Page MenuHomePhabricator
Create Task
Maniphest T315045

Wrong permissions on created .pywikibot folder
Closed, ResolvedPublicBUG REPORT
Actions

Description

When pywikibot/config.py creates a ~/.pywikibot folder, it does so with mode 0600, whereas it should be 0700.

On line 350) it is doing

os.makedirs(dir_s, mode=private_files_permission)

with private_files_permission defined on line 255 as

private_files_permission = stat.S_IRUSR | stat.S_IWUSR

These make sense for _files_ permissions, but for a folder it should include stat.S_IXUSR (+x) as well

I suppose it would probably need a line

private_directories_permission = stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR

used for this

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
[bugfix] Add a new variable 'private_folder_permission' to config.pypywikibot/coremaster+28 -17
Customize query in gerrit

Related Objects
Search...

Event Timeline

Platonides created this task.Aug 11 2022, 9:24 PM
Restricted Application added subscribers: pywikibot-bugs-list, Aklapper. · View Herald TranscriptAug 11 2022, 9:24 PM
Xqt added subscribers: Urbanecm_WMF, Urbanecm, Xqt.Aug 12 2022, 10:02 AM

0700 was changed previously to 0600 in rPWBC049cd8a7 due to T206385.

Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptAug 12 2022, 10:02 AM
Xqt added a subscriber: Framawiki.Aug 13 2022, 5:11 PM
RoySmith subscribed.Oct 11 2022, 7:18 PM
Xqt added a subscriber: Urbanecm.Oct 12 2022, 11:16 AM

@Urbanecm: As you committed rPWBC049cd8a7 due to T206385 could you give your comment to this issue or decline it if appropriate?

Restricted Application removed a subscriber: Urbanecm. · View Herald TranscriptOct 12 2022, 11:16 AM
Urbanecm edited subscribers, added: Urbanecm; removed: Urbanecm_WMF.Oct 12 2022, 11:59 AM

Hi, I think it is appropriate to set +x for directories (for those, it means "can be cd'ed into"). My concern in T206385 was only for files, and I didn't realize the directive applies to directories as well.

RoySmith added a comment.Oct 12 2022, 1:34 PM

@Urbanecm My understanding of +x for directories is that it it allows the directory to be used as part of a pathname (i.e. translating the path into an inode). Which effectively means you can't access the files in it. The fact that you can't cd into a directory is just a side-effect of that.

This can lead to bizarre behavior such as being able to do shell expansion on filenames in the directory, but not actually be able to access those files, because the shell expansion only relies on read permission on the directory:

$ ls -ld .pywikibot/
drw---S--- 3 tools.dyk-tools tools.dyk-tools 4096 Oct 11 23:54 .pywikibot/
$ cat .pywikibot/user-config.py     <-- I typed ".pywikibot/u<tab>" and got this
cat: .pywikibot/user-config.py: Permission denied

The bottom line is, yes, the .pywikibot directory should be executable.

gerritbot added a comment.Oct 12 2022, 2:34 PM

Change 841875 had a related patch set uploaded (by Xqt; author: Xqt):

[pywikibot/core@master] Revert "Change default file mode for private files to 600"

https://gerrit.wikimedia.org/r/841875

gerritbot added a project: Patch-For-Review.Oct 12 2022, 2:34 PM
Xqt added a parent task: T206385: Pywikibot sets non-executable file's mode to 700.Oct 12 2022, 2:42 PM
Xqt claimed this task.Oct 13 2022, 10:10 AM
Xqt triaged this task as High priority.
gerritbot added a comment.Oct 17 2022, 6:36 PM

Change 841875 merged by jenkins-bot:

[pywikibot/core@master] [bugfix] Add a new variable 'private_folder_permission' to config.py

https://gerrit.wikimedia.org/r/841875

Xqt closed this task as Resolved.Oct 17 2022, 6:48 PM
Maintenance_bot removed a project: Patch-For-Review.Oct 17 2022, 7:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits