darcs

Issue 1185 default umask for files created by darcs push through ssh

Title default umask for files created by darcs push through ssh
Priority feature Status needs-reproduction
Milestone Resolved in
Superseder Nosy List attila.lendvai, darcs-devel, dmitry.kurochkin, ganesh, kowey, thorkilnaur
Assigned To
Topics

Created on 2008-10-29.17:30:50 by attila.lendvai, last changed 2009-10-23.23:48:44 by admin.

Messages
msg6521 (view) Author: attila.lendvai Date: 2008-10-29.17:30:47
it's a typical use-case that a unix server is used for sharing a darcs repo.
unix groups are created for each project, and members are added to the group.

the problem is that by default most systems don't include group write permission
in the default umask, so darcs creates non-group-writable files when a darcs
push operation creates a file on the server.

there are two solutions for this currently:
   1. add the line "apply umask 0002" to _darcs/prefs/defaults
   2. add the line "apply umask 0002" to ~/.darcs/defaults

but this is a lot of headache if you have 30+ projects and 30+ users on a server...

one possible solution would be a /etc/something (or some other means) to control
system-wide defaults for darcs. another solution would be to use 0002 as the
default umask.

i think i'd do both. the rationale for the default is that this is by far the
most common use-case, and those few for whom it's not good they can override it.
msg6594 (view) Author: ganesh Date: 2008-11-05.11:50:07
A 0002 default means defaulting to insecure, which is very dangerous - on
systems without "user private groups", it could lead to people's private
repositories becoming writable by any user on the system.
msg8356 (view) Author: kowey Date: 2009-08-22.16:16:37
OK, summarising: lots of users makes the ~/.darcs/defaults solution impractical
as does lots of repositories.  The default 0002 solution is unsafe.

This leaves us with the option of implementing some sort of system-wide
configuration.

Are there any alternatives?

How do other revision control systems deal with this situation?  Could somebody
go research this and report back?
History
Date User Action Args
2008-10-29 17:30:50attila.lendvaicreate
2008-11-05 11:50:09ganeshsetstatus: unread -> unknown
nosy: + ganesh
messages: + msg6594
2009-08-10 23:49:55adminsetnosy: - dagit
2009-08-22 16:16:39koweysetstatus: unknown -> needs-reproduction
nosy: kowey, ganesh, attila.lendvai, simon, thorkilnaur, dmitry.kurochkin
messages: + msg8356
2009-08-25 17:33:03adminsetnosy: + darcs-devel, - simon
2009-08-27 14:29:39adminsetnosy: kowey, darcs-devel, ganesh, attila.lendvai, thorkilnaur, dmitry.kurochkin
2009-10-23 22:34:45adminsetnosy: + attila_lendvai, - attila.lendvai
2009-10-23 23:48:44adminsetnosy: + attila.lendvai, - attila_lendvai