storage permissions

[berturion]

info

git revision / version: xd-torrent-git 0.3.3-1 (from AUR)

OS: Arch Linux ARM 64

Architecture: aarch64

problem

I try to modify the permissions of the storage folder, its sub-folders and its files. I stopped the service, deleted the existing storage folder and, in a systemd overwrite, I put:

[Service]
Group=nas
UMask=007

Then I restart the service. The storage folder is recreated. The storage folder and all its hierarchy have the correct nas group. But the permissions are still drwx------ instead of drwxrwx---. If I download files, they have all -rw------- permissions. I was expecting -rw-rw----. The UMask option seems to be ignored. Or maybe it is overwritten in the program itself. Is there an option to change the umask somewhere ? Can you help me getting files readable and writable by the group please ?

backtrace / error messages

Error messages: no

Backtrace: no

[majestrate]

ah, by default XD uses 0600 on permissions, which is not group readable. this should be configurable but is not, i'll work on this this weekend probably.

[berturion]

Ok thanks. I don't know well Go Lang, so if I say something stupid, I am sorry. But if you simply do not specify permissions when creating folders and files, I think that permissions will be handled by the operating system's users' umask. For example, if the user xd is running the process, and its umask in the system is 002, I think that permissions will be 0660. Also, maybe systemd unit UMask option could overwrite it. Am I wrong ?

[majestrate]

you're right, right now XD explicitly sets permissions to 0600 but it should instead respect umask when running on applicable platforms.

[majestrate]

just pushed https://github.com/majestrate/XD/commit/ffe1f497cf94f7a4bade36755b499bee2b45e9b5

let me know if this fixes it for you.

[berturion]

I removed my AUR version, stopped the service, compiled and installed this version. I removed completely the storage folder. I created the xd.service and started it. The storage folder that is created is still drwx------. And torrent files also. Though, when I am connected with the xd user (that runs the process) and create folders, they have drwxr-xr-x permissions. Maybe there is another place where the 600 permission is set in the XD code ?

[berturion]

Maybe this ?

// ensure a file and its parent directory exists
func EnsureFile(fpath string, size uint64) (err error) {
    d, _ := filepath.Split(fpath)
    if d != "" {
        err = EnsureDir(d)
    }
    if err == nil {
        _, err = os.Stat(fpath)
        if os.IsNotExist(err) {
            log.Debugf("create file %s", fpath)
            var f *os.File
            f, err = os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY, 0600)
            if err == nil {
                // fill with zeros
                if size > 0 {
                    _, err = io.CopyN(f, Zero, int64(size))
                }
                f.Close()
            }
        }
    }
    return
}

Or this ?

// save to filesystem
func (k *Keyfile) Store() (err error) {
    if len(k.fname) > 0 {
        var f *os.File
        f, err = os.OpenFile(k.fname, os.O_CREATE|os.O_WRONLY, 0600)
        if err == nil {
            err = k.write(f)
            f.Close()
        }
    }
    return
}

[majestrate]

you're right

pushed https://github.com/majestrate/XD/commit/ac550b28a2ea70514649939fdab98dfd6e0d8fa9

[berturion]

Great! This is perfect. I tested with and without systemd UMask option, all is working as expected.