Opened 2 months ago

Closed 2 months ago

Last modified 11 days ago

#31496 closed defect (fixed)

Mixed file ownership prevents updating snowflake.torproject.org files

Reported by: dcf Owned by:
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, cohosh, phw, dcf Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I was just now trying to redeploy the badge using the instructions at

https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/proxy/README.md?id=0ef7c6f1fa6abc5ffeff455be0143efce0adb207#n44

But the rsync fails with "Permission denied" errors:

snowflake/proxy$ rsync --delete -crv build/ staticiforme:/srv/snowflake.torproject.org/htdocs/
sending incremental file list                          
embed.css                                              
embed.html                                             
embed.js                                               
index.html                                             
popup.js                                               
rsync: delete_file: unlink(assets/status-running.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-on@3x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-on@2x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-on.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-off@3x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-off@2x.png) failed: Permission denied (13)
rsync: delete_file: unlink(assets/status-off.png) failed: Permission denied (13)
_locales/                                              
_locales/en_US/                                        
_locales/en_US/messages.json                           
assets/arrowhead-right-12.svg                          
assets/arrowhead-right-dark-12.svg                     
assets/status-off-dark.svg
assets/status-off.svg
assets/status-on-dark.svg
assets/status-on.svg
assets/status-running.svg
assets/toolbar-off-48.png
assets/toolbar-off-96.png
assets/toolbar-off.svg
assets/toolbar-on-48.png
assets/toolbar-on-96.png
assets/toolbar-on.svg
assets/toolbar-running-48.png
assets/toolbar-running-96.png
assets/toolbar-running.svg
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.arrowhead-right-12.svg.g5Axz0" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.arrowhead-right-dark-12.svg.pik9X3" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-off-dark.svg.eqlLm7" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-off.svg.th1nLa" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-on-dark.svg.4BnmGe" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-on.svg.91elBi" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.status-running.svg.SA0kwm" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-off-48.png.lZblrq" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-off-96.png.sTslmu" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-off.svg.le4ZFy" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-on-48.png.wWbFZC" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-on-96.png.5ZCkjH" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-on.svg.slN0CL" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-running-48.png.DSmHWP" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-running-96.png.ux2BhU" failed: Permission denied (13)
rsync: mkstemp "/srv/snowflake.torproject.org/htdocs/assets/.toolbar-running.svg.7UlxCY" failed: Permission denied (13)

The problem is that some files/directories are owned by arlo and some are owned by dcf, and we cannot overwrite each other's files.

dcf@staticiforme:/srv/snowflake.torproject.org/htdocs$ ls -l
total 784
drwxr-sr-x 2 arlo snowflake   4096 Jul 31 22:01 assets
-rw-r--r-- 1 arlo snowflake   5321 Jul 13 15:32 chrome150.jpg
-rw-r--r-- 1 dcf  snowflake   2912 Aug 24 00:35 embed.css
-rw-r--r-- 1 dcf  snowflake    851 Aug 24 00:35 embed.html
-rw-r--r-- 1 dcf  snowflake  30183 Aug 24 00:35 embed.js
-rw-r--r-- 1 arlo snowflake  44930 Jul 13 15:32 firefox150.jpg
-rw-r--r-- 1 arlo snowflake   1255 Jul 31 19:51 index.css
-rw-rw-r-- 1 dcf  snowflake   3913 Aug 24 00:35 index.html
drwxr-sr-x 3 dcf  snowflake   4096 Aug 24 00:35 _locales
-rw-r--r-- 1 dcf  snowflake   1396 Aug 24 00:35 popup.js
-rw-r--r-- 1 arlo snowflake 377507 Jul 13 15:32 screenshot.png
-rw-r--r-- 1 arlo snowflake 293516 Jul 13 15:32 SourceSansPro-Regular.ttf
-rw-r--r-- 1 arlo snowflake  10042 Jul 13 15:32 tor-logo@2x.png

For now, I've made all the files owned by dcf group-writable using chmod -R g+w /srv/snowflake.torproject.org/htdocs, so at least also will be able to update. arlo, if you can make your files group-writable as well, that will solve the immediate problem. Then we need to find out how to make the files group-writable by default, or something.

Child Tickets

Change History (3)

comment:1 Changed 2 months ago by arma

I just reached in and made arlo's files g+w.

I agree with the plan of doing something at the user level to make future files g+w. Maybe that's done with a mask. Or maybe it's done with another line in the instructions.

comment:2 Changed 2 months ago by dcf

Resolution: fixed
Status: newclosed

I added --chmod ug=rw,D+x --perms to the rsync commands. That should be good enough, as long as no one forgets to use it.

comment:3 Changed 11 days ago by dcf

Today cohosh and I found that uploaded files were not owned by the snowflake group, so I just pushed some instructions to add --chown=:snowflake to the rsync commands.

Note: See TracTickets for help on using tickets.