-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cargo unpacks files with too restrictive mode (breaking multi-user shared cargo registry) #3442
Comments
I believe those permissions are set in the package tarballs. |
Shall those tarballs be extracted not this literally? Maybe like in Git, it should only discriminate executable and non-executable, observing umask and sticky bits for other bits? If tarball contains suid-bit executables, will they also be unpacked with suid bit set? |
Yes currently tarballs are extracted using the support in the It seems reasonable to me (especially if there's precedent in git) to have Cargo extract respecting umask to allow having group-readable/writable files! |
Is there a chance somebody will address this issue? I was just hit by it in the pin-utils crate. Issue #2948 seems related too. |
There is also #9455 trying to make files read-only. Unfortunately some crates may depend on preserved file permissions already. One way to solve is to handle only |
I too am noticing this behavior that is preventing me from setting up a shared directory workspace for our dev team. ACLs won't solve this either. Any help would be greatly appreciated!
|
I share cargo home directory between multiple user accounts and want to use
cargo install
from both uids. For this I want all Rust-related things to be group-writable.But despite of umask is
0002
(new files are group-writable by default) and all directories have modeg+rwxs
, some files unpacked by Cargo get usual boring mode644
, preventing clearing directories from other user later.For example, now I see
Why files inside the
clippy-0.0.104
directory get restrictive permissions when everything else is group-writable? Should Cargo avoid walling non-security-related files against other users when umask is explicitly configured not to do so?The text was updated successfully, but these errors were encountered: