group `user' ...
Creating home directory `/home/user' ...
Copying files from `/etc/skel' ...
root@c4f2d497ef69:/# su - user
user@c4f2d497ef69:~$ export BINENV_GLOBAL=true
user@c4f2d497ef69:~$ bat --version
2022-11-01T11:45:41Z FTL unable to execute bat error="permission denied"
user@c4f2d497ef69:~$

The regular user can not run the bat(1) binary since it lacks of the executable bit for other:

root@c4f2d497ef69:/# namei -l /var/lib/binenv/binaries/bat/0.22.1 
f: /var/lib/binenv/binaries/bat/0.22.1
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root lib
drwxr-xr-x root root binenv
drwxr-xr-x root root binaries
drwxr-xr-x root root bat
-rwxr-x--- root root 0.22.1
root@c4f2d497ef69:/# umask
0022

This one seems so obvious that I must have missed something :thinking:

leucos commented 1 year ago

Thanks a lot for the very detailed tests and explanation ! It is very rare these days to have such a great and clear issue. So I feel even more ashamed to have missed it !

I will look into it.

leucos commented 1 year ago

Thanks a lot for the great bug report. This is now solved (v0.19.8).

Solves #227 too