duncdrum
commented
6 years ago Phew I smell a big can of worms incoming. Just to be clear, is this for an app with an app specific user generated during install?
- owner ends up being +rwe trough this but we could make this explicit
- db-group write make sense to me, although we should check if this propagates to a user-group that is generated by the install script. e.g.
dbainstallsmy-appwithapp-usercreated on install, is there aapp-usergroup with write access after post-install.xql finished running? - for library packages it seems necessary to have read and execute permissions for all
Since potential changes to this will change how apps function, I would add this to the 5.0.0 milestone.
In the end I feel that this behaviour is actually what most users would end up wanting for their apps, we could make this more configurable via the repo.xml during install.
This will also need-documentation see eXist-db/documentation#164
When installing an EXPath Package to eXist-db, the deployment script changes the permissions on all Collections and Documents in the package when they are stored into the database.
See line https://github.com/eXist-db/exist/blob/develop/src/org/exist/repo/Deployment.java#L892
Basically the deployment sets these mode bits:
owner +readgroup +writeother +executeI find this very uncomfortable, in particular:
group +writewhich allows anyone in the deploying users group to modify the files in the package.other +executewhich allows any XQuery in the package to be executed by any user. This seems like a bad plan, as an app package may have its own security requirements and/or login processes.I think this really has to be fixed! I would particularly like to hear comments from @wolfgangmm @dizzzz @duncdrum and @joewiz.