The other day I found out that nothing is more annoying than a chmod -R has affected your entire repository, and all files are marked as modified. Reverting this should have been as easy as calling chmod on all files with the default desired permissions. However, some of the files were checked in incorrect permissions initially, so then still hundreds of files had changed permissions.
This needs to prevented, so I want to introduce a step to the testing pipeline that makes sure the following is as expected:
[x] directories are 0755
[x] files are 0644
[ ] executables are only executable for the owner: 0744. Executables are:
*.sh
*.bin
[ ] There should be a task to automatically set file permissions to the expected value, so let's introduce the Gulp task fix:chmod for that purpose.
[ ] files that can contain sensitive information, access tokens for example, should be hidden using 0600. For example:
The other day I found out that nothing is more annoying than a
chmod -Rhas affected your entire repository, and all files are marked as modified. Reverting this should have been as easy as callingchmodon all files with the default desired permissions. However, some of the files were checked in incorrect permissions initially, so then still hundreds of files had changed permissions.This needs to prevented, so I want to introduce a step to the testing pipeline that makes sure the following is as expected:
075506440744. Executables are:*.sh*.binfix:chmodfor that purpose.0600. For example:.npmrc:0600id_rsa:0600id_rsa.pub:0644.ssh:0700