lib/commit: Don't chown objects to repo target owner #1754
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The idea is that if the process is running as root, it can change ownership of newly written files to match the owner of the repo. Unfortunately, it currently applies in the other direction, too - a non-root user writing to a root owned repository. If the repo is writable by the user but owned by root, it can still create files and directories there, but it can't change ownership of them. This feature comes from https://bugzilla.gnome.org/show_bug.cgi?id=738954. As it turns out, this feature was never completed. It only works on content objects and not metadata objects, refs, deltas, summaries, etc. Rather than try to fix all of those, remove the feature until someone has interest in completing it.
|
Yeah...valid. Ironically I was just thinking about this again today in relation to coreos/coreos-assembler#165 but...you're right it's incomplete and lacks tests and obviously has bugs. |
It's definitely a worthy idea in certain scenarios. The alternative is just to add a |
|
☀️ Test successful - status-atomicjenkins |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The idea is that if the process is running as root, it can change
ownership of newly written files to match the owner of the repo.
Unfortunately, it currently applies in the other direction, too - a
non-root user writing to a root owned repository. If the repo is
writable by the user but owned by root, it can still create files and
directories there, but it can't change ownership of them.
This feature comes from
https://bugzilla.gnome.org/show_bug.cgi?id=738954. As it turns out, this
feature was never completed. It only works on content objects and not
metadata objects, refs, deltas, summaries, etc. Rather than try to fix
all of those, remove the feature until someone has interest in
completing it.