utime/futimes can only be used on files that you own #127
Comments
|
sh_t... I know it's not my fault, but I must to admit I felt guilty... :-P Yeah, I'll check the owner before trying to change the utimes, but as you have said on the other issue, this should *not_ be a problem since the files should be created with the correct owner... :-/ |
|
Thank you. 👍 |
|
@piranna it seems that we inherit the owner and stuff from the |
Via the |
|
@piranna yeah, we need to check the owner to avoid that issue. |
|
By the way, why the change from |
|
@piranna yep, because it uses futimes underneath which has sub-second precision on filesystems that support it. |
|
@piranna There was talk here about making I think this ownership issue is orthogonal to |
Yeah, definitely, I was just curious about that thing. Absolutely +1 to use |
|
It would be good if node would use the |
|
I've found the change was easy: if(stat.uid !== process.getuid() || !(stat.mode & S_IWUSR)) {
return cb();
}Problem is that the var expectedFile = new File({
base: inputBase,
cwd: __dirname,
path: inputPath,
contents: expectedContents,
stat: {
mtime: expectedMtime
}
});We have here two options, add the missing fields on |
|
The check could also check for null/undefined because if we aren't setting it, the owner will be the user running the process. |
|
Good idea! I'll do that :-) |
|
Ok, I've done a pull-request to fix this :-) |
|
@piranna @phated @ounos
he's talking about a pre-existing file which he wants But the submitted PR is checking the It seems to me that |
|
@erikkemperman, Regarding to this thing and due to you post about the usage of the What do you think? |
Hm, my first thought here was: how is changing atime/mtime via But now I think I get what you mean, I did not know about that, but yes I see how the difference might be relevant in terms of security implications. Interestingly, I find different manpages on mac and linux, to the point where I think they're saying contradictory things about the case where Linux:
Mac:
If I parse this correctly, and my interpretation of @ounos's issue is right, then it wouldn't have happened on linux? What does windows say about all this? In any event, I'd agree that instead of trying to predict if it might happen, it would be better to just attempt the call and catch this particular error -- that is, if we insist on suppressing it, which I'm not sure is the best course of action tbh. Suppose the destination file is an intermediate file, which serves as source in a subsequent pipeline. If that second pipe uses something like Personally I think I'd like to know about this failing, because it can lead to problems which would be annoying to track down. So I might argue against suppressing the symptom whilst not addressing the illness. Does that make sense? |
|
The plot thickens. When this $ touch output.txt
$ ls -lc output.txt
-rwxrwxrwx 1 root staff 5 Nov 7 13:44 output.txt
$ ls -lu output.txt
-rwxrwxrwx 1 root staff 5 Nov 7 13:44 output.txt
$ gulp access
[13:45:11] Starting 'access'...
[13:45:11] 'access' errored after 33 ms
[13:45:11] Error: EPERM: operation not permitted, futime
at Error (native)
$ ls -lc output.txt
-rwxrwxrwx 1 root staff 5 Nov 7 13:45 output.txt
$ ls -lu output.txt
-rwxrwxrwx 1 root staff 5 Nov 7 13:44 output.txt |
MacOS X is based on BSD so it's normal there're differences, but they are mostly harmless.
Don't see the evil, don't listen the evil, don't tell the evil ;-) |
|
Much as I'd like to, we probably can't ignore the evil entirely. |
|
@erikkemperman I am talking about a file that the first time I call dest is created and any other time is overwritten. |
|
@ounos I guess I'm still not getting it :-) If the file is originally created by |
|
@erikkemperman ok, let me explain the workflow here: |
|
@ounos And then the other users in the same group ought to be able to re-run gulp and overwrite those css files. This should work because you made sure of mode Does that sound about right? Which OS/filesystem is this? I'm not sure how common it is to share a local working copy like that. But I suppose you could sidestep this whole issue by inventing a dedicated project-user and having the group do |
css file is generated on the web server, when a changeset is pushed to it (this way we can check changes on a dev web server on the fly). Except that, everything else is right. It's GNU/Linux (OpenSUSE), I am not sure about the filesystem, but I guess typical ext3 or ext4.
As I wrote above, it's not a local copy, it's a css file generated on a remote machine. Yes, ofc I could do sth like that, but to be honest I am not excited with the idea. I am sorry, if I confused you and thanks for your time. |
|
I think you should remove the CSS files altogether from the repo, and just
|
|
@piranna css file is not included in the repo. As you said I just generate it when pushing changes to the web server. I updated my previous comment. My fault. |
|
👍 sorry, I misunderstood it. Are you having the error on the CSS files on the remote machine, or in local? |
|
@erikkemperman this will work for now, but If add js file generation too, it means that on first error (css file) gulp will die and exit, meaning js file won't be generated (or what comes first), right ? |
|
@ounos you're using gulp 4, right? I think that if you run tasks in I probably sound like a broken record, sorry about that, but the workaround I suggested still strikes me as rather painless, and it ought to preempt this whole mess. Like I said above, I think this error is not necessarily something |
|
@erikkemperman I don't think this is something that someone needs to work around. The mtime/atime stuff was recently added for an edge case and we weren't breaking before that. If you go look at the manpages again for utime, it confirms that EPERM happens when the owner of the file is not the one calling the method. In vfs, we use the original owner of the src file to create the new file. As far as I can tell, @ounos is seeing on the production environment that the CSS files being generated as the user that created the LESS files and then the user (probably some automated process) running the gulpfile isn't that user that those CSS files were created as. If we compare the user to the one on the source files, everything should begin to work again. CC @piranna |
|
@erikkemperman @piranna we should probably use https://www.npmjs.com/package/fs-access to check access before attempting to set utimes. |
|
^ although, we'd probably have to help with sindresorhus/fs-access#1 😛 |
|
I can't actually find a call to |
|
On Linux, chown requires to be used by root due to similar security issues
|
|
@phated As I understand it the less files are owned by the user that checked out or last updated that file from vcs. The destination css will be owned by the user that ran gulp when it is first created -- not necessarily the owner of the source, although in the case of a hg hook it likely is.
Right, I think new files are owned by the gulp user, not the src owner. Subsequent attempts by different users running gulp to overwrite the css then trigger this error, and I confirmed that will still be the case after something like the proposed patch were applied. Because it doesn't test ownership of the destination, nor would it be allowed to change that ownership in this circumstance. So if updating the time attributes on disk is really only an optional bonus and I can't find it just now but someone pointed out that pipes attached to |
|
The more we disscus this, the more I think it should not be fixed... :-/
|
Ah yes indeed, the errors section is clear where the general description (imho) isn't. So uniform across Mac/Linux then. Don't speak the evil :-) |
|
Final thought on this -- I spent way too many words on it already :-) So the |
Yes, utimes is there due to that issue, that maked tar files get badly |
@piranna Yes that was my feeling too. Until @phated pointed out that this particular ownership issue never came up in the situation before |
|
Oooookey... now I see what's the problem here: we have two valid and somewhat contradictory use cases:
I've re-read the man page of This has only a drawback, that's the utimes will be updated on current files that we own so they would not appear as modified, but don't think it would be too much a problem. I've been looking on the source code for any other indicator like the open flag, but files are always open with |
|
@piranna I have no skin in this game, as they say, but as a user I would probably be annoyed to find different behaviour for write and overwrite. Both use cases seem to me to have fairly trivial workarounds, but that's easy for me to say because I'm not the one having to apply them. Anyway, for what it's worth, I might now lean toward yanking the |
|
Well, at this moment we have already a different behaviour for write and overwrite when setting the file
|
|
True, no Even so, wouldn't it make sense to remove the whole A separate plugin |
|
In my case it's not so easy because I'm not using |
|
Ah, I see. I still think that if Like I said though it doesn't really matter for my little use case, my merged PR takes care of the issue I had with milliseconds. I'm going to sign off here, sorry about ludicrous verbosity :-) |
|
@erikkemperman it's important for us to discuss these things so I'm glad you've been involved on this issue. The ethos of vinyl-fs is that this library should be doing all the filesystem operations (it is against gulp plugin guidelines to use the |
|
@phated Perhaps this is really just one instance ( But I can't resist an attempt to summarize what I think all of the above amounts to. The fact that This issue of @ounos and the earlier one of @piranna demonstrate that different use-cases have different expectations / wishes / demands about what piranna's case broke before the I might have extrapolated too much from discussion elsewhere, but I like the thought that when the pipeline doesn't end with This would imply that if writing a piece of metadata fails, and we don't want to consider that a "hard" error, we might want to update that bit on the vinyl object from disk instead of vice versa. That might be radical though, and I can't decide if this is philosophically sound enough to justify its technical ugliness :-) |
|
+1 on windows gulp-bump does not update package.json |
|
If we aren't able to resolve this soon, I think the best bet is to revert all of the stat changes that introduced breaking changes until we are able to do it properly. |
|
This has finally been resolved by #151 and published as 2.3.2. As per the new
|
|
Oh, and please update your installations to get the fixes! Cheers |
|
Thanks @phated ! |
|
Yeah, thank you! I'll try to find time to test it :-)
|
This was pointed out in gulpjs/gulp#1376 and it is documented in the manpage of utime (http://man7.org/linux/man-pages/man2/utimes.2.html). We should check the file owner before trying to call futimes on it.
@piranna @erikkemperman
The text was updated successfully, but these errors were encountered: