Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

Bundler binstubs executables permissions are hardcoded #1618

Closed
parameme opened this issue Jan 9, 2012 · 8 comments
Closed

Bundler binstubs executables permissions are hardcoded #1618

parameme opened this issue Jan 9, 2012 · 8 comments

Comments

@parameme
Copy link

parameme commented Jan 9, 2012

Hi people,

We have noticed that the bundler binstubs executables permissions seem to be hardcoded (0755) if I am reading the source right. Was there some deeper security issue here? Our FreeBSD operations team would like to be able to influence the group permissions at least (ie. making the directory and files group-writeable for example) - perhaps a commandline or config option in ~/.bundler/config ?

parameme
@ixti
Copy link
Contributor

ixti commented Aug 3, 2013

0755 is default permission mode for executables. If you want to restrict that - use umask. If you want to make directory group-writeable, create it before running binstubs.

@ixti ixti closed this as completed Aug 3, 2013
@v-yarotsky
Copy link
Contributor

Sorry for bumping old topic, but I'm still not sure what does 'default permission mode for executables' mean? Specifically, why bundler does not use 0777 & ~File.umask?

@indirect
Copy link
Member

indirect commented Jan 2, 2014

because that would be 493, which makes no sense to me as a permission mode...

@indirect
Copy link
Member

indirect commented Jan 2, 2014

(oops, my bad, wasn't converting it back to octal. sorry.)

@indirect
Copy link
Member

indirect commented Jan 2, 2014

Back to the problem at hand, where is Bundler setting the permissions of anything to 0755? I only see File.chmod((0777 & ~File.umask), destination) in git_proxy.rb.

@v-yarotsky
Copy link
Contributor

it does so here:
https://github.com/bundler/bundler/blob/b21e27cdf633777e0b93a789de7ff43f8d73bc1d/lib/bundler/installer.rb#L180

It doesn't really work well for me, as our app can be deployed by several devs with separate system accounts within one group, so it is group permissions what matters most.

@indirect
Copy link
Member

indirect commented Jan 3, 2014

Oh, I see. Yes, I agree that 0755 & ~File.umask is the correct behaviour. We should fix that.

On Jan 2, 2014, at 2:29 PM, v-yarotsky notifications@github.com wrote:

it does so here:
https://github.com/bundler/bundler/blob/b21e27cdf633777e0b93a789de7ff43f8d73bc1d/lib/bundler/installer.rb#L180

It doesn't really work well for me, as our app can be deployed by several devs with separate system accounts within one group, so it is group permissions what matters most.


Reply to this email directly or view it on GitHub.

@v-yarotsky
Copy link
Contributor

Cool, I'll open a pull request for that. Cheers! :)

@v-yarotsky v-yarotsky mentioned this issue Jan 3, 2014
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@indirect @ixti @parameme @v-yarotsky