Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: support reusing GOMODCACHE system wide #40895

Open
flibustenet opened this issue Aug 19, 2020 · 13 comments
Open

cmd/go: support reusing GOMODCACHE system wide #40895

flibustenet opened this issue Aug 19, 2020 · 13 comments

Comments

@flibustenet
Copy link

@flibustenet flibustenet commented Aug 19, 2020

What version of Go are you using (go version)?

$ go version
go version go1.15 linux/amd64

Given the new possibility to set GOMODCACHE i would like to make it system wide as i have only trusted users on my server it would let me gain disk space and download speed if the directory could be the same for all users.
But the perms prevent it, for security reason i believe.

Is there a workaround ? Or could it be a proposal for a such a feature ?

I'm aware of running a local proxy but it's overkill for me and will duplicate again the cache.

@GrigoriyMikhalkin
Copy link
Contributor

@GrigoriyMikhalkin GrigoriyMikhalkin commented Aug 19, 2020

I'm not sure, what's problem here -- you can create common directory like /home/common, make it accessible to every trusted user and store mod cache there. Or, probably, i misunderstood your problem?

@flibustenet
Copy link
Author

@flibustenet flibustenet commented Aug 19, 2020

Sorry i should give an example:

# ls -ld /ocean/gomodcache
drwxrwxr-x 4 root www-user 4096 août  19 16:57 /ocean/gomodcache

wilk@thinkpad:/tmp/t$ go env |grep GOMODCACHE
GOMODCACHE="/ocean/gomodcache"

wilk@thinkpad:/tmp/t$ go get github.com/gorilla/mux
go: downloading github.com/gorilla/mux v1.7.4

ania@thinkpad:/tmp/t$ go get github.com/gorilla/mux
go get: open /ocean/gomodcache/github.com/gorilla/mux@v1.7.4: permission denied

ania@thinkpad:/tmp/t$ go get github.com/pkg/errors
go: writing stat cache: mkdir /ocean/gomodcache/cache/download/github.com/pkg: permission denied
go: downloading github.com/pkg/errors v0.9.1
go get github.com/pkg/errors: mkdir /ocean/gomodcache/cache/download/github.com/pkg: permission denied

thinkpad:/ocean# ls -ld gomodcache/*
drwxr-xr-x 3 wilk wilk 4096 août  19 17:00 gomodcache/cache
drwxr-xr-x 3 wilk wilk 4096 août  19 17:00 gomodcache/github.com

The directories are created without writing permission to group and others and the owner is the first user who go get something.

@GrigoriyMikhalkin
Copy link
Contributor

@GrigoriyMikhalkin GrigoriyMikhalkin commented Aug 19, 2020

You need to set setgid bit for this directory, like chmod g+s /ocean/gomodcache. In that case, all new files and subdirectories will inherit group from parent directory

@flibustenet
Copy link
Author

@flibustenet flibustenet commented Aug 19, 2020

Yes for the group, but there is still no write permission on the group.
I tried also with -modcacherw but it's only for files and owner.

@GrigoriyMikhalkin
Copy link
Contributor

@GrigoriyMikhalkin GrigoriyMikhalkin commented Aug 19, 2020

Try to set acl for this directory and add group to it: setfacl -Rdm g:www-user:rwx /ocean/gomodcache. Did it helped?

@flibustenet
Copy link
Author

@flibustenet flibustenet commented Aug 19, 2020

No, i believe go get explicitly set group without write.

@GrigoriyMikhalkin
Copy link
Contributor

@GrigoriyMikhalkin GrigoriyMikhalkin commented Aug 19, 2020

That's strange, that works for me.

@GrigoriyMikhalkin
Copy link
Contributor

@GrigoriyMikhalkin GrigoriyMikhalkin commented Aug 19, 2020

Here's how i tried to reproduce your problem, feel free to update my steps if i do something wrong:

Create group:

groupadd test

Create user and add him to group:

useradd testuser
usermod -a -G test testuser

Create common directory and assign needed permissions:

mkdir /home/common
chmod g+rwx /home/common
chmod g+s /home/common
setfacl -Rdm g:test:rwx /home/common/

Login as new user and download module:

su testuser
export GOMODCACHE="/home/common/"
cd some_module
go get github.com/grigoriymikhalkin/sqlboiler-paginate/v4

And that works just fine.

@flibustenet
Copy link
Author

@flibustenet flibustenet commented Aug 19, 2020

The first user who go get works, it's the next user which cannot. Can you come back to the first user and go get something ?

@GrigoriyMikhalkin
Copy link
Contributor

@GrigoriyMikhalkin GrigoriyMikhalkin commented Aug 19, 2020

Ah, i see. Indeed, i get this error from first user.

@dmitshur dmitshur changed the title GOMODCACHE system wide cmd/go: support reusing GOMODCACHE system wide Aug 20, 2020
@dmitshur dmitshur added this to the Backlog milestone Aug 20, 2020
@dmitshur
Copy link
Member

@dmitshur dmitshur commented Aug 20, 2020

I'm not sure if this is meant to be supported and whether it's already possible (if done in a certain way).

/cc @jayconrod @matloob @bcmills @mvdan

@jayconrod jayconrod modified the milestones: Backlog, Unplanned Aug 20, 2020
@jayconrod
Copy link
Contributor

@jayconrod jayconrod commented Aug 20, 2020

What is your umask setting? What are the permissions on the directories where the permission denied errors are happening?

The go command creates most cache directories with mode 0777, but people usually have a umask of 0022, so that becomes 0755.

@dmitshur
Copy link
Member

@dmitshur dmitshur commented Aug 21, 2020

Also /cc @katiehockman FYI since this topic may be relevant to fuzzing work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.