Page MenuHomePhabricator
Differential D11819

Add phd.umask option to set umask for phd daemons
AbandonedPublic
Actions

Authored by vinzent on Feb 19 2015, 10:18 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 1, 11:46 PM
Unknown Object (File)
Mon, Apr 1, 9:53 AM
Unknown Object (File)
Fri, Mar 29, 10:33 PM
Unknown Object (File)
Fri, Mar 29, 9:11 AM
Unknown Object (File)
Mar 16 2024, 8:51 AM
Unknown Object (File)
Mar 5 2024, 11:00 AM
Unknown Object (File)
Feb 6 2024, 12:08 AM
Unknown Object (File)
Feb 5 2024, 8:08 PM
View All Files
Subscribers
epriestley

Details

Reviewers
epriestley
Group Reviewers
Blessed Reviewers
Summary

Some systems have a restrictive default umask of 077 which removes group read rights from newly created repositories. This prevents the apache user from accessing the files/directories.

The phd.umask option lets a user override the systems umask for the phd processes.

Test Plan
  • set phd.umask to 027 (octal)
  • check with gdb (call umask(0)) that the Taskmaster process has umask 23 (integer)
  • restart daemons, create new repo, check that newly created repo has group read rights
  • remove phd.umask config, restart daemons, check with gdb that the daemons have system umask (077, octal) again

Diff Detail

Repository
rP Phabricator
Branch
phd_umask
Lint
Lint Errors
SeverityLocationCodeMessage
Errorsrc/applications/settings/panel/PhabricatorAccountSettingsPanel.php:67PHL1Unknown Symbol
Errorsrc/infrastructure/env/PhabricatorEnv.php:138PHL1Unknown Symbol
Errorsrc/infrastructure/env/PhabricatorEnv.php:139PHL1Unknown Symbol
Errorsrc/infrastructure/internationalization/translation/PhabricatorBritishEnglishTranslation.php:4PHL1Unknown Symbol
Errorsrc/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php:4PHL1Unknown Symbol
Errorsrc/infrastructure/internationalization/translation/PhabricatorVeryWowEnglishTranslation.php:4PHL1Unknown Symbol
Unit
No Test Coverage
Build Status
Buildable 4561
Build 4575: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

vinzent updated this revision to Diff 28488.Feb 19 2015, 10:18 AM
vinzent retitled this revision from to Add phd.umask option to set umask for phd daemons.
vinzent updated this object.
vinzent edited the test plan for this revision. (Show Details)
Herald added a reviewer: Blessed Reviewers. · View Herald TranscriptFeb 19 2015, 10:18 AM
Herald added a subscriber: epriestley. · View Herald Transcript
epriestley requested changes to this revision.May 17 2015, 2:34 PM
epriestley added a reviewer: epriestley.

See T7475. See T8227.

  • The lint errors are your fault, and the message includes instructions on how to resolve them. Specifically, your libphutil/ is out of date. Refer to the first bullet point in the message.
  • Unless you have a very compelling, bizarre use case, this should always use a 022 umask.
  • This should apply to all libphutil daemons, not only those launched via Phabricator. The right place to set this is probably the startup phase of PhutilDaemonOverseer.
This revision now requires changes to proceed.May 17 2015, 2:34 PM
vinzent added a comment.May 18 2015, 10:55 AM

resetting umask without an option as stated in T7475 would work too.

I would not set umask 022 for repository data. 022 is IMHO a workaround for not correctly using groups.

I'll support your wish for not introducing new options. But on different companys there are different (required) standards for umasks. Some are on the easy path (022 ok) and some are on the paranoid side (077).

vinzent abandoned this revision.Apr 21 2016, 7:03 PM

Revision Contents
Changeset List

PathSize
scripts/
daemon/
5 lines
src/
applications/
config/
option/
7 lines

Diff 28488

View Options

scripts/daemon/launch_daemon.php

Loading...
View Options

src/applications/config/option/PhabricatorPHDConfigOptions.php

Loading...
Phabricator · Built by Phacility