Open jtniehof opened 3 years ago
This would be a cool enhancement. I like something like (4) above. Likely not critical but interesting.
Pay attention that files move around a bit from temp space (to incoming?) to final home and permissions should be strong everywhere. Maybe temp space should be user only then opened when placed in correct home. Not sure how tempfile.TemporaryDirectory
handles permission.
The permissions should be maintained on a move, but it's a good point that if we make sure the temp directory itself is user-readable only, then we're secure. On modern Linux systems the temp directory gets created in a per-user, user-only directory. mkdtemp states "The directory is readable, writable, and searchable only by the creating user ID" so that's good!
You prefer 4 to 5? I guess if we're explicitly doing permission rather than doing a umask it fits there a little better.
You prefer 4 to 5? I guess if we're explicitly doing permission rather than doing a umask it fits there a little better.
I don't think I care much. I was thinking not too much work and 4 is easier.
dbprocessing doesn't currently do any permission management, so the permissions of created files are determined by the umask of the process/shell that calls ProcessQueue, and anything done by the actual file production code. It might be useful to specify permissions on a by-product basis. E.g. I often want different permissions for level 1 and level 2 files even on the processing machine.
Proposed enhancement
I'm not ready to suggest any single path forward at this point; it might be some combination of documentation and changes. See possibilities below, in Alternatives.
Alternatives
Several possibilities:
I rather like 5; it's probably the most work but has the potential to solve a lot of problems. We can also do some documentation to suggest 1-3.
OS, Python version, and dependency version information:
Version of dbprocessing
git master (92b3f7ed2881168a1c7651869bf3b96a7e015273)
Closure condition
This issue should be closed when an option is chosen, implemented, and merged, or when appropriate related issues are opened that span the problem (e.g. opening an implementation issue after the design is complete).