-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
file.mkdir applying incorrect permissions #6033
Comments
I did some digging into the source code, specifically def mkdir(dir_path, user=None, group=None, mode=None):
directory = os.path.normpath(dir_path)
if not os.path.isdir(directory):
# turn on the executable bits for user, group and others.
# Note: the special bits are set to 0.
if mode:
mode = int(str(mode)[-3:], 8) | 0111
makedirs_perms(directory, user, group, mode) Once the mode has been manipulated to flick on the executable bits, it is left as an int and passed to
There are a couple of ways to fix this -
... after the line that flicks on the executable bits.
I'm not sure which is the better solution, particularly as I don't know if there's a standard in how mode values are represented inside these modules. I can also see someone coming along down the track wondering why their mode isn't being applied because it is the base-10 literal of the base-8 value, e.g. why doesn't mode=int(700) work (most likely when the int conversion is implicitly performed elsewhere). I hope this makes sense - I had to read it over a couple of times to make sure I wasn't mixing up the bases and even now I'm not sure. Doesn't help I don't know the proper words for describing numbers, bases and their representations! |
P.S. The reason why mode=755 'works' is because it is the default on Linux systems and because when it is interpreted as base-8 (i.e. 493 in base-10), it becomes an invalid value to pass to It might be worth checking the return value of |
We've tried to ensure that file modes are not interpreted as octals, it looks like this particular instance has slipped through however. Thanks for the report. |
This removes the last remaining octal-specific code from the file module. Fixes saltstack#6033.
Should be fixed in #6046. |
This removes the last remaining octal-specific code from the file module. Fixes #6033.
I'm not sure removing that chunk of code is a good idea - what happens when the file.managed state is used with makedirs: True? Where are the dir permissions calculated for that? (I had a look and got lost trying to find where makedirs is utilised - will have another look when I'm not so tired :) Also, here's another case of octal-specific code causing issues - https://github.com/saltstack/salt/blob/develop/salt/states/file.py#L1233 Finally, I still think it is a good idea for |
Original thread: https://groups.google.com/forum/#!topic/salt-users/ozjebLCvv04
If I run the following command on a system where none of the directories exist except the first directory (the number of subdirectories is irrelevant)...
I end up with each of the directories (except the first because it already exists) with 0457 permissions. This isn't right (obviously) and breaks things spectacularly as the owner of the directory is not able to traverse into it!
Here's are some tests with different mode combinations -
GOOD
BAD
Notice how mode 755 (also the default mode) works fine, but mode 700 or 750 doesn't.
This problem can be reproduced on Salt 0.15.9 and Salt 0.16.0.
The text was updated successfully, but these errors were encountered: