Expose command line option to configure umask for directories and files #190
Conversation
|
The test/lint check fail on code I haven't touched, so I guess is failing the same way in the master branch too |
|
I've fixed this in master (sorry about that) and also raised the min Go version to 1.15. Unfortunately you haven't enabled maintainer edits, so I'm unable to push the fixed commits. Can you please enable that? Thanks! |
I've checked "Allow edits by maintainers" flag ... Should I do anything more ? |
|
Hm, no, that's exactly the setting. Maybe I did something wrong? I'll have a look |
fd0
force-pushed
the
filemode-dirmode-option-support
branch
from
408aa04
to
2624163
Compare
|
Sigh, PEBKAC, I tried to push to your "restic" repo, instead of the "rest-server" repo. 😁 |
|
In my env it didn't fail to build on Go 1.15 and io/fs is not present in the source code |
|
I reworked your diff cause it has lost (a rebase?) my last commit |
|
Hi @fd0 do you think there's need for other changes in the diff ? |
|
@mlusetti I think fd0 intentionally removed the "make it go 1.14 buildable" commit as it is no longer necessary after rebasing to the current master branch. |
Thanks for your pointer but as far as I can see io/fs package is not in GOROOT in 1.15 too ... Am I missing something ? |
|
Is there anything that I could help with to get this PR merged? I could use this patch for a situation very similar to @mlusetti . I am trying to backup the restic files from a user that is different than the rest-server's user. Being able to set new file permissions to Thanks so much for everyone's efforts thus far on this patch and Restic in general! |
|
Any news on this one ? To me is a simple diff which don't introduce backward incompatibilities nor change any default behaviors. Thanks |
|
I'm so stupid. I asked over two months ago in #189 what the more specific use case was, which @mlusetti kindly answered. @MichaelEischer also commented. But I looked for an answer here in this PR. So, the use case is to be able to let groups read the repository files. This is pretty much in line with a similar change introduced in restic here: https://github.com/restic/restic/pull/3419/files - it allows for group access to the repository files. Generally speaking our preference would be to have the same behavior here in rest-server to what we have there in restic, or at least restrict the options to the current default and group-readable. We feel the PR as it is now is too allowing basically, we'd like to meet the specific use case instead of opening up to potential mishaps, at least for now. |
directories and files add a changelog as requested by pull checklist make it go1.14 buildable expose command line option to configure umask for directories and files implement "group readable repos" instead of custom DirMode & FileMode
mlusetti
force-pushed
the
filemode-dirmode-option-support
branch
from
ccbb37c
to
843b03c
Compare
|
Tried to rebase commits since a lot has gone through master since the initial PR. |
There was a problem hiding this comment.
I'd prefer to grant the users groups both read and write access. By setting a corresponding umask it should still be possible to prevent those groups from actually being able to write to the repository storage.
regarding the option name @rawtaz suggested a few possible variants like: --group-access, --group-accessible, --group-accessible-repos or --group-repos. I'd also throw in an additional --group-accessible-data. What do you think?
| } | ||
| if opt.FileMode == 0 { | ||
| opt.FileMode = DefaultFileMode | ||
| // if opt.dirMode == 0 { |
There was a problem hiding this comment.
I don't think we need these comments.
| const DefaultFileMode os.FileMode = 0600 | ||
|
|
||
| // GroupReadableDirMode is the file mode used for directory creation if group readable | ||
| const GroupReadableDirMode os.FileMode = 0750 |
There was a problem hiding this comment.
I'd prefer 0770 and 0660 an leave further restrictions to the umask used to run rest-server.
| FsyncWarning *sync.Once | ||
| FsyncWarning *sync.Once | ||
|
|
||
| // If set, we will panic when an internal server error happens. This |
There was a problem hiding this comment.
That comment doesn't look like it belongs here.
|
Hi there, was the current state of this PR? I guess this PR would fix this because i can now use my shared group permissions to access the files. Thanks |
|
@mlusetti Are you still interested in finishing this PR? Or does someone else want to take over? |
Yep, currently I'm using a slightly modified version of the patch that suit my needs. I can try to see if I've some spare cycle, no guarantees. If anyone faster that would be nice too. |
Just open a new PR once you're ready and refer to this one. Then I'll close the old one. |
What is the purpose of this change? What does it change?
This will fix #189
Was the change discussed in an issue or in the forum before?
I proposed in #189
Checklist
changelog/unreleased/that describes the changes for our users (template here)gofmton the code in all commits