allow other users to write to mix_pubsub and mix_lock folders #14171
Conversation
lib/mix/lib/mix/sync/lock.ex
Outdated
| defp init_base_path(path) do | ||
| File.mkdir_p!(path) | ||
| # ensure other users can write to the directory | ||
| _ = File.chmod(path, 0o777) |
There was a problem hiding this comment.
What if this fails? Because another user has created this directory?
There was a problem hiding this comment.
that's why I ignore the return value. I assume that the user that initially creates the folder has the necessary permissions.
There was a problem hiding this comment.
Right, but the reason we have a report is exactly because the permissions are confusing. What if we generate a single directory like this: "mix-lock-#{user}-#{hash}". If we don't want to want to have the user there, we could urlbase64 it? Thoughts @jonatanklosko?
There was a problem hiding this comment.
perhaps we should change the dir name in both cases to _2 suffix to not conflict with previous dirs created by Elixir? And if the dir is created by someone else then raising probably makes sense.
There was a problem hiding this comment.
the reason we have a report is exactly because the permissions are confusing
I reproduced the problem in docker to make sure these changes work, but I don't have any objections to use multiple directories instead.
There was a problem hiding this comment.
@jonatanklosko I think the safest would be to have one directory per user, then we don't have to worry about anything else. It is unlikely different users are sharing the same compilation, right?
SteffenDE
force-pushed
the
sd-mix-pubsub-chmod
branch
from
a0d2edb to
1e80d57
Compare
|
Changed to use separate paths per user. To reproduce: broken on 1.18.1: docker run --rm -it ubuntu:jammy sh -c "apt update && apt -y install git curl unzip sudo && \
curl -fsSO https://elixir-lang.org/install.sh && \
sh install.sh [email protected] [email protected] && \
installs_dir=\$HOME/.elixir-install/installs && \
export PATH=\$installs_dir/otp/27.2/bin:\$PATH && \
export PATH=\$installs_dir/elixir/1.18.1-otp-27/bin:\$PATH && \
chmod -R 777 /root/ && \
useradd foo && \
mix new project1 && \
cd project1 && \
mix compile && \
cd / && \
chmod 777 / && \
sudo -u foo sh -c 'export PATH=/root/.elixir-install/installs/elixir/1.18.1-otp-27/bin:\$PATH && export PATH=/root/.elixir-install/installs/otp/27.2/bin:\$PATH && mix new project2 && cd project2 && mix compile'
"works with the changes: docker run --rm -it ubuntu:jammy sh -c "apt update && apt -y install git curl unzip build-essential sudo && \
curl -fsSO https://elixir-lang.org/install.sh && \
sh install.sh [email protected] [email protected] && \
installs_dir=\$HOME/.elixir-install/installs && \
export PATH=\$installs_dir/otp/27.2/bin:\$PATH && \
chmod -R 777 /root/ && \
git clone --depth 1 --branch sd-mix-pubsub-chmod https://github.com/SteffenDE/elixir.git && \
cd elixir && \
make compile && \
export PATH=/elixir/bin:\$PATH && \
useradd foo && \
mix new project1 && \
cd project1 && \
mix compile && \
cd / && \
chmod 777 / && \
sudo -u foo sh -c 'export PATH=/elixir/bin:\$PATH && export PATH=/root/.elixir-install/installs/otp/27.2/bin:\$PATH && mix new project2 && cd project2 && mix compile'
" |
|
💚 💙 💜 💛 ❤️ |
Fixes #14168.