[RFC] per-branch umask

John Arbash Meinel john at arbash-meinel.com
Sat Dec 17 14:08:53 GMT 2005 

James Blackwell wrote:
> On Tue, Dec 13, 2005 at 12:55:04PM -0600, John Arbash Meinel wrote:
> 
>>We would like to have a shared public branch, which means the files need
>>to be group writeable. However, in our home directories, I don't want to
>>let everyone read my files, so my default umask is 0022.
> 
> 
> Did you try uploading the branch to directory that is group suid?
> 

The problem with the group sticky bit is that it just sets the group, it
doesn't set the writable bit. Which means if you don't set your umask,
you have to periodically run a chmod -R g+w *, if any directories had
been created. CVS definitely suffers from this.
Arch suffered a little from this. As long as you reused existing
branches, as long as the sticky bit was set, the group stayed correct,
and most default umasks allow group read. Which meant that once you did
a chmod -R g+sw *, the base directory was group writable, so users could
add new patches. And they would create group readable directories, so
other users could read them.
But as soon as you created a new branch, you would most likely prevent
anyone else from committing to that branch.
Bzr suffers more, because it creates and reuses a bunch of directories
(all of the revision-store/aa, bb, fe, etc directories). So if you set
the sticky bit right now, other people will be able to read, and they
*might* be able to commit. Depending on the first byte of the adler
checksum of their revision id. The best part is because the revision id
is random, the chance of failure is also random. And the probability is
equal to the number of directories under revision-store (and weave-store).
So you may be able to commit 3 times, then fail 1 time, but if you just
retry, it will commit.
That would be extremely frustrating. Ghosts in the machine.


Here is a test, to make sure the sticky bit does what I think it does:

$ mkdir foo
$ ll -d foo
drwxr-xr-x  2 jameinel jameinel 48 Dec 17 07:54 foo/
$ chown .users foo
$ ll -d foo
drwxr-xr-x  2 jameinel users 48 Dec 17 07:54 foo/
$ touch foo/baz
$ ll foo/baz
-rw-r--r--  1 jameinel jameinel 0 Dec 17 07:56 foo/baz

So obviously without the sticky bit, the file is created with my default
group. So lets set the sticky bit.

$ chmod g+sw foo
$ touch foo/bar
$ ll foo/
-rw-r--r--  1 jameinel users    0 Dec 17 07:58 bar
-rw-r--r--  1 jameinel jameinel 0 Dec 17 07:56 baz

So the group is now correct, but it still doesn't have the write bit.
$ umask 0002
$ touch foo/spam
$ ll foo/
-rw-r--r--  1 jameinel users    0 Dec 17 07:58 bar
-rw-r--r--  1 jameinel jameinel 0 Dec 17 07:56 baz
-rw-rw-r--  1 jameinel users    0 Dec 17 07:58 spam

Only by changing the umask will it create things with the write bit.
Even for directories, they inherit the sticky bit, but not the write bit.

$ umask 0022
$ mkdir foo/eggs
$ ll foo/
-rw-r--r--  1 jameinel users     0 Dec 17 07:58 bar
-rw-r--r--  1 jameinel jameinel  0 Dec 17 07:56 baz
drwxr-sr-x  2 jameinel users    48 Dec 17 07:59 eggs/
-rw-rw-r--  1 jameinel users     0 Dec 17 07:58 spam


John
=:->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20051217/f09db9a8/attachment.pgp

More information about the bazaar mailing list