Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add umask option for mount module #209

Open
wants to merge 14 commits into
base: main
Choose a base branch
from

Conversation

satken2
Copy link

@satken2 satken2 commented Jun 12, 2021

SUMMARY

I added mode option for mount module.
When this module creates new directories for mount point, this value is used as permission of the directory.

Fixes #163, #178

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME
  • mount
ADDITIONAL INFORMATION

When we want to set specific permission to the mount point directory, we can use file module.
However once the filesystem is mounted, the underlying directory is nearly inaccessible, and cannot be modified by file module.
This is a bit inconvenient, so I added mode option so that permission can be set before actual mount operation.

In #163, author requests to add umask option but when the mount point does not exist, this module creates directories, not files. So I think mode is more appropriate than umask.

@satken2 satken2 marked this pull request as ready for review June 13, 2021 01:06
changelogs/fragments/209_add_mode_for_mount.yml Outdated Show resolved Hide resolved
plugins/modules/mount.py Outdated Show resolved Hide resolved
plugins/modules/mount.py Outdated Show resolved Hide resolved
plugins/modules/mount.py Outdated Show resolved Hide resolved
@Akasurde
Copy link
Member

cc @quidame @aminvakil @justjais

Copy link
Contributor

@aminvakil aminvakil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this feature!

# Set permissions to the newly created mount point.
if mode is not None:
try:
changed = module.set_mode_if_different(name, mode, changed)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not work on non-Linux operating systems? I've seen you run integration tests only on Linux systems when it was using chmod, I don't know about this function.
If so, please also mention this on parameter notes, and maybe warn user when the target os is not Linux?

@@ -332,3 +332,44 @@
- /tmp/myfs.img
- /tmp/myfs
when: ansible_system in ('Linux')

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a integration test which uses something like u+rw,g-wx,o-rwx or u=rw,g=r,o=r.

@quidame
Copy link
Contributor

quidame commented Jun 14, 2021

Hi @satken2, thanks for your contribution !

IMHO, this PR doesn't fix #163, as said in its description: the new parameter only applies to the mountpoint itself, not its parents, even if they're created by the module, that means that if /srv is empty and the user wants to mount some device at /srv/foo/bar/public with a public access to it (say mode: u=rwx,go=rx), this mountpoint will still be unreachable by most users because /srv/foo and /srv/foo/bar got mode 0700.

@quidame
Copy link
Contributor

quidame commented Jun 15, 2021

In #163, author requests to add umask option but when the mount point does not exist, this module creates directories, not files. So I think mode is more appropriate than umask.

I think there is a confusion here. umask applies to both files and directories. To directories, with the exact value of the mask; to files, with the value of the mask and by zeroing all executable bits.

@satken2
Copy link
Author

satken2 commented Jun 20, 2021

@quidame Thank you for your advice. Certainly, when creating directories recursively, I have to set permissions on all directories to resolve #163, as you point out. So I will fix my code.

I think there is a confusion here. umask applies to both files and directories. To directories, with the exact value of the mask; to files, with the value of the mask and by zeroing all executable bits.

The mount module only creates directories, so I don't think it is necessary to consider creating files, I guess.
So I added mode option.

loop:
- /tmp/myfs.img
- /tmp/myfs
when: ansible_system in ('Linux')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this restriction ? Does the new mode parameter not support other OSes ?

@quidame
Copy link
Contributor

quidame commented Jun 21, 2021

The mount module only creates directories, so I don't think it is necessary to consider creating files, I guess.
So I added mode option.

There is no need to create files to use umask. It applies to almost any file (regular files, directories, unix sockets, named pipes or fifos, character devices...) except symlinks, at creation time. Even if at the end it doesn't change anything to your code, please consider umask as a plausible option. It seems that you have discarded it on a misunderstanding.

For me, mode sounds more like something I (user) would have control over, at any time, not only at creation time. (ok, in this case, not at any time, but this could be every time the underlying directory used as mountpoint is not mounted, and exposed/unhidden). At least 2 modules make use of umask (https://github.com/ansible/ansible/blob/ec408a69f19052190f1766a357c882fc86cfeada/lib/ansible/modules/git.py#L136-L141, https://github.com/ansible/ansible/blob/ec408a69f19052190f1766a357c882fc86cfeada/lib/ansible/modules/pip.py#L106-L114). I don't know if there are modules using mode in a one-shot way, that is the purpose of umask, and if there are, I would probably consider them as confusing, and still suggest: please consider umask for this new option. If a contributor needs mode to implement mode of the root of the mounted filesystem, and mode is already used for something else that behaves like umask rather than mode, what to do ?

@satken2 satken2 changed the title Add mode option for mount module Add umask option for mount module Jun 27, 2021
Copy link
Contributor

@quidame quidame left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please update the changelog fragment - at least the name of the new parameter :); also, I don't understand the consecutive calls to os.umask(umask). All the rest looks good to me.

changelogs/fragments/209_add_mode_for_mount.yml Outdated Show resolved Hide resolved
except ValueError as e:
module.fail_json(msg="umask must be an octal integer: %s" % (to_native(e)))
old_umask = os.umask(umask)
os.umask(umask)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the purpose of calling os.umask(umask) twice ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, it's my mistake.

Co-authored-by: quidame <quidame@poivron.org>
@satken2
Copy link
Author

satken2 commented Jun 28, 2021

@quidame Thank you for your polite explanation and suggestion.
I have understood your intentions and changed my code to use umask instead of mode.

@verdurin
Copy link

I think this will solve the problem I recently saw when creating CephFS mounts with posix.mount, so I will be happy to see it merged.

If the mount point already exists, this parameter is not used.
- Note that after running this task and the device being successfully mounted,
the mode of the original directory will be hidden by the target device.
type: raw
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would change this to a 'strict string' to avoid all the 'octal/int' issues as we had to go through with mode in other modules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

umask option for the ansible.posix.mount module
6 participants