Open patrickhowerter opened 1 week ago
hello - thanks for raising this. so we do check for file permissions mode and if the file is readable by Group or Others https://github.com/snowflakedb/snowflake-connector-python/blob/v3.11.0/src/snowflake/connector/config_manager.py#L336
but i'm not sure if the issue comes from the PythonConnector or not. reproduced the issue by creating the connections.toml, setting it as read-only mode :
PS C:\temp\python1978> Get-Acl .\connections.toml |Format-List
Path : Microsoft.PowerShell.Core\FileSystem::C:\temp\python1978\connections.toml
Owner : MYHOST\dszmolka
Group : MYHOST\None
Access : MYHOST\dszmolka Allow Read, Synchronize
Audit :
Sddl : O:S-1-5-21-1293141090-215775074-2841561624-1000G:S-1-5-21-1293141090-215775074-2841561624513D:PAI(A;;FR;;;S-1-5-21-1293141090-215775074-2841561624-1000)
(from what i understand about Windows; this looks like as of only me the owner have Read and Synchronize (whatever that is) permissions, nobody has anything else)
but when adding some debug logging to config_manager.py
to actually write out the file permissions it is seeing on the file:
> python .\test.py
C:\temp\python1978
filep.stat().st_mode: 33206, oct: 0o100666. stat.S_IRGRP: 32, oct: 0o40. stat.S_IROTH: 4, oct: 0o4
C:\temp\python1978\venv\lib\site-packages\snowflake\connector\config_manager.py:352: UserWarning: Bad owner or permissions on C:\temp\python1978\connections.toml
warn(f"Bad owner or permissions on {str(filep)}{chmod_message}")
which if i got correctly, the least-significant 4 bits (0666
) show the file permissions similarly to Unix; which is quite disturbing because 0666 means the file is readable+writable for Owner, Group, and Others too. So the error message (complaining about bad permissions) makes sense at the first glance; as it should be only readable to Owner, if this is really the permission bits.
I'll keep digging how it would be the best to actually enforce the necessary 0600
permission on Windows (it's a simple instant chmod
on Unix)
well determining the file permissions on Windows with the same method as on Unix, don't seem to work. We'll need to see how we want to address this.
A couple of options I see here as this appears to be difficult to implement across operating systems.
Python version
Python 3.11.8
Operating system and processor architecture
Windows-10-10.0.19045-SP0
Installed packages
What did you do?
What did you expect to see?
I expect to see no warning messages.
Can you set logging to DEBUG and collect the logs?