Add checks for files with read permissions too narrow

[villasv]

This is not a problem I perceived directly, but got as feedback from the data science team.

Let's say someone on the team mistakenly ran dvc repro with sudo, generating output files that have strict read permissions. This person then pushes the hashes to git remote and the files to dvc remote. Now the rest of the team can't reproduce the pipeline without sudoeing out the wrong permissions first. To prevent this from happening, it would be cool if DVC issued a warning for files being pushed with weird permissions.

[efiop]

Hi @villasv !

Long time no see 😉

I suppose they are using local or ssh remote, right? Or are they using shared cache dir?

[villasv]

IIRC they're using a combination of shared cache dir and s3 remotes, but mostly S3. Does pushing/pulling the file to to/from S3 remote unset those permissions? Didn't think about it, but makes sense. So they might be having trouble with the shared dir, or they're attempting to change protected hardlinks and misdiagnosed the problem.

[efiop]

@villasv Yeah, s3 doesn't preserve the regular fs permissions, so the issue is clearly on the cache dir side. Also, I wonder if they use dvc config cache.shared group setting?

[villasv]

If it's not default, probably not. My bet is on the "attempting to change protected files" side. I'm going to leave the feature suggestion if it can be useful for people using the shared cache settings.