Issue #7726
closed
Pulp2 sets 644 on the files which makes it impossible for the group to create hard links
Description
These are the current permissions on the files in pulp2
ll /var/lib/pulp/content/units/rpm/ff/9be87993b8e77a5d71ecd04cbbaa7a0386d01a068e3365e05eba20836ecee9/
total 4
-rw-r--r--. 1 apache pulp 1869 Oct 20 16:53 whale-0.2-1.noarch.rpm
Pulp group can only read the file, however if you want to create a hard link you need to have write permission on the file. Pulp tries to create a hard link and fails. This blocks migration.
Updated by ipanova@redhat.com over 3 years ago
- Priority changed from Normal to Urgent
Updated by ipanova@redhat.com over 3 years ago
- Subject changed from Pulp2 sets 644 on the files which makes it impossible to create hard links to Pulp2 sets 644 on the files which makes it impossible for the group to create hard links
Updated by ggainey over 3 years ago
See https://unix.stackexchange.com/questions/377676/why-can-i-not-hardlink-to-a-file-i-dont-own-even-though-i-can-move-it for an explanation of all the things that have to be true, before one can make a hard-link to a file. On a CentOS7 box (for example), 'protected hardlinks' is 'true':
$ uname -r
3.10.0-1127.el7.x86_64
$ sudo cat /proc/sys/fs/protected_hardlinks
1
The crux of the problem in the migration case, is that Pulp3 (running as the 'pulp' user) wants to make a hard-link to a file created by Pulp2 (running as the 'apache' user). The apache daemon runs with a UMASK of 022, which means it creates files with permissions 644. This results in Pulp3 failing to create hardlinks, since the 'pulp' user in the 'pulp' group needs to have write-access, and only the 'apache' user does.
Fixing this requires us to change the context in which pulp-code is running under the apache user, to have a UMASK of 002.
Updated by ggainey over 3 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ggainey
- Priority changed from Urgent to High
- Platform Release set to 2.21.4
Updated by ggainey over 3 years ago
- Status changed from ASSIGNED to POST
Added by ggainey over 3 years ago
Updated by ggainey over 3 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulp|79b6195814a67543c5cd14b21c0b2aa291b911ef.
Added by ggainey over 3 years ago
Revision 6bdd0f35 | View on GitHub
Taught pulp-workers to have a umask of 002 instead of 022.
fixes #7726
(cherry picked from commit 79b6195814a67543c5cd14b21c0b2aa291b911ef)
Updated by ggainey over 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
.
Taught pulp-workers to have a umask of 002 instead of 022.
fixes #7726