Dilemma using ostree as regular user, losing permission bits
- From: Tristan Van Berkom <tristan vanberkom codethink co uk>
- To: ostree <ostree-list gnome org>
- Subject: Dilemma using ostree as regular user, losing permission bits
- Date: Mon, 05 Jun 2017 18:49:33 +0900
Hi all,
I have a bit of a problem trying to use ostree as a regular (non
root) user and I wonder if there is a special sauce I can use to meet
my requirements, or if we need to make some changes and if so, whether
those changes would be acceptable for upstream OSTree.
I think my requirements are quite straight forward, so I'm pretty
surprised if this cannot be done already, the bare user repository mode
seems to be very very close.
What I basically need is:
A.) A user will never need to become root to access an ostree
repository
B.) Minimal data loss. I.e. we have to lose the ownership uid/gid and
accept the loss of xattrs.
C.) Sharing of OSTree repositories with peers (currently using the
existing ostree-push approach over ssh for this).
Originally, the bare user repository mode seemed like a good fit for
this, the docstring tells us:
Files are stored as themselves, except ownership; can be written by
user. Hardlinks work only in user checkouts
However things are more complex than this and I now find that the bare
user mode satisfies either requirement (A) or (B) above, depending on
whether user mode checkouts (OSTREE_REPO_CHECKOUT_MODE_USER) are used
at checkout time; but never satisfies both requirements simultaneously.
When a file is initially checked in to a bare user repository, the
ownership, permissions and xattrs are stored separately so they can be
checked out without any data loss by the root user (when _not_ using
the user mode checkout option).
At checkin time the actual objects for regular files (available for
hardlinking in user mode) have 0755 bits forced onto them. Using user
mode checkouts (of any repo mode); setuid/setgid bits are cleared
whenever hardlinking is not possible.
Using bare repositories works fine for both requirements (A) and (B),
assuming that the same user is committing and checking out files, but
then will fail for requirement (C), as far as I can see things will
break down as soon as a user on another computer attempts to checkout
from a cloned repository (in the case that their local uid differs from
the original committing user's uid).
Is there any way to achieve the above with the current implementation,
ideally using hardlinks at checkout time ?
What is the rationale behind forcing 0755 on all regular files in user
mode repos and clearing of setuid/setgid bits in user mode checkouts ?
(what software depends on this lossy behavior, and why ?)
Since this behavior has been in OSTree for over 2 years now I doubt
that it's possible to undo this, but at the same time it seems to me
undesirable yet another OstreeRepoMode option (although this might be
necessary ?)
Perhaps it would be more interesting to use "bare" repo mode for
regular users, but provide an option for overriding the uid/gid of
every file at ostree pull time ? This way a central repository could
store files as uid/gid 0, but regular users could pull to their own
mirrors while overriding the uid/gid in their local clones ?
Best Regards,
-Tristan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
