Project

Profile

Help

Issue #7726

closed

Pulp2 sets 644 on the files which makes it impossible for the group to create hard links

Added by ipanova@redhat.com almost 4 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
2.21.4
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

These are the current permissions on the files in pulp2

ll /var/lib/pulp/content/units/rpm/ff/9be87993b8e77a5d71ecd04cbbaa7a0386d01a068e3365e05eba20836ecee9/
total 4
-rw-r--r--. 1 apache pulp 1869 Oct 20 16:53 whale-0.2-1.noarch.rpm

Pulp group can only read the file, however if you want to create a hard link you need to have write permission on the file. Pulp tries to create a hard link and fails. This blocks migration.

Actions #1

Updated by ipanova@redhat.com almost 4 years ago

  • Priority changed from Normal to Urgent
Actions #2

Updated by ipanova@redhat.com almost 4 years ago

  • Subject changed from Pulp2 sets 644 on the files which makes it impossible to create hard links to Pulp2 sets 644 on the files which makes it impossible for the group to create hard links
Actions #3

Updated by ipanova@redhat.com almost 4 years ago

  • Description updated (diff)
Actions #4

Updated by ggainey almost 4 years ago

See https://unix.stackexchange.com/questions/377676/why-can-i-not-hardlink-to-a-file-i-dont-own-even-though-i-can-move-it for an explanation of all the things that have to be true, before one can make a hard-link to a file. On a CentOS7 box (for example), 'protected hardlinks' is 'true':

$ uname -r
3.10.0-1127.el7.x86_64
$ sudo cat /proc/sys/fs/protected_hardlinks
1

The crux of the problem in the migration case, is that Pulp3 (running as the 'pulp' user) wants to make a hard-link to a file created by Pulp2 (running as the 'apache' user). The apache daemon runs with a UMASK of 022, which means it creates files with permissions 644. This results in Pulp3 failing to create hardlinks, since the 'pulp' user in the 'pulp' group needs to have write-access, and only the 'apache' user does.

Fixing this requires us to change the context in which pulp-code is running under the apache user, to have a UMASK of 002.

Actions #5

Updated by ggainey almost 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ggainey
  • Priority changed from Urgent to High
  • Platform Release set to 2.21.4
Actions #6

Updated by ggainey almost 4 years ago

  • Status changed from ASSIGNED to POST

Added by ggainey almost 4 years ago

Revision 79b61958 | View on GitHub

Taught pulp-workers to have a umask of 002 instead of 022.

fixes #7726

Actions #7

Updated by ggainey almost 4 years ago

  • Status changed from POST to MODIFIED

Added by ggainey over 3 years ago

Revision 6bdd0f35 | View on GitHub

Taught pulp-workers to have a umask of 002 instead of 022.

fixes #7726

(cherry picked from commit 79b6195814a67543c5cd14b21c0b2aa291b911ef)

Actions #8

Updated by ggainey over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF