Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only attempt to change file permissions when the user is the owner #67

Merged
merged 1 commit into from
Jul 13, 2023
Merged

Only attempt to change file permissions when the user is the owner #67

merged 1 commit into from
Jul 13, 2023

Conversation

JamesWrigley
Copy link
Member

@JamesWrigley JamesWrigley commented Jul 12, 2023
edited
Loading

Otherwise it will block other users from doing things like reprocessing runs or starting the listener under a different user, even if the permissions are already loose enough.

(cherry-picked from one of my giant branches)

@JamesWrigley JamesWrigley added the bug Something isn't working label Jul 12, 2023
@JamesWrigley JamesWrigley self-assigned this Jul 12, 2023
takluyver
takluyver reviewed Jul 13, 2023
View reviewed changes
damnit/backend/db.py Outdated
@@ -29,7 +30,8 @@ def __init__(self, path=DB_NAME):
log.debug("Opening database at %s", path)
self.conn = sqlite3.connect(path, timeout=30)
# Ensure the database is writable by everyone
os.chmod(path, 0o666)
if Path(path).owner() == getuser():
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if Path(path).owner() == getuser():
if Path(path).stat().st_uid == os.getuid():

This should be equivalent, but it avoids some possible failure modes from translating the numeric user ID into a readable username. I'm thinking of possibilities like the user who created it no longer exists on the system, or it's created from a user inside a container. It may not be possible at all, but it's easier to avoid the lookup than to figure out if it could really come up.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, good point; fixed in a938798.

@takluyver
Copy link
Member

Good catch! Other than my suggestion above about using numeric user IDs, this LGTM.

@JamesWrigley
Only attempt to change file permissions when the user is the owner
a938798 
Otherwise it will block other users from doing things like reprocessing runs or
starting the listener under a different user, even if the permissions are
already loose enough.
@JamesWrigley JamesWrigley merged commit d7fcdc9 into master Jul 13, 2023
1 check passed
@JamesWrigley JamesWrigley deleted the permissions branch July 13, 2023 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@takluyver takluyver takluyver left review comments

Assignees

@JamesWrigley JamesWrigley

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JamesWrigley @takluyver