File permissions after FTP push
Vincent Ladeuil
v.ladeuil+lp at free.fr
Thu Mar 5 08:53:40 GMT 2009
>>>>> "Lukas" == Lukas Zapletal <lukas91 at zapletalovi.com> writes:
>> Your ftp server forbids anonymous users to read the files
>> you upload by default, you chose a different approach,
>> fine, but under different contexts replicating the local
>> permissions to the remote site may not make sense or even
>> be dangerous.
Lukas> Well its not like that. My server allows that. I thing
Lukas> this is the situation:
Lukas> 1) I nave my umask set that all newly created
Lukas> dirs/files are not readable by group or other
Lukas> (700/600)
Server side or client side ?
Lukas> 2) My repo was created with these permissions (of
Lukas> course)
Well, I think the root problem is that "of course" is not obvious
for everybody here :)
Lukas> 3) I have pushed my branch to a FTP site and Bazaar
Lukas> sets permissions with SITE CHMOD commands to
Lukas> 700/600. Thats ok.
Lukas> 4) Apache (HTTP) cannot read those files then.
Lukas> I think the only "problem" is with explicit setting of
Lukas> permissions on the FTP server. In the Midnight
Lukas> Commander for example I have the possibility to untick
Lukas> [x] Keep attributes (or something like that). In
Lukas> Bazaar its not possible AFAIK.
First, bzr tracks only the executable bit as a versioned
property.
Then we try to address problems encountered on the server side by
obeying what mode bits we found there (see
bzrlib.bzrdir.BzrDir._find_creation_modes) and apply that to all
dirs and files in the .bzr hierarchy.
Lukas> It would be nice to have this feature in the
Lukas> authorization.conf - something like default_perms. It
Lukas> could be used by users in such situations described
Lukas> above.
Given that we need support from the server side to reliably
implement that, authentication.conf sounds like the right place
(locations.conf and branch.conf being more targeted at the local
side of things).
On the other hand, finding the right place to acquire that
setting may not be obvious, the transport layer seems like the
appropriate place to do that and a transport is indeed available
in _find_creation_modes(), so that may work.
Feedback from the list welcome !
Lukas> I you agree I could submit some feature request. Or
Lukas> maybe I can try to make a patch ;-)
That would be awesome !
Vincent
More information about the bazaar
mailing list