Project

Profile

Help

Issue #7726

Pulp2 sets 644 on the files which makes it impossible for the group to create hard links

Added by ipanova@redhat.com 7 months ago. Updated 6 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
2.21.4
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

These are the current permissions on the files in pulp2

ll /var/lib/pulp/content/units/rpm/ff/9be87993b8e77a5d71ecd04cbbaa7a0386d01a068e3365e05eba20836ecee9/
total 4
-rw-r--r--. 1 apache pulp 1869 Oct 20 16:53 whale-0.2-1.noarch.rpm

Pulp group can only read the file, however if you want to create a hard link you need to have write permission on the file. Pulp tries to create a hard link and fails. This blocks migration.

Associated revisions

Revision 79b61958 View on GitHub
Added by ggainey 7 months ago

Taught pulp-workers to have a umask of 002 instead of 022.

fixes #7726

Revision 6bdd0f35 View on GitHub
Added by ggainey 6 months ago

Taught pulp-workers to have a umask of 002 instead of 022.

fixes #7726

(cherry picked from commit 79b6195814a67543c5cd14b21c0b2aa291b911ef)

History

#1 Updated by ipanova@redhat.com 7 months ago

  • Priority changed from Normal to Urgent

#2 Updated by ipanova@redhat.com 7 months ago

  • Subject changed from Pulp2 sets 644 on the files which makes it impossible to create hard links to Pulp2 sets 644 on the files which makes it impossible for the group to create hard links

#3 Updated by ipanova@redhat.com 7 months ago

  • Description updated (diff)

#4 Updated by ggainey 7 months ago

See https://unix.stackexchange.com/questions/377676/why-can-i-not-hardlink-to-a-file-i-dont-own-even-though-i-can-move-it for an explanation of all the things that have to be true, before one can make a hard-link to a file. On a CentOS7 box (for example), 'protected hardlinks' is 'true':

$ uname -r
3.10.0-1127.el7.x86_64
$ sudo cat /proc/sys/fs/protected_hardlinks
1

The crux of the problem in the migration case, is that Pulp3 (running as the 'pulp' user) wants to make a hard-link to a file created by Pulp2 (running as the 'apache' user). The apache daemon runs with a UMASK of 022, which means it creates files with permissions 644. This results in Pulp3 failing to create hardlinks, since the 'pulp' user in the 'pulp' group needs to have write-access, and only the 'apache' user does.

Fixing this requires us to change the context in which pulp-code is running under the apache user, to have a UMASK of 002.

#5 Updated by ggainey 7 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ggainey
  • Priority changed from Urgent to High
  • Platform Release set to 2.21.4

#6 Updated by ggainey 7 months ago

  • Status changed from ASSIGNED to POST

#7 Updated by ggainey 7 months ago

  • Status changed from POST to MODIFIED

#8 Updated by ggainey 6 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF